[Bug 44099] Big Image in Firefox crashes X server in

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jan 17 00:36:40 PST 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=44099

--- Comment #13 from Andriy Gapon <avg at icyb.net.ua> ---
Not sure what the following means but after applying the patch from comment #11
I still get a crash when opening the image from comment #1.  This is on FreeBSD
(with Radeon KMS) though.

X server stack trace:
Core was generated by `Xorg'.
Program terminated with signal 11, Segmentation fault.
#0  memcpy () at /usr/src/lib/libc/amd64/string/bcopy.S:65
65              rep
(gdb) bt
#0  memcpy () at /usr/src/lib/libc/amd64/string/bcopy.S:65
#1  0x0000000804edd421 in R600UploadToScreenCS () from
/usr/local/lib/xorg/modules/drivers/radeon_drv.so
#2  0x0000000805b4866d in exaDoPutImage (depth=24, src_stride=<optimized out>,
bits=0x817400000 <Address 0x817400000 out of bounds>, format=2, h=7811, w=8098,
y=0, x=0, pGC=0x8097d6300, pDrawable=0x8101b6840) at exa_accel.c:212
#3  exaPutImage (pDrawable=0x8101b6840, pGC=0x8097d6300, depth=24, x=0, y=0,
w=8098, h=7811, leftPad=0, format=2, bits=0x817400000 <Address 0x817400000 out
of bounds>) at exa_accel.c:233
#4  0x00000000004f166a in damagePutImage (pDrawable=0x8101b6840,
pGC=0x8097d6300, depth=24, x=<optimized out>, y=<optimized out>, w=<optimized
out>, h=7811, leftPad=0, format=2, 
    pImage=0x817400000 <Address 0x817400000 out of bounds>) at damage.c:795
#5  0x00000000004c6e19 in ProcShmPutImage (client=0x80978a6c0) at shm.c:583
#6  0x00000000004c7cc5 in ProcShmDispatch (client=0x80978a6c0) at shm.c:1108
#7  0x0000000000433091 in Dispatch () at dispatch.c:428
#8  0x00000000004224da in main (argc=8, argv=0x7fffffffdcd8, envp=<optimized
out>) at main.c:288

Unfortunately, radeon_drv.so was compiled without debug symbols.

There are also the following messages in the system log right from the crash
time:
kernel: [TTM] Unable to allocate page                                           
kernel: error: [drm:pid42432:radeon_gem_object_create] *ERROR* Failed to
allocate GEM object (254115840, 2, 4096, -12)
kernel: vm_fault: pager read error, pid 42432 (Xorg)
kernel: pid 42432 (Xorg), uid 0: exited on signal 11 (core dumped)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x.org/archives/xorg-driver-ati/attachments/20140117/2c04b48a/attachment.html>

More information about the xorg-driver-ati mailing list