[Analyzed] Re: Problem with xorg

Stefan Esser se at freebsd.org
Sun Aug 31 07:00:57 UTC 2014


The problem is caused by Unicode code points in keymap files, which were
made possible (and have to be used) for many locales after the
introduction of Unicode support with vt(4).

Am 28.08.2014 um 19:43 schrieb Stefan Esser:
> Am 28.08.2014 um 17:03 schrieb Filippo Moretti via freebsd-stable:
>> I have problem with xorg with my custom kernel both with and without VT supports.
>> I can still reboot with generic and have xorg work.My system:FreeBSD sting 10.0-STABLE FreeBSD 10.0-STABLE #0 r269789: Mon Aug 11 02:47:02 UTC 2014     root at grind.freebsd.org:/usr/obj/usr/src/sys/GENERIC  i386
>> With my kernel-vt I get a sementation fault,while with SC I got a complete crash
> [...]
>> [  3434.354] (**) Option "Protocol" "standard"
>> [  3434.354] (WW) Option "Device" requires an string value
>> [  3434.354] (**) Option "XkbRules" "base"
>> [  3434.354] (**) Option "XkbModel" "pc105"
>> [  3434.354] (**) Option "XkbLayout" "us"
>> [  3434.354] (**) Option "config_info" "hal:/org/freedesktop/Hal/devices/usb_device_46d_c517_noserial_if0"
>> [  3434.354] (II) XINPUT: Adding extended input device "USB Receiver" (type: KEYBOARD, id 7)
>> [  3434.354] Segmentation fault at address 0x2a3da760
>> [  3434.354] 
>> Fatal server error:
>> [  3434.354] Caught signal 11 (Segmentation fault). Server aborting
>> [  3434.354] 
>> [  3434.355] 
>> Please consult the The X.Org Foundation support 
>>          at http://wiki.x.org
>>  for help. 
>> [  3434.355] Please also check the log file at "/var/log/Xorg.0.log" for additional information.
> 
> Just a me-to, but on -CURRENT:
> 
> [   357.752] (**) Keyboard0: always reports core events
> [   357.752] (**) Option "Protocol" "standard"
> [   357.752] (**) Option "XkbRules" "xorg"
> [   357.752] (**) Option "XkbModel" "pc105"
> [   357.752] (**) Option "XkbLayout" "de"
> [   357.752] (**) Option "XkbVariant" "nodeadkeys"
> [   357.752] (II) XINPUT: Adding extended input device "Keyboard0"
> (type: KEYBOARD, id 7)
> [   357.752] Segmentation fault at address 0x80500ae80
> [   357.752]
> Fatal server error:
> [   357.752] Caught signal 11 (Segmentation fault). Server aborting

Further information: I used ktrace to identify the failing operation.
It is in x11-drivers/xf86-input-keyboard line 1265 of bsd_KeyMap.c:

#define KD_GET_ENTRY(i,n) \
  eascii_to_x[((keymap.key[i].spcl << (n+1)) & 0x100) +
keymap.key[i].map[n]]

[...]

void
KbdGetMapping (InputInfoPtr pInfo, KeySymsPtr pKeySyms, CARD8 *pModMap)
{
  KbdDevPtr pKbd = (KbdDevPtr) pInfo->private;
  KeySym        *k;
  int           i;

#ifndef __bsdi__
  switch (pKbd->consType) {

/*
 * XXX wscons has no GIO_KEYMAP
 */
#if (defined (SYSCONS_SUPPORT) || defined (PCVT_SUPPORT)) &&
defined(GIO_KEYMAP)
  case SYSCONS:
  case PCVT:
    {
      keymap_t keymap;

      if (ioctl(pInfo->fd, GIO_KEYMAP, &keymap) != -1) {
        for (i = 0; i < keymap.n_keys && i < NUM_KEYCODES; i++)
          if (remap[i]) {
            k = map + (remap[i] << 2);
            k[0] = KD_GET_ENTRY(i,0);           /* non-shifed */
            k[1] = KD_GET_ENTRY(i,1);         /* shifted */
            k[2] = KD_GET_ENTRY(i,4);         /* alt */
            k[3] = KD_GET_ENTRY(i,5);         /* alt - shifted */
            if (k[3] == k[2]) k[3] = NoSymbol;
            if (k[2] == k[1]) k[2] = NoSymbol;
            if (k[1] == k[0]) k[1] = NoSymbol;
            if (k[0] == k[2] && k[1] == k[3])
              k[2] = k[3] = NoSymbol;
          }
      }
    }
    break;
#endif /* SYSCONS || PCVT */

The keymap returned by ioctl(GIO_KEYMAP) used to contain characters
in the selected locale, which meant it was limited to 8 bit values,
effectively.

Now with Unicode support, larger values (>=0x100) can be found in
keymap files. In my case, the Euro symbol (0x20ac) was the cause
of an out-of-bounds access to the keymap array in line 1265 of
bsd_KbdMap.c (assignment to k[2] for Alt "E").

I did not have time to investigate, how this problem can be
resolved, though.

But I'll create a ports PR with this information, since it must be
resolved before 10.1, or users of keyboard layouts that generate
characters beyond u+ff will reliably crash the X server ...

Regards, STefan

PS: PR ports/193192


More information about the freebsd-ports mailing list