Pascal, excellent, thanks for getting the backtrace and testing with
another keyboard, this has really narrowed down the issue.
So, looking at the backtrace I see what's going on:
_XkbFreeGeomNonLeafElems(...) {
...
if (freeFunc) {
ptr= *elems;
ptr+= first*elem_sz;
for (i=0;i<count;i++) {
(*freeFunc)(ptr);
ptr+= elem_sz;
}
}
ptr is not checked for being NULL, and is getting passed to freeFunc()
(a function pointer to _XkbClearRow):
#3 0x081aa85c in _XkbClearRow (row_in=0x0) at ../../xkb/XKBGAlloc.c:342
Then _XkbClearRow tries dereferencing the NULL pointer:
static void
_XkbClearRow(char *row_in)
{
XkbRowPtr row= (XkbRowPtr)row_in;
if (row->keys!=NULL)
XkbFreeGeomKeys(row,0,row->num_keys,True);
return;
}
I bet that call should be something like:
if (row && row->keys!=NULL)
The code doesn't seem to be fixed in current git either, near as I can
tell. We can forward this upstream.
** Changed in: xserver-xorg-video-intel (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Bryce Harrington (bryceharrington)
Status: Incomplete => Triaged
--
xserver crash on exit in CloseDownDevices and SrvXkbFreeGeomRows
https://bugs.launchpad.net/bugs/205979
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
