subject:"\[Ubuntu\-x\-swat\] \[Bug 1224296\] Re\: X crashes due to freed memory read in damageDestroyPixmap\(\) from sna_early_close

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

2015-09-17 Thread Daniel van Vugt

XMir 1.0 (the old Xorg extension) is now deprecated and is not being
maintained or fixed. It is replaced by the new 'Xmir' binary (package
'xmir') introduced in Ubuntu 15.10 wily.

** Changed in: xorg-server (Ubuntu)
   Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1224296

Title:
  X crashes due to freed memory read in damageDestroyPixmap() from
  sna_early_close_screen() from xf86CrtcCloseScreen()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1224296/+subscriptions

___
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help   : https://help.launchpad.net/ListHelp

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

2015-06-08 Thread Robert Ancell

** No longer affects: xmir

** Tags added: xmir

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in Ubuntu.
https://bugs.launchpad.net/bugs/1224296

Title:
  X crashes due to freed memory read in damageDestroyPixmap() from
  sna_early_close_screen() from xf86CrtcCloseScreen()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1224296/+subscriptions

___
Mailing list: https://launchpad.net/~ubuntu-x-swat
Post to : ubuntu-x-swat@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-x-swat
More help   : https://help.launchpad.net/ListHelp

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

2013-09-27 Thread Daniel van Vugt

** Summary changed:

- Freed memory read in damageDestroyPixmap() from sna_early_close_screen() from 
xf86CrtcCloseScreen()
+ X crashes due to freed memory read in damageDestroyPixmap() from 
sna_early_close_screen() from xf86CrtcCloseScreen()

** Also affects: xorg-server (Ubuntu)
   Importance: Undecided
   Status: New

** Changed in: xorg-server (Ubuntu)
   Importance: Undecided = Critical

** Changed in: xmir
   Status: New = Confirmed

** Changed in: xorg-server (Ubuntu)
   Status: New = Confirmed

** Description changed:

- XMir: DDX memory use after being freed from libmirclient ...
+ XMir: DDX memory use after being freed from libmirclient. Though it
+ looks like bug 1221616 might be the root cause so see that first.
  
  ==32480== Invalid read of size 8
  ==32480==at 0x234D84: damageDestroyPixmap (damage.c:1544)
  ==32480==by 0xA1C6A3B: sna_early_close_screen (sna_driver.c:762)
  ==32480==by 0x1CE476: xf86CrtcCloseScreen (xf86Crtc.c:732)
  ==32480==by 0x1EB64D: CursorCloseScreen (cursor.c:193)
  ==32480==by 0x2324B5: AnimCurCloseScreen (animcur.c:106)
  ==32480==by 0x14C636: main (main.c:351)
  ==32480==  Address 0xb98d190 is 16 bytes inside a block of size 296 free'd
  ==32480==at 0x4C2BADC: operator delete(void*) (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==32480==by 0x8A03F07: 
__gnu_cxx::new_allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2 
::deallocate(std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2*, unsigned long) 
(new_allocator.h:110)
  ==32480==by 0x8A03CB0: 
std::allocator_traitsstd::allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage,
 std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2  
::deallocate(std::allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2 , 
std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2*, unsigned long) 
(alloc_traits.h:377)
  ==32480==by 0x8A046A5: std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2::_M_destroy() 
(shared_ptr_base.h:417)
  ==32480==by 0x89E1091: 
std::_Sp_counted_base(__gnu_cxx::_Lock_policy)2::_M_release() 
(shared_ptr_base.h:161)
  ==32480==by 0x89E0EC0: 
std::__shared_count(__gnu_cxx::_Lock_policy)2::~__shared_count() 
(shared_ptr_base.h:553)
  ==32480==by 0x89E6711: std::__shared_ptrMirBufferPackage, 
(__gnu_cxx::_Lock_policy)2::~__shared_ptr() (shared_ptr_base.h:810)
  ==32480==by 0x89E6751: std::shared_ptrMirBufferPackage::~shared_ptr() 
(shared_ptr.h:93)
  ==32480==by 0x8A00490: MirSurface::process_incoming_buffer() 
(mir_surface.cpp:179)
  ==32480==by 0x8A00661: MirSurface::new_buffer(void (*)(MirSurface*, 
void*), void*) (mir_surface.cpp:215)
  ==32480==by 0x8A04A12: 
google::protobuf::internal::MethodClosure2MirSurface, void (*)(MirSurface*, 
void*), void*::Run() (common.h:969)
  ==32480==by 0x8A1E81A: 
mir::client::rpc::MirSocketRpcChannel::receive_file_descriptors(google::protobuf::Message*,
 google::protobuf::Closure*) (mir_socket_rpc_channel.cpp:171)
- ==32480== 
+ ==32480==
  ==32480== Invalid read of size 4
  ==32480==at 0x234E03: damageDestroyPixmap (damage.c:1548)
  ==32480==by 0xA1C6A3B: sna_early_close_screen (sna_driver.c:762)
  ==32480==by 0x1CE476: xf86CrtcCloseScreen (xf86Crtc.c:732)
  ==32480==by 0x1EB64D: CursorCloseScreen (cursor.c:193)
  ==32480==by 0x2324B5: AnimCurCloseScreen (animcur.c:106)
  ==32480==by 0x14C636: main (main.c:351)
  ==32480==  Address 0xb98d1a8 is 40 bytes inside a block of size 296 free'd
  ==32480==at 0x4C2BADC: operator delete(void*) (in 
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==32480==by 0x8A03F07: 
__gnu_cxx::new_allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2 
::deallocate(std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2*, unsigned long) 
(new_allocator.h:110)
  ==32480==by 0x8A03CB0: 
std::allocator_traitsstd::allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage,
 std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2  
::deallocate(std::allocatorstd::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2 , 
std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2*, unsigned long) 
(alloc_traits.h:377)
  ==32480==by 0x8A046A5: std::_Sp_counted_ptr_inplaceMirBufferPackage, 
std::allocatorMirBufferPackage, (__gnu_cxx::_Lock_policy)2::_M_destroy() 
(shared_ptr_base.h:417)
  ==32480==by 0x89E1091: 
std::_Sp_counted_base(__gnu_cxx::_Lock_policy)2::_M_release() 
(shared_ptr_base.h:161)
  ==32480==by 0x89E0EC0:

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

[Ubuntu-x-swat] [Bug 1224296] Re: X crashes due to freed memory read in damageDestroyPixmap() from sna_early_close_screen() from xf86CrtcCloseScreen()

3 matches

Site Navigation

Mail list logo

Footer information