Re: X-Server segfault
I believe this can only happen if your font render is broken. These are fixed fonts. It should be impossible that there is no data in those pointers. Is this recent source code? Yes. static server build from yesterdays cvsup. There have been bugs of this sort fixed in the font renderers not long before 4.3. Though maybe more exist. If this is easily reproducible I suspect you'll find that it only happens with the freetype or xtt renders. It likely is the bitmap renderer, but I'll try without freetype. Is there some way to turn off freetype in a static server (other that recompiling the whole thing with freetype disabled)? Gerd -- /join #zonenkinder ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: X-Server segfault
There have been bugs of this sort
fixed in the font renderers not long before 4.3. Though maybe
more exist. If this is easily reproducible I suspect you'll
find that it only happens with the freetype or xtt renders.
It likely is the bitmap renderer, but I'll try without freetype.
Font data comes from the fontserver. More gdb debugging:
(gdb) down
#2 0x0823e611 in XAAGlyphBltTEColorExpansion (pScrn=0x881e8e0, xInit=1,
yInit=142837096, font=0x0, fg=0, bg=-1, rop=3, planemask=4294967295,
cclip=0x89434ac, nglyph=1, gBase=0x0, ppci=0x883899c) at xaaTEText.c:281
^
Note gBase is NULL, that will result in the NULL pointer dereference
later on.
(gdb) up
#3 0x0823e297 in XAAPolyText16TEColorExpansion (pDraw=0x8943480,
pGC=0x893c9f0, x=0, y=20, count=1, chars=0x8939723) at xaaTEText.c:97
(gdb) print *pGC
$16 = {pScreen = 0x8820f88, depth = 16 '\020', alu = 3 '\003', lineWidth = 0,
dashOffset = 0, numInDashList = 2, dash = 0x879a868 \004\004,
lineStyle = 0, capStyle = 1, joinStyle = 0, fillStyle = 0, fillRule = 0,
arcMode = 1, subWindowMode = 0, graphicsExposures = 1, clientClipType = 0,
miTranslate = 1, tileIsPixel = 1, fExpose = 1, freeCompClip = 0, unused = 0,
planemask = 4294967295, fgPixel = 0, bgPixel = 1, tile = {pixmap = 0x0,
pixel = 0}, stipple = 0x88626c8, patOrg = {x = 0, y = 0},
font = 0x893caa8, clipOrg = {x = 0, y = 0}, lastWinOrg = {x = 1, y = 91},
clientClip = 0x0, stateChanges = 0, serialNumber = 1782, funcs = 0x879e460,
ops = 0x895a2f0, devPrivates = 0x893ca48, pRotatedPixmap = 0x0,
pCompositeClip = 0x89434ac}
(gdb) print *(pGC-font)
$18 = {refcnt = 2, info = {firstCol = 0, lastCol = 255, firstRow = 0,
lastRow = 239, defaultCh = 0, noOverlap = 1, terminalFont = 1,
constantMetrics = 1, constantWidth = 1, inkInside = 1, inkMetrics = 0,
allExist = 0, drawDirection = 0, cachable = 1, anamorphic = 0,
maxOverlap = 0, pad = 0, maxbounds = {leftSideBearing = 0,
rightSideBearing = 12, characterWidth = 12, ascent = 20, descent = 0,
attributes = 0}, minbounds = {leftSideBearing = 0,
rightSideBearing = 12, characterWidth = 12, ascent = 20, descent = 0,
attributes = 0}, ink_maxbounds = {leftSideBearing = 10,
rightSideBearing = 12, characterWidth = 12, ascent = 20, descent = 0,
attributes = 0}, ink_minbounds = {leftSideBearing = 0,
rightSideBearing = 0, characterWidth = 12, ascent = 0, descent = -18,
attributes = 0}, fontAscent = 20, fontDescent = 0, nprops = 22,
props = 0x893cb38,
isStringProp = 0x893cbe8 \001\001\001\001\001\001\001}, bit = 0 '\0',
byte = 0 '\0', glyph = 4 '\004', scan = 1 '\001', format = 512,
get_glyphs = 0x867cf80 _fs_get_glyphs,
get_metrics = 0x867d3f0 _fs_get_metrics,
unload_font = 0x867d650 _fs_unload_font, unload_glyphs = 0,
fpe = 0x8869960, svrPrivate = 0x0, fontPrivate = 0x893bc70,
fpePrivate = 0x893bc80, maxPrivate = 1, devPrivates = 0x893cb2c}
xaaTEText.c, line 91 looks like this:
if(n) XAAGlyphBltTEColorExpansion(
infoRec-pScrn, x + pDraw-x, y + pDraw-y,
pGC-font, pGC-fgPixel, -1, pGC-alu, pGC-planemask,
pGC-pCompositeClip, n, FONTGLYPHS(pGC-font), infoRec-CharInfo);
grepping for the FONTGLYPHS macro finds this:
bogomips root /work/xfree86/xc# find -name \*.h | xargs grep FONTGLYPHS
./programs/Xserver/include/dixfontstr.h:#define FONTGLYPHS(font) 0
Huh? How can this ever work? And why it isn't triggered more frequently?
