Stopping acpid before Xorg with valgrind --free-fill=df results in this crash backtrace:
==2670== Invalid read of size 8 ==2670== at 0x1B9CB0: xf86Wakeup (xf86Events.c:276) ==2670== by 0x1687B2: WakeupHandler (dixutils.c:423) ==2670== by 0x334793: WaitForSomething (WaitFor.c:224) ==2670== by 0x159E4B: Dispatch (dispatch.c:357) ==2670== by 0x14AA78: main (main.c:295) ==2670== Address 0x783aa90 is 32 bytes inside a block of size 40 free'd ==2670== at 0x4C2A739: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==2670== by 0x1BA8CA: removeInputHandler (xf86Events.c:645) ==2670== by 0x1BA96D: xf86RemoveGeneralHandler (xf86Events.c:681) ==2670== by 0x1F106C: lnxCloseACPI (lnx_acpi.c:174) ==2670== by 0x1F0CC7: lnxACPIGetEventFromOs (lnx_acpi.c:68) ==2670== by 0x1CCF49: xf86HandlePMEvents (xf86PM.c:208) ==2670== by 0x1B9CAB: xf86Wakeup (xf86Events.c:279) ==2670== by 0x1687B2: WakeupHandler (dixutils.c:423) ==2670== by 0x334793: WaitForSomething (WaitFor.c:224) ==2670== by 0x159E4B: Dispatch (dispatch.c:357) ==2670== by 0x14AA78: main (main.c:295) ==2670== ==2670== Invalid read of size 4 ==2670== at 0x1B9C29: xf86Wakeup (xf86Events.c:277) ==2670== by 0x1687B2: WakeupHandler (dixutils.c:423) ==2670== by 0x334793: WaitForSomething (WaitFor.c:224) ==2670== by 0x159E4B: Dispatch (dispatch.c:357) ==2670== by 0x14AA78: main (main.c:295) ==2670== Address 0xdfdfdfdfdfdfdff7 is not stack'd, malloc'd or (recently) free'd ==2670== (EE)==2670== ==2670== Process terminating with default action of signal 11 (SIGSEGV): dumping core Taking a pointer to ih->next before calling the event handler fixes this. Signed-off-by: Maarten Lankhorst <[email protected]> Changes since v1: - Use nt_list_for_each_entry_safe, as suggested by Aaron Plattner --- diff --git a/hw/xfree86/common/xf86Events.c b/hw/xfree86/common/xf86Events.c index 41ffabd..6082bee 100644 --- a/hw/xfree86/common/xf86Events.c +++ b/hw/xfree86/common/xf86Events.c @@ -270,10 +270,10 @@ xf86Wakeup(pointer blockData, int err, pointer pReadmask) } } - if (err >= 0) { /* we don't want the handlers called if select() */ - IHPtr ih; /* returned with an error condition, do we? */ - - for (ih = InputHandlers; ih; ih = ih->next) { + if (err >= 0) { /* we don't want the handlers called if select() */ + IHPtr ih, ih_tmp; /* returned with an error condition, do we? */ + + nt_list_for_each_entry_safe(ih, ih_tmp, InputHandlers, next) { if (ih->enabled && ih->fd >= 0 && ih->ihproc && (FD_ISSET(ih->fd, ((fd_set *)pReadmask)) != 0)) { ih->ihproc(ih->fd, ih->data); _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
