** Description changed: - Binary package hint: xorg + [Impact] + xfig is no longer as widely used an application as it once was, but regular application usage should not crash X. It may be an indication of a problem that other legacy apps have beyond xfig. + [Development] + The fix has been committed to the main ubuntu-x git branch, which will be used once Maverick Meerkat is open for development, thus this fix will automatically copy over into it. The patch is also included in Debian and upstream so we will get it automatically next time we merge this package from Debian. + + [Patch] + Patch is taken directly from Debian. This is an upstream patch. + http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=94ccaae1ff45c11453141469f5659b6d2a16c4bf + + [Test Case] + 1. Update Lucid to the latest version. Reboot and log into Gnome + 2. Open xfig + 3. Left click in drawing area once (to dismiss the xfig banner) + 4. Press the 'c' key + 5. Left click in the drawing area + 6. Xserver instantly crashes (and is restarted by display manager). It should not crash at this point. + + + [Regression Potential] + This is a pretty substantial patch at 887 lines, which addresses an issue in a lesser-used application, and so for those reasons I opted to wait on including it in the Lucid release itself, in the interest in seeing it get further testing time under its belt. Because Debian and X.org are including the patch, I am assuming it is safe and thus valid for consideration as a regular SRU. + + Specific things I am concerned about: This patch drops several exa + functions; are those functions in use by anything (like proprietary + drivers, games, or other apps?) This patch changes fallback behavior + which I gather does not get exercised except in certain cases; is it + certain that sufficient testing has been done for those cases? + + I notice that part of the patch involves adding a number of null-ptr + checks. If testing does reveal this patch causes a regression + somewhere, a suggested Plan B would be to extract these checks and see + if those alone are sufficient to solve this issue. + + [Original Report] Here is how to reliably and repeatably crash the X server. 1. Update Lucid to the latest version, as of 2009-04-01. Reboot and log into Gnome 2. Open xfig 3. Left click in drawing area once (to dismiss the xfig banner) 4. Press the 'c' key 5. Left click in the drawing area 6. Xserver instantly crashes (and is restarted by display manager). This process is reliably repeatable, and I have done so several times to gather the ltrace and straces attached. Some more details: * 'c' starts the Circle tool. You can click the circle tool button instead, and have the same result. * The ellipse tool has the same effect. However all other tools within xfig work just fine. * xfig itself doesn't appear to be dying: it is managing to save a "SAVE.fig" file. * How the %(&£"%$ is an application failure able to nuke the Xserver? Backtrace: 0: /usr/bin/X (xorg_backtrace+0x3b) [0x80e937b] 1: /usr/bin/X (0x8048000+0x61c7d) [0x80a9c7d] 2: (vdso) (__kernel_rt_sigreturn+0x0) [0x57e410] 3: /usr/lib/xorg/modules/libfb.so (fbPushFill+0xf9) [0x20b459] 4: /usr/lib/xorg/modules/libfb.so (fbPushImage+0xf2) [0x20b622] 5: /usr/lib/xorg/modules/libfb.so (fbPushPixels+0x78) [0x20b6b8] 6: /usr/bin/X (miPolyArc+0x159a) [0x8199aca] 7: /usr/lib/xorg/modules/libfb.so (fbPolyArc+0x8a) [0x1f90aa] 8: /usr/lib/xorg/modules/libexa.so (0x384000+0xf2dd) [0x3932dd] 9: /usr/bin/X (0x8048000+0xd9655) [0x8121655] 10: /usr/bin/X (0x8048000+0x282f9) [0x80702f9] 11: /usr/bin/X (0x8048000+0x2a477) [0x8072477] 12: /usr/bin/X (0x8048000+0x1ed7a) [0x8066d7a] 13: /lib/tls/i686/cmov/libc.so.6 (__libc_start_main+0xe6) [0x240bd6] 14: /usr/bin/X (0x8048000+0x1e961) [0x8066961] Segmentation fault at address (nil) - ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: xserver-xorg 1:7.5+3ubuntu1 ProcVersionSignature: Ubuntu 2.6.32-16.25-generic Uname: Linux 2.6.32-16-generic i686 Architecture: i386 Date: Thu Apr 1 23:14:41 2010 DkmsStatus: Error: [Errno 2] No such file or directory InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta i386 (20100318) MachineType: LENOVO 200793G PccardctlIdent: Socket 0: no product info available PccardctlStatus: Socket 0: 3.3V 32-bit PC Card ProcCmdLine: BOOT_IMAGE=/boot/vmlinuz-2.6.32-16-generic root=UUID=5dee2242-a2c7-4f67-9ad6-4265f1d22e12 ro quiet splash ProcEnviron: PATH=(custom, user) LANG=en_GB.utf8 SHELL=/bin/bash SourcePackage: xorg dmi.bios.date: 08/27/2009 dmi.bios.vendor: LENOVO dmi.bios.version: 79ETE5WW (2.25 ) dmi.board.name: 200793G dmi.board.vendor: LENOVO dmi.board.version: Not Available dmi.chassis.asset.tag: No Asset Information dmi.chassis.type: 10 dmi.chassis.vendor: LENOVO dmi.chassis.version: Not Available dmi.modalias: dmi:bvnLENOVO:bvr79ETE5WW(2.25):bd08/27/2009:svnLENOVO:pn200793G:pvrThinkPadT60p:rvnLENOVO:rn200793G:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable: dmi.product.name: 200793G dmi.product.version: ThinkPad T60p dmi.sys.vendor: LENOVO system: distro: Ubuntu codename: lucid architecture: i686 kernel: 2.6.32-16-generic
-- xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in xfig) https://bugs.launchpad.net/bugs/553647 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs