[CFT] xf86-video-ati-6.10.99.0
Peter Jeremy
peterjeremy at optushome.com.au
Fri Feb 20 02:06:59 PST 2009
On 2009-Feb-17 06:00:37 +1100, Peter Jeremy <peter at server.vk2pj.dyndns.org> wrote:
>On 2009-Feb-10 01:43:41 -0500, Robert Noland <rnoland at freebsd.org> wrote:
>>This patch is for the 6.11.0rc version of the ati driver driver.
>>
>>http://people.freebsd.org/~rnoland/xf86-video-ati-6.10.99.0.patch
>
>Summary: Still broken: Exiting Xserver core-dumps and doesn't restore
>VTY video (though keyboard is restored).
I rebuilt the Xserver related ports with debugging enabled and it
turns out that this is a bug in xorg-server-1.5.3 rather than
xf86-video-ati. The backtrace is:
(gdb) where
...
#9 <signal handler called>
#10 DeliverPropertyEvent (pWin=0x5a5a5a5a5a5a5a5a, value=0x7fffffffe990) at rrproperty.c:34
#11 0x000000000042f0a3 in TraverseTree (pWin=0x802911000, func=0x511780 <DeliverPropertyEvent>, data=0x7fffffffe990) at window.c:225
#12 0x000000000051173a in RRDeleteAllOutputProperties (output=0x8029ff1c0) at rrproperty.c:80
#13 0x0000000000510131 in RROutputDestroyResource (value=Variable "value" is not available.) at rroutput.c:410
#14 0x000000000042e6d2 in FreeClientResources (client=0x801821140) at resource.c:807
#15 0x000000000042e7af in FreeAllResources () at resource.c:824
#16 0x000000000042c423 in main (argc=4, argv=0x7fffffffeb58, envp=Variable "envp" is not available.
This fairly clearly shows DeliverPropertyEvent() is being called
with a garbage window pointer - specifically it's a use-after-free
bug: The root window _Window is being freed too early. I'm still
digging through the code to work out where/why.
--
Peter Jeremy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-x11/attachments/20090220/6c106d72/attachment.pgp
More information about the freebsd-x11
mailing list