Xorg crash in xf86ActivateDevice() with nvidia driver 9629

Mitch Mitch at HasBox.COM
Sat Dec 2 23:25:47 PST 2006 

Hi,

Some details:

. Xorg from yesterdays svn
. Proprietary nvidia driver version 9629


Crash always happens in

Program received signal SIGSEGV, Segmentation fault.
0xb7dd1473 in strlen () from /lib/libc.so.6
(gdb) where
#0  0xb7dd1473 in strlen () from /lib/libc.so.6
#1  0x080df965 in xf86ActivateDevice (local=0x820a198) at xf86Xinput.c:189
#2  0x080a2404 in InitInput (argc=1, argv=0xbff88b64) at xf86Init.c:1022
#3  0x0806eea7 in main (argc=1, argv=0xbff88b64, envp=0x0) at main.c:400

Placing a breakpoint at xf86ActivateDevice() and inspecting 'local' 
pointer shows devices being added.

(gdb) p *local
$3 = {next = 0x8227a28, name = 0x81f3f80 "USBMouse", flags = 78, 
device_control = 0xb7c441a0 <MouseProc>,
   read_input = 0xb7c44520 <MouseReadInput>, control_proc = 0, 
close_proc = 0, switch_mode = 0,
   conversion_proc = 0xb7c41ba0 <MouseConvert>, reverse_conversion_proc 
= 0, set_device_valuators = 0, fd = -1, atom = 0, dev = 0x0,
   private = 0x8227f98, private_flags = 0, first = 0, last = 0, old_x = 
0, old_y = 0, type_name = 0xb7c4747f "MOUSE",
   always_core_feedback = 0x0, conf_idev = 0x81f8308, drv = 0x81ff530, 
module = 0x8227f58, options = 0x8228118}

However the next device is not an input device but is being recognised 
incorrectly. Furthermore we're doing a strlen() on a NULL so we're 
crashing (as expected). Now i know it's easy to point fingers and blame 
nvidia, but the code we're crashing on is in xorg territory. So the next 
device is

(gdb) p *local
$10 = {next = 0x820a128, name = 0xb734c6c0 "NVIDIA Damage Notification 
Manager", flags = 3,
   device_control = 0xb72a1368 <_nv001399X+212>, read_input = 0xb72a1318 
<_nv001399X+132>, control_proc = 0, close_proc = 0,
   switch_mode = 0, conversion_proc = 0, reverse_conversion_proc = 0, 
set_device_valuators = 0xffffffff, fd = 0, atom = 0,
   dev = 0x82014d0, private = 0x0, private_flags = 0, first = 0, last = 
0, old_x = 0, old_y = 0, type_name = 0x0,
   always_core_feedback = 0x0, conf_idev = 0x0, drv = 0x0, module = 
0xb734c6e3, options = 0x0}
(gdb) quit


i.e. the "NVIDIA Damage Notification Manager", which has type_name = 
0x0. So why does this device added as a input device ? Clearly the flags 
(0x3) are wrong...

xf86ActivateDevice(LocalDevicePtr local)
{
     DeviceIntPtr        dev;

     if (local->flags & XI86_CONFIGURED) {
         dev = AddInputDevice(local->device_control, TRUE);

         if (dev == NULL)
             FatalError("Too many input devices");

         local->atom = MakeAtom(local->type_name,
                                strlen(local->type_name),
                                TRUE);

... etc



Cheers
Mitch

More information about the xorg mailing list