[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 Nate Graham changed: What|Removed |Added Version Fixed In||5.26.1 -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 Vlad Zahorodnii changed: What|Removed |Added Latest Commit|https://invent.kde.org/plas |https://invent.kde.org/plas |ma/kwin/commit/28899df48587 |ma/kwin/commit/eb6e7dedad89 |d3ea528228043c9eba53724889a |269207b2468e9ed93a4fd991bd5 |4 |4 --- Comment #9 from Vlad Zahorodnii --- Git commit eb6e7dedad89269207b2468e9ed93a4fd991bd54 by Vlad Zahorodnii. Committed on 17/10/2022 at 09:35. Pushed by vladz into branch 'Plasma/5.26'. Make Workspace::outputAt() more robust to extreme values Since QPointF can have values that exceed INT_MAX, "distance < minDistance" may not be triggered for the first output. In order to make Workspace::outputAt() more robust to such extreme cases, this patch changes the type of minDistance from int to qreal to avoid truncation and adds an explicit check to initialize bestOutput when we see the first workspace output. It would be also great to add size hints sanitization code in kwin, but it can be done later. --- Should close: * https://errors-eval.kde.org/organizations/kde/issues/321 * https://errors-eval.kde.org/organizations/kde/issues/341 (cherry picked from commit 28899df48587d3ea528228043c9eba53724889a4) M +3-2src/workspace.cpp https://invent.kde.org/plasma/kwin/commit/eb6e7dedad89269207b2468e9ed93a4fd991bd54 -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 Vlad Zahorodnii changed: What|Removed |Added Latest Commit||https://invent.kde.org/plas ||ma/kwin/commit/28899df48587 ||d3ea528228043c9eba53724889a ||4 Status|ASSIGNED|RESOLVED Resolution|--- |FIXED --- Comment #8 from Vlad Zahorodnii --- Git commit 28899df48587d3ea528228043c9eba53724889a4 by Vlad Zahorodnii. Committed on 17/10/2022 at 09:34. Pushed by vladz into branch 'master'. Make Workspace::outputAt() more robust to extreme values Since QPointF can have values that exceed INT_MAX, "distance < minDistance" may not be triggered for the first output. In order to make Workspace::outputAt() more robust to such extreme cases, this patch changes the type of minDistance from int to qreal to avoid truncation and adds an explicit check to initialize bestOutput when we see the first workspace output. It would be also great to add size hints sanitization code in kwin, but it can be done later. --- Should close: * https://errors-eval.kde.org/organizations/kde/issues/321 * https://errors-eval.kde.org/organizations/kde/issues/341 M +3-2src/workspace.cpp https://invent.kde.org/plasma/kwin/commit/28899df48587d3ea528228043c9eba53724889a4 -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446
--- Comment #7 from k...@hurrikhan.eu ---
(In reply to Vlad Zahorodnii from comment #1)
> > The code that creates the window is pretty basic.
>
> Do you have a demo that you could attach to this bug report? It would make
> fixing this crash a lot easier.
Alas an upgrade earlier fixed the issue. I'll see if I can roll-back the
upgrades and make a "minimal" example when I have a bit more time.
kwin_x11 wasn't upgraded though : only the kernel and a bunch kde-related
packages (nothing xcb-related)
(In reply to Vlad Zahorodnii from comment #2)
> > frameGeometry = {xp = 448, yp = 183, w = 1024, h = -4294966499}
>
> The height is weird
(editer after your previous reply)
The random hints content has to be the initial trigger. It's interesting to see
the -4294966499 is actually -797, as in 0x1 - 0xfce3 = 797
frameGeometry = {xp = 448, yp = 183, w = 1024, h = -4294966499}
oldBufferGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
oldFrameGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
oldClientGeometry = {xp = 448, yp = 212, w = 1024, h = 768}
I presume the reason the issue happens during/around the expose is because it's
at that moment that the header is added.
IMHO, wherever the original fault is, getting a negative dimension should
probably be checked, sanitised, and trigger some warning.
The first crash seems to happen because moveResizeOutput returns a NULL that is
used directly with a call to the uuid() method of an Output object.
The subsequent crashes seem to happen calling the geometry() method on a NULL
Output object:
#7 0x7fb6ad3ad132 in KWin::Output::geometry() const (this=0x0) at
/usr/src/debug/kwin/kwin-5.26.0/src/core/output.cpp:169
#9 0x7fb6ad4ed29e in KWin::Workspace::clientArea(KWin::clientAreaOption,
KWin::Window const*, KWin::Output const*) const
(this=this@entry=0x55feded8d290, opt=opt@entry=KWin::FullScreenArea,
window=window@entry=0x55fedee1f830, output=0x0) at
/usr/src/debug/kwin/kwin-5.26.0/src/workspace.cpp:2523
Because in WorkSpace::clientArea(clientAreaOption opt, const Window *window),
the call to window->output() returns a NULL.