Gerd
--
/join #zonenkinder
___
Devel mailing list
[EMAIL PROTECTED]
http://XFree86.Org/mailman/listinfo/devel
Re: X-Server segfault
On Fri, Mar 28, 2003 at 11:12:33AM +0100, Gerd Knorr wrote: It likely is the bitmap renderer, but I'll try without freetype. Font data comes from the fontserver. More gdb debugging: When I disable the font server and let XFree86 render the fonts instead it works just fine. Gerd -- /join #zonenkinder ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: X-Server segfault
On Fri, 28 Mar 2003, Gerd Knorr wrote: On Fri, Mar 28, 2003 at 11:12:33AM +0100, Gerd Knorr wrote: It likely is the bitmap renderer, but I'll try without freetype. Font data comes from the fontserver. More gdb debugging: When I disable the font server and let XFree86 render the fonts instead it works just fine. One of the reasons I never use a font server. I got repeatedly burned by font server bugs about 4 years ago and haven't used them since. Subsequently, I seem to have alot fewer font problems then other people. Mark. ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
Re: X-Server segfault
I believe this can only happen if your font render is broken. These are fixed fonts. It should be impossible that there is no data in those pointers. Is this recent source code? There have been bugs of this sort fixed in the font renderers not long before 4.3. Though maybe more exist. If this is easily reproducible I suspect you'll find that it only happens with the freetype or xtt renders. Mark. On Thu, 27 Mar 2003, Gerd Knorr wrote: Hi, The X-Server crashes with a segfault due to a NULL pointer dereference, perfectly reproducable with a certain X client (mtt -- motif teletext decoder). Stacktrace below. Setting Option no_accel workarounds this. Hardware is a i386 machine with a Matrox G200. Anyone has a quick idea what this might be? cu, Gerd ==[ cut here ]== (gdb) c Continuing. Program received signal SIGSEGV, Segmentation fault. 0x0825de38 in DrawTETextScanlineWidth12 (base=0x4098, glyphp=0x883aab0, line=0, width=12, glyphwidth=12) at xaaTEGlyph.c:868 868 bits |= SHIFT_L(glyphp[1][line],12); (gdb) bt #0 0x0825de38 in DrawTETextScanlineWidth12 (base=0x4098, glyphp=0x883aab0, line=0, width=12, glyphwidth=12) at xaaTEGlyph.c:868 #1 0x0825cfa3 in XAATEGlyphRendererScanlineLSBFirst (pScrn=0x881e8e0, x=1, y=91, w=12, h=19, skipleft=0, startline=1, glyphs=0x883aab0, glyphWidth=12, fg=0, bg=0, rop=12, planemask=0) at xaaTEGlyph.c:402 #2 0x0823e611 in XAAGlyphBltTEColorExpansion (pScrn=0x881e8e0, xInit=1, yInit=142837096, font=0x0, fg=0, bg=-1, rop=3, planemask=4294967295, cclip=0x8945c7c, nglyph=1, gBase=0x0, ppci=0x883899c) at xaaTEText.c:281 #3 0x0823e297 in XAAPolyText16TEColorExpansion (pDraw=0x8945c50, pGC=0x893f238, x=0, y=20, count=1, chars=0x893bf5b) at xaaTEText.c:97 #4 0x0842fe9e in miSpritePolyText16 (pDrawable=0x8945c50, pGC=0x893f238, x=0, y=20, count=1, chars=0x893bf5b) at misprite.c:1848 #5 0x08352206 in doPolyText (client=0x88ad5a0, c=0xbfffed00) at dixfonts.c:1392 #6 0x083524ed in PolyText (client=0x88ad5a0, pDraw=0x0, pGC=0x0, pElt=0x0, endReq=0x0, xorg=0, yorg=0, reqType=142846640, did=0) at dixfonts.c:1473 #7 0x0833548c in ProcPolyText (client=0x88ad5a0) at dispatch.c:2356 #8 0x083314ca in Dispatch () at dispatch.c:450 #9 0x08343271 in main (argc=2, argv=0xb244, envp=0xb250) at main.c:435 #10 0x4005e8ae in __libc_start_main () from /lib/libc.so.6 (gdb) print line $1 = 0 (gdb) print glyph No symbol glyph in current context. (gdb) print glyphp $2 = (unsigned int **) 0x883aab0 (gdb) print glyphp[0] $3 = (unsigned int *) 0x0 (gdb) print glyphp[1] $4 = (unsigned int *) 0x0 (gdb) ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel ___ Devel mailing list [EMAIL PROTECTED] http://XFree86.Org/mailman/listinfo/devel
