ubuntu-omap4-extras-graphics

Bug #1015292
Comment #4

Comment 4 for bug 1015292

Revision history for this message

Ricardo Salveti (rsalveti) wrote on 2012-06-20: Re: QT5 based applications fails with a segmentation fault with Pandaboard and the SGX driver

The issue on the X11 side:
Program received signal SIGSEGV, Segmentation fault.
RRFirstOutput (pScreen=0x2a1880c0) at randr.c:458
458 if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc)
(gdb) bt full
#0 RRFirstOutput (pScreen=0x2a1880c0) at randr.c:458
        pScrPriv = 0x0
        output = <optimized out>
        i = <optimized out>
        j = <optimized out>
#1 0x2a0a5834 in ProcRRGetScreenInfo (client=0x2a233f08) at rrscreen.c:615
        stuff = <optimized out>
        rep = {type = 232 '\350', setOfRotations = 66 'B', sequenceNumber = 10777, length = 705951608, root = 3204445656, timestamp = 706298576, configTimestamp = 704846133, nSizes = 0, sizeID = 0,
          rotation = 63348, rate = 10771, nrateEnts = 16136, pad = 0}
        pWin = 0x2a1b0258
        n = <optimized out>
        rc = 0
        pScreen = 0x2a1880c0
        pScrPriv = 0x0
        extra = <optimized out>
        extraLen = <optimized out>
        output = <optimized out>
#2 0x2a09f456 in ProcRRDispatch (client=<optimized out>) at randr.c:493
        stuff = <optimized out>
#3 0x2a02eb76 in Dispatch () at dispatch.c:442
        clientReady = 0x2a2e81f0
        result = 0
        client = 0x2a233f08
        nready = 0
        icheck = 0x2a1430c0
        start_tick = 100
#4 0x2a0242ce in main (argc=3, argv=0xbefff824, envp=<optimized out>) at main.c:287
        i = <optimized out>
        alwaysCheckForInput = {0, 1}

This happens because the code expects pScrPriv to be available, crashing X11.

The origin of the problem happens because when X11 starts without any pvr specific config, both the pvr/omap and fbdev will be loaded and probed, and as there's no bus specific variable controlling the probe, it ends up starting both drivers.

As a consequence of having both drivers loaded, X will export 2 screens, one with (pvr) and one without randr support (fbdev). The expected pSrcPriv struct comes from randr, so when Qt tries to create a xcb window on all displays available, X11 crashes trying to access pSrcPriv.

There are a few issues happening at the same time here, as first xorg shouldn't be loading 2 screens, and the other is that xorg is not properly validating the pointer before using it's content.

The issue on the X11 side:
Program received signal SIGSEGV, Segmentation fault.
RRFirstOutput (pScreen=0x2a1880c0) at randr.c:458
458	    if (pScrPriv->primaryOutput && pScrPriv->primaryOutput->crtc)
(gdb) bt full
#0  RRFirstOutput (pScreen=0x2a1880c0) at randr.c:458
        pScrPriv = 0x0
        output = <optimized out>
        i = <optimized out>
        j = <optimized out>
#1  0x2a0a5834 in ProcRRGetScreenInfo (client=0x2a233f08) at rrscreen.c:615
        stuff = <optimized out>
        rep = {type = 232 '\350', setOfRotations = 66 'B', sequenceNumber = 10777, length = 705951608, root = 3204445656, timestamp = 706298576, configTimestamp = 704846133, nSizes = 0, sizeID = 0, 
          rotation = 63348, rate = 10771, nrateEnts = 16136, pad = 0}
        pWin = 0x2a1b0258
        n = <optimized out>
        rc = 0
        pScreen = 0x2a1880c0
        pScrPriv = 0x0
        extra = <optimized out>
        extraLen = <optimized out>
        output = <optimized out>
#2  0x2a09f456 in ProcRRDispatch (client=<optimized out>) at randr.c:493
        stuff = <optimized out>
#3  0x2a02eb76 in Dispatch () at dispatch.c:442
        clientReady = 0x2a2e81f0
        result = 0
        client = 0x2a233f08
        nready = 0
        icheck = 0x2a1430c0
        start_tick = 100
#4  0x2a0242ce in main (argc=3, argv=0xbefff824, envp=<optimized out>) at main.c:287
        i = <optimized out>
        alwaysCheckForInput = {0, 1}

This happens because the code expects pScrPriv to be available, crashing X11.

As a consequence of having both drivers loaded, X will export 2 screens, one with (pvr) and one without randr support (fbdev).  The expected pSrcPriv struct comes from randr, so when Qt tries to create a xcb window on all displays available, X11 crashes trying to access pSrcPriv.

There are a few issues happening at the same time here, as first xorg shouldn't be loading 2 screens, and the other is that xorg is not properly validating the pointer before using it's content.