[BUG] xinput bug in Xorg 1.12-rc2

mathieu.taillefumier at free.fr mathieu.taillefumier at free.fr
Fri Feb 3 07:01:21 PST 2012

I think I found where the error is. the original code (before the patch) contains a very last "if" before the third possible call to DeliverDeviceEvents which is if(focus) then call the function. After debugging it again with gdb i found that (with the patch included) the variable focus is null (it is due to this line focus = thisDev->focus->win;) and win is not initialized at all and has random values. That is why I have a segmentation fault. To check that win was not initialized when i triggered the bug i just put its value to null at this line WindowPtr win = null. then I trigger the bug and check the value of win which is null as espected from the previous debugging session. 

So the bug has to components :
 - the win variable which in some cases is not initialized (it arrives when we run focus = thisDev->focus->win; and thisDev->focus->win == null) 
 - focus is null (thisDev->focus->win is zero in my case). 

It did not happen before because the function DeliverDeviceEvents could only be called when focus has a non zero value. To fix this bug, two lines should be modified

- WindowPtr win -> WindowPtr win = null (by the way the compiler did not seem to complain)
- DeliverDeviceEvents(....) -> if(win) DeliverDeviceEvents

I also check the function DeliverDeviceEvents and it seems that the "if(win)" is not necessary since it is a loop over the win parameter. 



----- Mail original -----
De: "Peter Hutterer" <peter.hutterer at who-t.net>
À: "Mathieu Taillefumier" <mathieu.taillefumier at free.fr>
Cc: "Jeremy Huddleston" <jeremyhu at apple.com>, xorg at lists.x.org, "Keith Packard" <keithp at keithp.com>
Envoyé: Jeudi 2 Février 2012 18:43:27
Objet: Re: [BUG] xinput bug in Xorg 1.12-rc2

On Thu, Feb 02, 2012 at 05:00:58PM +0100, Mathieu Taillefumier wrote:
> On 01/31/2012 07:20 PM, Jeremy Huddleston wrote:
> >That's pretty much an entire merge you are blaming now.  Are you sure you can't narrow it down further than that?  If you're having a build failure, just apply the fix at each step rather than doing a 'git skip' ...
> Sorry for the delay. The bisection was nightmarish because I had to
> fix some include files to complete the compilation. Anyway this is
> done now. The first bad commit where the bug appears is this one
> 6eff14a789341d366b3013c5aa020e959c954651
> dix: deduplicate callers of DeliverDeviceEvents in DeliverGrabbedEvents
> but since I do not know the code I can not give more informations
> except the gdb session that you already have.

I'm staring hard at this code but I can't spot an actual functional change
here that could trigger a bug - just as the commit msg said this was just
shuffling code around.
are you sure it's that one? have you tried reverting it to see if the bug


