[Analyzed] Re: Problem with xorg

Sun Aug 31 08:35:31 UTC 2014

On 08/31/2014 08:53, Stefan Esser wrote:
> The problem is caused by Unicode code points in keymap files, which were
> made possible (and have to be used) for many locales after the
> introduction of Unicode support with vt(4).
>
> Am 28.08.2014 um 19:43 schrieb Stefan Esser:
>> Am 28.08.2014 um 17:03 schrieb Filippo Moretti via freebsd-stable:
>>> I have problem with xorg with my custom kernel both with and without VT supports.
>>> I can still reboot with generic and have xorg work.My system:FreeBSD sting 10.0-STABLE FreeBSD 10.0-STABLE #0 r269789: Mon Aug 11 02:47:02 UTC 2014     root at grind.freebsd.org:/usr/obj/usr/src/sys/GENERIC  i386
>>> With my kernel-vt I get a sementation fault,while with SC I got a complete crash
>> [...]
>>> [  3434.354] (**) Option "Protocol" "standard"
>>> [  3434.354] (WW) Option "Device" requires an string value
>>> [  3434.354] (**) Option "XkbRules" "base"
>>> [  3434.354] (**) Option "XkbModel" "pc105"
>>> [  3434.354] (**) Option "XkbLayout" "us"
>>> [  3434.354] (**) Option "config_info" "hal:/org/freedesktop/Hal/devices/usb_device_46d_c517_noserial_if0"
>>> [  3434.354] (II) XINPUT: Adding extended input device "USB Receiver" (type: KEYBOARD, id 7)
>>> [  3434.354] Segmentation fault at address 0x2a3da760
>>> [  3434.354]
>>> Fatal server error:
>>> [  3434.354] Caught signal 11 (Segmentation fault). Server aborting
>>> [  3434.354]
>>> [  3434.355]
>>> Please consult the The X.Org Foundation support
>>>           at http://wiki.x.org
>>>   for help.
>>> [  3434.355] Please also check the log file at "/var/log/Xorg.0.log" for additional information.
>>
>> Just a me-to, but on -CURRENT:
>>
>> [   357.752] (**) Keyboard0: always reports core events
>> [   357.752] (**) Option "Protocol" "standard"
>> [   357.752] (**) Option "XkbRules" "xorg"
>> [   357.752] (**) Option "XkbModel" "pc105"
>> [   357.752] (**) Option "XkbLayout" "de"
>> [   357.752] (**) Option "XkbVariant" "nodeadkeys"
>> [   357.752] (II) XINPUT: Adding extended input device "Keyboard0"
>> (type: KEYBOARD, id 7)
>> [   357.752] Segmentation fault at address 0x80500ae80
>> [   357.752]
>> Fatal server error:
>> [   357.752] Caught signal 11 (Segmentation fault). Server aborting
>
> Further information: I used ktrace to identify the failing operation.
> It is in x11-drivers/xf86-input-keyboard line 1265 of bsd_KeyMap.c:
>
> #define KD_GET_ENTRY(i,n) \
>    eascii_to_x[((keymap.key[i].spcl << (n+1)) & 0x100) +
> keymap.key[i].map[n]]
>
> [...]
>
> void
> KbdGetMapping (InputInfoPtr pInfo, KeySymsPtr pKeySyms, CARD8 *pModMap)
> {
>    KbdDevPtr pKbd = (KbdDevPtr) pInfo->private;
>    KeySym        *k;
>    int           i;
>
> #ifndef __bsdi__
>    switch (pKbd->consType) {
>
> /*
>   * XXX wscons has no GIO_KEYMAP
>   */
> #if (defined (SYSCONS_SUPPORT) || defined (PCVT_SUPPORT)) &&
> defined(GIO_KEYMAP)
>    case SYSCONS:
>    case PCVT:
>      {
>        keymap_t keymap;
>
>        if (ioctl(pInfo->fd, GIO_KEYMAP, &keymap) != -1) {
>          for (i = 0; i < keymap.n_keys && i < NUM_KEYCODES; i++)
>            if (remap[i]) {
>              k = map + (remap[i] << 2);
>              k[0] = KD_GET_ENTRY(i,0);           /* non-shifed */
>              k[1] = KD_GET_ENTRY(i,1);         /* shifted */
>              k[2] = KD_GET_ENTRY(i,4);         /* alt */
>              k[3] = KD_GET_ENTRY(i,5);         /* alt - shifted */
>              if (k[3] == k[2]) k[3] = NoSymbol;
>              if (k[2] == k[1]) k[2] = NoSymbol;
>              if (k[1] == k[0]) k[1] = NoSymbol;
>              if (k[0] == k[2] && k[1] == k[3])
>                k[2] = k[3] = NoSymbol;
>            }
>        }
>      }
>      break;
> #endif /* SYSCONS || PCVT */
>
> The keymap returned by ioctl(GIO_KEYMAP) used to contain characters
> in the selected locale, which meant it was limited to 8 bit values,
> effectively.
>
> Now with Unicode support, larger values (>=0x100) can be found in
> keymap files. In my case, the Euro symbol (0x20ac) was the cause
> of an out-of-bounds access to the keymap array in line 1265 of
> bsd_KbdMap.c (assignment to k[2] for Alt "E").
>
> I did not have time to investigate, how this problem can be
> resolved, though.
>
> But I'll create a ports PR with this information, since it must be
> resolved before 10.1, or users of keyboard layouts that generate
> characters beyond u+ff will reliably crash the X server ...
>
> Regards, STefan
>
> PS: PR ports/193192

I have already done PR/191459, with a patch to be added to
x11-drivers/xf86-input-keyboard (thanks Thierry Thomas to restoring it).

The last contribution by ray@ is totally irrelevant - in fact the same problem
appears with syscons + TEKEN_UTF8

Claude Buisson