This has been fixed in 1.6.0.
** Changed in: qemu
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1187121
Title:
segfault with -vga vmware and -display gtk
Status in QEMU:
Fix Released
Status in “qemu” package in Debian:
Confirmed
Bug description:
When some guest is run with -vga vmware -display gtk, qemu segfaults
after certain guest gui operations.
./x86_64-softmmu/qemu-system-x86_64 -cdrom
ubuntu-10.04.4-desktop-i386.iso -vga vmware -enable-kvm
(-enable-kvm just to speed things up, it does not depend on kvm).
(Ubuntu desktop image is from http://old-
releases.ubuntu.com/releases/lucid/ )
This segfaults in a few moments after initial boot.
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xf5bccb70 (LWP 23460)]
0xf710792c in g_object_unref ()
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
(gdb) bt
#0 0xf710792c in g_object_unref ()
from /usr/lib/i386-linux-gnu/libgobject-2.0.so.0
#1 0x5673b635 in gd_cursor_define (dcl=0x57153d44, c=0x5710e7b8)
at ui/gtk.c:380
#2 0x5673895b in dpy_cursor_define (con=0x570c07f8,
cursor=cursor@entry=0x5710e7b8) at ui/console.c:1547
#3 0x5665f2a7 in vmsvga_cursor_define (c=0xf5bc6ef0, s=<optimized out>)
at hw/display/vmware_vga.c:492
#4 vmsvga_fifo_run (s=<optimized out>)
at hw/display/vmware_vga.c:628
#5 0x567ce6a8 in memory_region_write_accessor (
opaque=opaque@entry=0x571291d0, addr=1, value=value@entry=0xf5bcc038,
size=size@entry=4, shift=0, mask=4294967295) at memory.c:334
#6 0x567ce146 in access_with_adjusted_size (addr=<optimized out>,
value=value@entry=0xf5bcc038, size=size@entry=4,
access_size_min=<optimized out>, access_size_max=<optimized out>,
access=access@entry=0x567ce5e0 <memory_region_write_accessor>,
opaque=opaque@entry=0x571291d0) at memory.c:364
#7 0x567cf28c in memory_region_iorange_write (iorange=0x57243f58, offset=1,
width=4, data=1) at memory.c:439
#8 0x567c8b48 in ioport_writel_thunk (opaque=0x57243f58, addr=49233, data=1)
at ioport.c:226
#9 0x567c92d3 in ioport_write (data=1, address=49233, index=2)
...
(gdb) frame 1
#1 0x5673b635 in gd_cursor_define (dcl=0x57153d44, c=0x5710e7b8) at
ui/gtk.c:380
380 g_object_unref(cursor);
(gdb) p cursor
$1 = (GdkCursor *) 0x570eb1e0
(gdb) p *cursor
$2 = {type = GDK_CURSOR_IS_PIXMAP, ref_count = 3}
(gdb) frame 2
#2 0x5673895b in dpy_cursor_define (con=0x570c07f8,
cursor=cursor@entry=0x5710e7b8) at ui/console.c:1547
1547 dcl->ops->dpy_cursor_define(dcl, cursor);
(gdb) p *cursor
$3 = {width = 64, height = 64, hot_x = 0, hot_y = 0, refcount = 1,
data = 0x5710e7cc}
(gdb) p *cursor->data
$4 = 0
(gdb) l
1542 QLIST_FOREACH(dcl, &s->listeners, next) {
1543 if (con != (dcl->con ? dcl->con : active_console)) {
1544 continue;
1545 }
1546 if (dcl->ops->dpy_cursor_define) {
1547 dcl->ops->dpy_cursor_define(dcl, cursor);
1548 }
1549 }
1550 }
1551
(gdb)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1187121/+subscriptions