> Mathieu
> Ps : I will modify the bug report with the new information.
> >
> >
> >On Jan 31, 2012, at 6:05 AM, Mathieu Taillefumier wrote:
> >
> >>Hello,
> >>
> >>thank you for the answer.
> >>
> >>On 01/31/2012 12:28 AM, Jeremy Huddleston wrote:
> >>>I really don't see how 2abe83df686ed64c4f4df711ac3c1fd12131c2e4 could be the culprit.  It's trivial.
> >>I made a mistake somewhere so to double check I did the bisection again starting from (working) to (not working).
> >>
> >>The result is that I was unable to bisect the last three steps because of compilation errors (that are fixed later on). You can find the last patchs that caused the compilation issue enclosed to the email (bisect.result). The result from the bisection are in the git.log file.
> >>
> >>>Can you please create a bug report at http://bugs.freedesktop.org to track this?
> >>I will do that.
> >>
> >>Mathieu
> >>>
> >>>On Jan 30, 2012, at 4:59 AM, mathieu.taillefumier at free.fr wrote:
> >>>
> >>>>Hello,
> >>>>
> >>>>i encounter a bug in the last rc of the xserver (present before but I
> >>>>was using it so far) when I use it in combination with kdm (and only
> >>>>kdm, I did not try xdm). The server simply crash when kdm is running and
> >>>>I touch any of the keyboard keys but works perfectly fine when I run it
> >>>>from a console. The all stack is from the git repository but the problem
> >>>>originates from the server itself since I can not reproduce it with xorg
> >>>>1.11.4 for instance (with the same stack almost).
> >>>>
> >>>>I am able to reproduce it all the time and I have been spending some
> >>>>time to bisect the problem (changing the server, the rest been fixed).
> >>>>The result of the bisection gave me this:
> >>>>
> >>>>git bisect start
> >>>># bad: [052ca3f22eadd0aa60dd24ac7d5d76137273926f] Bump version to
> >>>> (1.12 RC2)
> >>>>git bisect bad 052ca3f22eadd0aa60dd24ac7d5d76137273926f
> >>>># good: [e597f0119cd69b6d9edf86d06d941468f90d8e6d] configure.ac: 1.11.4
> >>>>git bisect good e597f0119cd69b6d9edf86d06d941468f90d8e6d
> >>>># good: [4ad271d06c5aa42721c0e2e01e17e34a39825c65] xfree86: Bump
> >>>>extension ABI version to 6.0
> >>>>git bisect good 4ad271d06c5aa42721c0e2e01e17e34a39825c65
> >>>># good: [34b0e4eee911f8b09a3682a7f1b4c8598ef48b8d] dri2: Register the
> >>>>DRI2DrawableType after server regeneration
> >>>>git bisect good 34b0e4eee911f8b09a3682a7f1b4c8598ef48b8d
> >>>># bad: [2df539c0bc3300ea858f8bc7d52e95e67ff379b8] glx: Only declare
> >>>>GlxExtensionInit in one header file
> >>>>git bisect bad 2df539c0bc3300ea858f8bc7d52e95e67ff379b8
> >>>># bad: [2abe83df686ed64c4f4df711ac3c1fd12131c2e4] include: add
> >>>>BUG_WARN_MSG for custom error message on bug condition
> >>>>git bisect bad 2abe83df686ed64c4f4df711ac3c1fd12131c2e4
> >>>># good: [d26fae246d7c451b4d5ffe24fdb959d4bd00b107] glx: don't leak fbconfigs
> >>>>git bisect good d26fae246d7c451b4d5ffe24fdb959d4bd00b107
> >>>># good: [6acebf9e1298939593b942ec91ae9ec9e74faa19] include: add
> >>>>list_append()
> >>>>git bisect good 6acebf9e1298939593b942ec91ae9ec9e74faa19
> >>>># good: [4bc2761ad5ec2d0668aec639780ffb136605fbc8] dix: switch the
> >>>>dev->deviceGrab.activeGrab from GrabRec to GrabPtr
> >>>>git bisect good 4bc2761ad5ec2d0668aec639780ffb136605fbc8
> >>>># good: [d2ebbcdaf6b13d70eee704b1764ff349e1be22a0] Xi: when removing a
> >>>>device, reset ClientPointers where needed
> >>>>git bisect good d2ebbcdaf6b13d70eee704b1764ff349e1be22a0
> >>>># good: [631516a4aa9858874ee197444cd93d91b97a1089] Xi: check button
> >>>>mapping value _before_ assigning it
> >>>>git bisect good 631516a4aa9858874ee197444cd93d91b97a1089
> >>>># good: [4fc797f3756611a97767f407e1af0b6a7cf2f1d9] xfree86: include
> >>>>xorg-config.h from xaalocal.h
> >>>>git bisect good 4fc797f3756611a97767f407e1af0b6a7cf2f1d9
> >>>>
> >>>>so the first bad commit is 2abe83df686ed64c4f4df711ac3c1fd12131c2e4.
> >>>>
> >>>>I also have some information after using gdb from a remote computer. I
> >>>>attach the log file of the debugging session. Since i can reproduce it
> >>>>do not hesitate to ask me for more information.
> >>>>
> >>>>regards
> >>>>
> >>>>Mathieu
> >>>>
> >>>><X.log>_______________________________________________
> >>>>xorg at lists.x.org: X.Org support
> >>>>Archives: http://lists.freedesktop.org/archives/xorg
> >>>>Info: http://lists.x.org/mailman/listinfo/xorg
> >>>>Your subscription address: jeremyhu at freedesktop.org
> >>>
> >>
> >><bisect.result><git.log>
> >

More information about the xorg mailing list