On Mon, 28 Sep 2009 20:59:52 +0200, Kim Woelders <[email protected]> wrote:
Ok, here is a "good" one, I hope. After starting and killing attached
program twice I get:
Program received signal SIGSEGV, Segmentation fault.
0x08070cc4 in LoadGlyphs (data=<value optimized out>,
item_size=<value optimized out>, nchars=<value optimized out>,
pfont=0xc1a5288,
client=0xc15eab8) at dixfonts.c:118
118 if (fpe_functions[pfont->fpe->type].load_glyphs)
Missing separate debuginfos, use: debuginfo-install expat-2.0.1-7.i686
freetype-2.3.9-6.fc12.i686 keyutils-libs-1.2-6.fc12.i686
krb5-libs-1.7-8.fc12.i686 libattr-2.4.43-4.fc12.i686
libcap-2.16-5.fc12.i686 libcom_err-1.41.9-3.fc12.i686
libfontenc-1.0.5-2.fc12.i686 libgcc-4.4.1-17.i686
mesa-dri-drivers-7.6-0.13.fc12.i686
xorg-x11-drv-evdev-2.2.99-8.20090923.fc12.i686
xorg-x11-drv-fbdev-0.4.1-1.fc12.i686
xorg-x11-drv-synaptics-1.1.99-7.20090907.fc12.i686
xorg-x11-drv-vesa-2.2.1-1.fc12.i686
(gdb) bt
#0 0x08070cc4 in LoadGlyphs (data=<value optimized out>,
item_size=<value optimized out>, nchars=<value optimized out>,
pfont=0xc1a5288,
client=0xc15eab8) at dixfonts.c:118
#1 doImageText (data=<value optimized out>, item_size=<value optimized
out>,
nchars=<value optimized out>, pfont=0xc1a5288, client=0xc15eab8)
at dixfonts.c:1504
#2 0x08070fc8 in ImageText (client=<value optimized out>,
pDraw=<value optimized out>, pGC=<value optimized out>,
nChars=<value optimized out>, data=<value optimized out>,
xorg=<value optimized out>, yorg=<value optimized out>,
reqType=<value optimized out>, did=<value optimized out>) at
dixfonts.c:1623
#3 0x0806c436 in ProcImageText16 (client=<value optimized out>) at
dispatch.c:2408
#4 0x0806e167 in Dispatch () at dispatch.c:445
#5 0x08062855 in main (argc=<value optimized out>, argv=<value optimized
out>,
envp=<value optimized out>) at main.c:285
(gdb)
Comment out the XCreateGC line and it doesn't crash...
Right. I cannot reproduce this today and haven't changed anything.
However, it looks like attached patch fixes most of the weirdness I have
been seeing.
/Kim
>From 2da355de4f0c0a9a4ca52b1253afed9486481411 Mon Sep 17 00:00:00 2001
From: Kim Woelders <[email protected]>
Date: Tue, 29 Sep 2009 20:31:45 +0200
Subject: [PATCH] dix: Fix potential memory corruption in doListFontsWithInfo.
Signed-off-by: Kim Woelders <[email protected]>
---
dix/dixfonts.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/dix/dixfonts.c b/dix/dixfonts.c
index d0a46c7..329318d 100644
--- a/dix/dixfonts.c
+++ b/dix/dixfonts.c
@@ -1046,7 +1046,7 @@ doListFontsWithInfo(ClientPtr client, LFWIclosurePtr c)
err = AllocError;
break;
}
- memset(reply + c->length, 0, length - c->length);
+ memset((char*)reply + c->length, 0, length - c->length);
c->reply = reply;
c->length = length;
}
--
1.6.4.4
_______________________________________________
xorg-devel mailing list
[email protected]
http://lists.x.org/mailman/listinfo/xorg-devel
