Current xserver head segfault

Pierre Willenbrock pierre at pirsoft.de
Thu Jun 19 17:17:28 PDT 2008


Lukas Hejtmanek schrieb:
> Hello,
> 
> I tried to run latest Xserver and got the following segfault after any
> keypres:
> (gdb) c
> Continuing.
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fb1af89b6e0 (LWP 15744)]
> 0x00007fb1ad64cc48 in ?? () from /lib/libc.so.6
> (gdb) where
> #0  0x00007fb1ad64cc48 in ?? () from /lib/libc.so.6
> #1  0x00007fb1ad64db6e in realloc () from /lib/libc.so.6
> #2  0x00000000004f788b in Xrealloc (ptr=0x2b1, amount=0) at utils.c:1387
> #3  0x000000000055330a in XkbCopyKeymap (src=0x18c5790, dst=0x18c6340,
> sendNotifies=1) at xkbUtils.c:1236
> #4  0x000000000053a20b in DeepCopyDeviceClasses (from=0x1839520, to=0x1837e70)
> at exevents.c:225
> #5  0x000000000053b271 in UpdateDeviceState (device=0x2b1, xE=0x18db7a0,
> count=<value optimized out>) at exevents.c:756
> #6  0x000000000053b612 in ProcessOtherEvent (xE=0x18db7a0, device=0x1839520,
> count=1) at exevents.c:1001
> #7  0x000000000056245d in ProcessKeyboardEvent (xE=0x18db7a0, keybd=0x1839520,
> count=1) at xkbPrKeyEv.c:209
> #8  0x00000000004d2d4c in mieqProcessInputEvents () at mieq.c:370
> #9  0x000000000047dee9 in ProcessInputEvents () at xf86Events.c:239
> #10 0x000000000044ec41 in Dispatch () at dispatch.c:368
> #11 0x00000000004342cd in main (argc=2, argv=0x7fffb78bb118, envp=<value
> optimized out>) at main.c:415
> 

I think i ran into this, too. I found that the assumption about the size 
of curKeySyms.map changes over time, causing invalid writes into glibc 
malloc datastructures. I couldn't find the code that does the invalid 
writes, though. Fixing maxSymsPerKey to 8 makes this go away for me. 
Attached is a patch that contains some debug messages and the 
aforementioned fix(which obviously needs to be removed to see the real 
values in the log). I hope this helps someone to find the problem.

Regards,
   Pierre
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: hack to fix write-after-end-of-allocation problem.diff
URL: <http://lists.x.org/archives/xorg/attachments/20080620/42df3e4d/attachment.ksh>


More information about the xorg mailing list