This bug was fixed in the package xorg-server - 2:1.13.0-0ubuntu6.1
---------------
xorg-server (2:1.13.0-0ubuntu6.1) quantal-proposed; urgency=low
[ Maarten Lankhorst ]
* add 233-xf86events-valgrind.patch to fix a xserver corruption
when acpid is stopped before Xorg is. (LP: #1070481)
* add 235-composite-tracking.diff to fix exa corruption. (LP: #1010794)
[ Bryce Harrington ]
* Add 236-use-fbdev-for-poulsbo-oaktrail-medfield.patch: Never use Intel
driver on Poulsbo/Oaktrail/Medfield. Thanks to Matthias Klumpp.
(LP: #1069031)
* Add 237-dix-set-the-device-transformation-matrix.patch: Fix pointer
jumping with absolute pointing device. Initializes device
transformation matrix to an identity matrix. Thanks to a7x.
(LP: #1041063)
-- Timo Aaltonen <[email protected]> Tue, 27 Nov 2012 08:09:59 +0200
** Changed in: xorg-server (Ubuntu Quantal)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1070481
Title:
memory corruption in xorg-server when closing acpid
Status in “xorg-server” package in Ubuntu:
Fix Released
Status in “xorg-server” source package in Quantal:
Fix Released
Status in “xorg-server” source package in Raring:
Fix Released
Bug description:
[IMPACT]
* If acpid is closed before server is shutdown (for example with shutdown -h
now, or stop acpid) a memory corruption will occur, because the acpi handler
frees itself from a linked list before the next entry is taken. This will cause
a reliable in valgrind, and in the worst case can cause the X server to
shutdown uncleanly, or corrupt silently.
* the fix is simply taking the next member before calling the handler in
xf86WakeUp
[TESTCASE]
* Start X with valgrind --free-fill=fe
* stop acpid
* Server crashes
[Regression Potential]
I don't believe there's much potential for regressions, since the code is
called from few places, and I do not believe any of the handlers depend on the
specific order in which they're called. Potentially suitable for precise too.
[Other Info]
I originally wanted to get this in before quantal release, but lost out due
to time, but this would be more involved than converting the offending function
to use nt_list_for_each_entry_safe.
Original discussion at http://patchwork.freedesktop.org/patch/12156/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1070481/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
