apport information ** Tags added: apport-collected
** Description changed: [Impact] On certain affected hardware, results in X server crash when looking at certain kinds of large images. [Development Solution] Upstream fixed this bug in the 2.13.x version of -intel that we are shipping in natty. [Stable Solution] The attached patch is a cherrypick from the upstream tree that applies to the 2.12.x version of -intel in maverick. This patch is also the listed solution on the upstream bug report. [Test Case] On affected hardware, disable font antialiasing and load http://launchpadlibrarian.net/29956668/crash.html in firefox. This will cause a segfault of the X server. The fix will prevent this segfault from occuring, and instead firefox will display the words "GOODBYE WORLD!" [Regression Potential] Essentially none. This changes what happens when the uxa_pixmap_is_offscreen() call returns False. Before, it would fail the assertion test and terminate the X server. Pretty much any other behavior besides that is going to be an improvement! That said, there are two subsequent commits on top of this one (which is why the patch in the description of this bug is different than that proposed). Near as I can tell these address other unrelated issues and so I'm omitting them for now. It is conceivable though that this patch provides an incomplete solution and those other patches should be backported too. But one step at a time; if this patch alone is sufficient to solve the issue it is the least risk way to go. [Original Report] Problem: If I disable font antialiasing and attempt to access http://launchpadlibrarian.net/29956668/crash.html in firefox my xserver aborts. This should not happen. The webpage should simply display the words "GOODBYE WORLD!" in very large text. Note: text does not need to be very large. For example http://joe- editor.sourceforge.net/ also triggers the bug. Description: Ubuntu 10.10 Release: 10.10 xserver-xorg-video-intel: Installed: 2:2.12.0-1ubuntu5.1 Candidate: 2:2.12.0-1ubuntu5.1 Version table: *** 2:2.12.0-1ubuntu5.1 0 500 http://gb.archive.ubuntu.com/ubuntu/ maverick-updates/main i386 Packages 100 /var/lib/dpkg/status 2:2.12.0-1ubuntu5 0 500 http://gb.archive.ubuntu.com/ubuntu/ maverick/main i386 Packages Backtrace: #0 0x00681416 in __kernel_vsyscall () No symbol table info available. #1 0x00298941 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 resultvar = <value optimised out> pid = 3960820 selftid = 1949 #2 0x0029be42 in abort () at abort.c:92 act = {__sigaction_handler = {sa_handler = 0x468, sa_sigaction = 0x468}, sa_mask = {__val = {3966032, 120, 3965888, 3960820, 3965888, 108, 3212918176, 3010141, 198339232, 3960820, 3960820, 109, 3212918376, 2944968, 198339336, 198339336, 108, 198339232, 0, 4222451712, 198339336, 198339437, 198339336, 198339336, 198339444, 198339636, 198339336, 198339636, 0, 0, 0, 0}}, sa_flags = 0, sa_restorer = 0x4} sigs = {__val = {32, 0 <repeats 31 times>}} #3 0x002918e8 in __assert_fail ( assertion=0x200098 "uxa_pixmap_is_offscreen(src_pixmap)", file=0x200080 "../../uxa/uxa-glyphs.c", line=986, function=0x200124 "uxa_glyphs_via_mask") at assert.c:81 buf = 0xbd26c38 "X: ../../uxa/uxa-glyphs.c:986: uxa_glyphs_via_mask: Assertion `uxa_pixmap_is_offscreen(src_pixmap)' failed.