--
You are receiving this mail because:
You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446
--- Comment #6 from k...@hurrikhan.eu ---
(In reply to Vlad Zahorodnii from comment #4)
> #4 0x7f0e9a0cdd5c in KWin::Window::frameGeometryChanged(KWin::Window*,
> QRectF const&) (this=, _t1=, _t2= out>) at
> /usr/src/debug/kwin/build/src/kwin_autogen/include/moc_window.cpp:1671
> _a = {0x0, 0x7ffc31754ce8, 0x7ffc31754d70}
> #5 0x7f0e9a10b557 in KWin::X11Window::moveResizeInternal(QRectF const&,
> KWin::Window::MoveResizeMode) (this=0x560a2411a130, rect=,
> mode=) at
> /usr/src/debug/kwin/kwin-5.26.0/src/x11window.cpp:4213
> frameGeometry = {xp = 448, yp = 183, w = 1024, h = -4294966499}
> oldBufferGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
> oldFrameGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
> oldClientGeometry = {xp = 448, yp = 212, w = 1024, h = 768}
> oldOutput = 0x560a23d08b10
> #6 0x7f0e9a10a5dc in KWin::X11Window::getWmNormalHints()
> (this=0x560a2411a130) at
> /usr/src/debug/kwin/kwin-5.26.0/src/x11window.cpp:3705
> origClientGeometry = {xp = 448, yp = 212, w = 1024, h = 768}
> new_size = {wd = 1024, ht = -4294966499}
> hadFixedAspect =
>
> I wonder size hints are. Can you get the xprop output for the window?
>
> ---
>
> xcb_size_hints_t hints;
> xcb_icccm_size_hints_set_min_size(, width, height);
> xcb_icccm_size_hints_set_max_size(, width, width);
>
> I think that this code misses a line to zero initialize `hints`. However,
> garbage size hints should not crash kwin.
Indeed, I didn't notice I was missing the ={} after the hints.
--
You are receiving this mail because:
You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 Bug Janitor Service changed: What|Removed |Added Status|REPORTED|ASSIGNED Ever confirmed|0 |1 --- Comment #5 from Bug Janitor Service --- A possibly relevant merge request was started @ https://invent.kde.org/plasma/kwin/-/merge_requests/3061 -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446
--- Comment #4 from Vlad Zahorodnii ---
#4 0x7f0e9a0cdd5c in KWin::Window::frameGeometryChanged(KWin::Window*,
QRectF const&) (this=, _t1=, _t2=)
at /usr/src/debug/kwin/build/src/kwin_autogen/include/moc_window.cpp:1671
_a = {0x0, 0x7ffc31754ce8, 0x7ffc31754d70}
#5 0x7f0e9a10b557 in KWin::X11Window::moveResizeInternal(QRectF const&,
KWin::Window::MoveResizeMode) (this=0x560a2411a130, rect=,
mode=) at /usr/src/debug/kwin/kwin-5.26.0/src/x11window.cpp:4213
frameGeometry = {xp = 448, yp = 183, w = 1024, h = -4294966499}
oldBufferGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
oldFrameGeometry = {xp = 448, yp = 183, w = 1024, h = 797}
oldClientGeometry = {xp = 448, yp = 212, w = 1024, h = 768}
oldOutput = 0x560a23d08b10
#6 0x7f0e9a10a5dc in KWin::X11Window::getWmNormalHints()
(this=0x560a2411a130) at /usr/src/debug/kwin/kwin-5.26.0/src/x11window.cpp:3705
origClientGeometry = {xp = 448, yp = 212, w = 1024, h = 768}
new_size = {wd = 1024, ht = -4294966499}
hadFixedAspect =
I wonder size hints are. Can you get the xprop output for the window?
---
xcb_size_hints_t hints;
xcb_icccm_size_hints_set_min_size(, width, height);
xcb_icccm_size_hints_set_max_size(, width, width);
I think that this code misses a line to zero initialize `hints`. However,
garbage size hints should not crash kwin.
--
You are receiving this mail because:
You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 --- Comment #3 from Vlad Zahorodnii --- I suspect that we have a bug in Workspace::outputAt() wrt handling such extreme cases https://invent.kde.org/plasma/kwin/-/blob/ed9a52778ce07ef553cf49edd1596c245e70b080/src/workspace.cpp#L1392 -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446
--- Comment #2 from Vlad Zahorodnii ---
> frameGeometry = {xp = 448, yp = 183, w = 1024, h = -4294966499}
The height is weird
--
You are receiving this mail because:
You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 --- Comment #1 from Vlad Zahorodnii --- > The code that creates the window is pretty basic. Do you have a demo that you could attach to this bug report? It would make fixing this crash a lot easier. -- You are receiving this mail because: You are watching all bug changes.
[kwin] [Bug 460446] kwin_x11 crashes as long as the window of a specific xcb/vulkan app exists.
https://bugs.kde.org/show_bug.cgi?id=460446 Nate Graham changed: What|Removed |Added Product|kde |kwin Assignee|unassigned-b...@kde.org |kwin-bugs-n...@kde.org Version|unspecified |5.26.0 Component|general |general Keywords||regression CC||n...@kde.org -- You are receiving this mail because: You are watching all bug changes.
