Bug 906972

Summary: Starting Emacs crashes X
Product: [openSUSE] openSUSE Distribution Reporter: Federico Mena Quintero <federico>
Component: X.OrgAssignee: E-mail List <xorg-maintainer-bugs>
Status: RESOLVED FIXED QA Contact: E-mail List <xorg-maintainer-bugs>
Severity: Critical    
Priority: P3 - Medium CC: mmarinchenko
Version: 13.2   
Target Milestone: ---   
Hardware: x86-64   
OS: openSUSE 13.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: U_sna-glyph-null-deref.patch

Description Federico Mena Quintero 2014-11-25 03:24:57 UTC 
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0
Build Identifier: 

I start Emacs, and the X server crashes :(

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
(gdb) where
#0  0x0000000000000000 in ?? ()
#1  0x00007f03afca2acd in glyphs_to_dst (sna=sna@entry=0x7f03b4e80000, op=op@entry=3 '\003', src=src@entry=0x25d1110, dst=dst@entry=0x25b91a0, src_x=-692, src_x@entry=0,
    src_y=-177, src_y@entry=0, nlist=<optimized out>, nlist@entry=1, list=<optimized out>, list@entry=0x7fff3c2f3eb0, glyphs=<optimized out>, glyphs@entry=0x7fff3c2f42b0)
    at sna_glyphs.c:731
#2  0x00007f03afca6728 in sna_glyphs (op=<optimized out>, src=0x25d1110, dst=0x25b91a0, mask=0x1c44db8, src_x=<optimized out>, src_y=<optimized out>, nlist=1,
    list=0x7fff3c2f3eb0, glyphs=0x7fff3c2f42b0) at sna_glyphs.c:2004
#3  0x00000000005167c6 in damageGlyphs (op=<optimized out>, pSrc=0x25d1110, pDst=0x25b91a0, maskFormat=0x1c44db8, xSrc=<optimized out>, ySrc=<optimized out>, nlist=1,
    list=0x7fff3c2f3eb0, glyphs=0x7fff3c2f42b0) at damage.c:568
#4  0x000000000050cb1e in ProcRenderCompositeGlyphs (client=0x24fcdb0) at render.c:1390
#5  0x000000000043b77e in Dispatch () at dispatch.c:432
#6  0x000000000043f55a in dix_main (argc=16, argv=0x7fff3c2f4c98, envp=<optimized out>) at main.c:296
#7  0x00007f03b31c3b05 in __libc_start_main () from /lib64/libc.so.6
#8  0x000000000042ac2e in _start () at ../sysdeps/x86_64/start.S:122
(gdb) frame 1
#1  0x00007f03afca2acd in glyphs_to_dst (sna=sna@entry=0x7f03b4e80000, op=op@entry=3 '\003', src=src@entry=0x25d1110, dst=dst@entry=0x25b91a0, src_x=-692, src_x@entry=0,
    src_y=-177, src_y@entry=0, nlist=<optimized out>, nlist@entry=1, list=<optimized out>, list@entry=0x7fff3c2f3eb0, glyphs=<optimized out>, glyphs@entry=0x7fff3c2f42b0)
    at sna_glyphs.c:731
731                     tmp.done(sna, &tmp);
(gdb) p tmp.done
$3 = (void (*)(struct sna *, const struct sna_composite_op *)) 0x0



Reproducible: Always
Comment 1 Federico Mena Quintero 2015-05-25 21:23:54 UTC 
This commit looks promising: http://cgit.freedesktop.org/xorg/driver/xf86-video-intel/commit/?id=07fe45b84bdf0d236a5bfdc433cc1a908e0c161b
Comment 2 Federico Mena Quintero 2015-06-03 15:45:32 UTC 
Created attachment 636622 [details]
U_sna-glyph-null-deref.patch

Indeed, that patch fixes the bug.  It happens on PRIME setups.

I've submitted this to openSUSE:13.2:Update with request id 310176.
Comment 3 Bernhard Wiedemann 2015-06-03 16:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (906972) was mentioned in
https://build.opensuse.org/request/show/310176 13.2 / xf86-video-intel
Comment 4 Stefan Dirsch 2015-06-05 07:57:06 UTC 
Thanks. So close this one.
Comment 5 Swamp Workflow Management 2015-06-11 19:05:19 UTC 
openSUSE-RU-2015:1048-1: An update that has one recommended fix can now be installed.

Category: recommended (important)
Bug References: 906972
CVE References: 
Sources used:
openSUSE 13.2 (src):    xf86-video-intel-2.99.916-12.1
Comment 6 Maxim Marinchenko 2015-11-16 06:02:40 UTC 
*** Bug 931309 has been marked as a duplicate of this bug. ***