\n" #4 0x001ef988 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:986 src_pixmap = 0xbd26440 src_x = 0 glyph = 0xbb34bb8 src_y = 0 priv = 0xbd26440 screen = 0x9c01750 mask = 0xbd26a48 y = 52 pixmap = 0xbd26938 width = <value optimised out> dst_off_x = 6 dst_off_y = 25 box = {x1 = 6, y1 = 25, x2 = 145, y2 = 93} component_alpha = 0 glyph_atlas = <value optimised out> x = 2 height = <value optimised out> error = 0 #5 uxa_glyphs (op=3 '\003', pSrc=0xbb11b58, pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=8, ySrc=77, nlist=1, list=0xbf814570, glyphs=0xbf814170) at ../../uxa/uxa-glyphs.c:1151 screen = 0x9c01750 uxa_screen = <value optimised out> xDst = 2 yDst = 198338872 extents = {x1 = 0, y1 = 0, x2 = 0, y2 = 0} width = 0 height = 0 ret = <value optimised out> localDst = 0x8 #6 0x08122ae9 in damageGlyphs (op=6 '\006', pSrc=0xbb11b58, pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>, ySrc=<value optimised out>, nlist=1, list=0xbf814570, glyphs=0xbf814170) at ../../../miext/damage/damage.c:718 pScreen = <value optimised out> #7 0x081bea90 in CompositeGlyphs (op=0 '\000', pSrc=0xbb11b58, pDst=0xbb366a8, maskFormat=0xb2bb7f0, xSrc=<value optimised out>, ySrc=<value optimised out>, nlist=1, lists=0xbf814570, glyphs=0xbf814170) at ../../render/glyph.c:604 No locals. #8 0x0811c463 in ProcRenderCompositeGlyphs (client=0xb62e338) at ../../render/render.c:1435 glyphSet = 0xb72e468 pSrc = 0xbb11b58 pDst = 0xbb366a8 pFormat = 0xb2bb7f0 listsLocal = {{xOff = 8, yOff = 77, len = 6 '\006', format = 0xb2bb7f0}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0x0} <repeats 52 times>, {xOff = 24081, yOff = 2064, len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0xb62e338}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0x0}, {xOff = 4084, yOff = 2079, len = 8 '\b', format = 0xb303cf0}, {xOff = 18536, yOff = -16511, len = 102 'f', format = 0x8202544}, {xOff = 0, yOff = 0, len = 136 '\210', format = 0x0}, {xOff = 0, yOff = 0, len = 0 '\000', format = 0x0}, {xOff = 14369, yOff = 2055, len = 0 '\000', format = 0x0}, {xOff = 0, yOff = 0, len = 244 '\364', format = 0xb62e338}, {xOff = 9536, yOff = 2080, len = 184 '\270', format = 0x8104a2e}} lists = 0xbf81457c listsBase = 0xbf814570 glyphsLocal = {0xbb34bb8, 0xb9f2868, 0xb78ace0, 0xbaf1088, 0xbaf1088, 0xbaf1088, 0x0 <repeats 250 times>} glyph = <value optimised out> glyphs = 0xbf814188 glyphsBase = 0xbf814170 buffer = <value optimised out> end = 0xba105b0 "\225\021\003" nglyph = -1082048120 nlist = 1 space = <value optimised out> size = <value optimised out> rc = <value optimised out> #9 0x08118293 in ProcRenderDispatch (client=0x6) at ../../render/render.c:2051 No locals. #10 0x0806e087 in Dispatch () at ../../dix/dispatch.c:432 result = <value optimised out> client = 0xb62e338 nready = 0 start_tick = 260 #11 0x080625ba in main (argc=6, argv=0xbf814a04, envp=0xbf814a20) at ../../dix/main.c:291 i = 1 alwaysCheckForInput = {0, 1} Tracked bug down to uxa/uxa-glyphs.c in the xserver-xorg-video-intel driver. I looked at the latest git of the driver and knocked together the following patch which seems to work. Not sure of the quality of the code though: --- a/uxa/uxa-glyphs.c 2010-06-24 21:29:37.000000000 +0100 +++ b/uxa/uxa-glyphs.c 2010-12-31 19:51:49.000000000 +0000 @@ -164,8 +164,12 @@ INTEL_CREATE_PIXMAP_TILING_X); if (!pixmap) goto bail; - assert (uxa_pixmap_is_offscreen(pixmap)); - + if (!uxa_pixmap_is_offscreen(pixmap)) { + /* Presume shadow is in-effect */ + pScreen->DestroyPixmap(pixmap); + uxa_unrealize_glyph_caches(pScreen); + return TRUE; + } component_alpha = NeedsComponent(pPictFormat->format); picture = CreatePicture(0, &pixmap->drawable, pPictFormat, CPComponentAlpha, &component_alpha, @@ -780,9 +784,8 @@ mask_pixmap = uxa_get_drawable_pixmap(this_atlas->pDrawable); - assert (uxa_pixmap_is_offscreen(mask_pixmap)); - - if (!uxa_screen->info->prepare_composite(op, + if (!uxa_pixmap_is_offscreen(mask_pixmap) || + !uxa_screen->info->prepare_composite(op, localSrc, this_atlas, pDst, src_pixmap, mask_pixmap, dst_pixmap)) return -1; @@ -983,9 +986,8 @@ src_pixmap = uxa_get_drawable_pixmap(this_atlas->pDrawable); - assert (uxa_pixmap_is_offscreen(src_pixmap)); - - if (!uxa_screen->info->prepare_composite(PictOpAdd, + if (!uxa_pixmap_is_offscreen(src_pixmap) || + !uxa_screen->info->prepare_composite(PictOpAdd, this_atlas, NULL, mask, src_pixmap, NULL, pixmap)) return -1; + + + --- + Architecture: i386 + CurrentDmesg: [ 36.408005] eth0: no IPv6 routers present + DRM.card0.DisplayPort.1: + status: disconnected + enabled: disabled + dpms: Off + modes: + edid-base64: + DRM.card0.DisplayPort.2: + status: disconnected + enabled: disabled + dpms: Off + modes: + edid-base64: + DRM.card0.HDMI_Type_A.1: + status: disconnected + enabled: disabled + dpms: Off + modes: + edid-base64: + DRM.card0.HDMI_Type_A.2: + status: disconnected + enabled: disabled + dpms: Off + modes: + edid-base64: + DRM.card0.VGA.1: + status: connected + enabled: enabled + dpms: On + modes: 1280x1024 1280x1024 1280x960 1152x864 1024x768 1024x768 1024x768 832x624 800x600 800x600 800x600 800x600 640x480 640x480 640x480 640x480 720x400 + edid-base64: AP///////wBA5QYXlxMAABcPAQMMIht4LgyVolZMliUaUFS/74CBgIFAcU8AAAAAAAAAAAAAMCoAmFEAKkAwcBMAUg4RAAAeAAAAAAAAAAAAAAAAAAAAAAAAAAAA/QA4Sx9RDgAKICAgICAgAAAA/ABHTlIgVFM3MDAKICAgAJE= + DistroRelease: Ubuntu 10.10 + DkmsStatus: + virtualbox-ose, 3.2.8, 2.6.35-24-generic, i686: installed + virtualbox-ose, 3.2.8, 2.6.35-23-generic, i686: installed + virtualbox-ose, 3.2.8, 2.6.32-26-generic, i686: installed + InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5) + MachineType: System manufacturer System Product Name + Package: xserver-xorg-video-intel 2:2.12.0-1ubuntu5.1 [modified: usr/lib/libI810XvMC.so.1.0.0 usr/lib/libIntelXvMC.so.1.0.0 usr/lib/xorg/modules/drivers/intel_drv.so] + PackageArchitecture: i386 + ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.35-24-generic root=UUID=8dc60281-9b37-44b9-98fe-54ce9f16b232 ro quiet splash + ProcEnviron: + LANG=en_GB.UTF-8 + SHELL=/bin/bash + ProcVersionSignature: Ubuntu 2.6.35-24.42-generic 2.6.35.8 + Tags: maverick maverick maverick maverick maverick maverick + Uname: Linux 2.6.35-24-generic i686 + UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare video + dmi.bios.date: 09/04/2008 + dmi.bios.vendor: American Megatrends Inc. + dmi.bios.version: 0204 + dmi.board.asset.tag: To Be Filled By O.E.M. + dmi.board.name: V-P5G45 + dmi.board.vendor: ASUSTeK Computer INC. + dmi.board.version: Rev 1.xx + dmi.chassis.asset.tag: Asset-1234567890 + dmi.chassis.type: 3 + dmi.chassis.vendor: Chassis Manufacture + dmi.chassis.version: Chassis Version + dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0204:bd09/04/2008:svnSystemmanufacturer:pnSystemProductName:pvrSystemVersion:rvnASUSTeKComputerINC.:rnV-P5G45:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion: + dmi.product.name: System Product Name + dmi.product.version: System Version + dmi.sys.vendor: System manufacturer + system: + distro: Ubuntu + codename: maverick + architecture: i686 + kernel: 2.6.35-24-generic ** Attachment added: "BootDmesg.txt" https://bugs.edge.launchpad.net/bugs/696957/+attachment/1807466/+files/BootDmesg.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/696957 Title: [SRU] Large non-antialiased text causes xserver to abort -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
