Ubuntu
xorg-server package

Bug #231484
Comment #13

Comment 13 for bug 231484

Revision history for this message

In freedesktop.org Bugzilla #18520, Bryce Harrington (bryce) wrote on 2008-11-13:

#13

Created an attachment (id=20290)
xkbhandlebell-segfault.patch

Forwarding this bug from a Ubuntu reporter:
https://bugs.edge.launchpad.net/ubuntu/+source/xorg-server/+bug/231484

[Problem]
Xorg crashes in XkbHandleBell() when DEL key pressed, in various applications.

[Discussion]
The attached patch addresses the symptom but maybe not the root cause. The kbd pointer is defined, but perhaps kbd->key is not, which could explain the fault. The obvious question being why that would be null in the first place? Perhaps xkbEvents.c could use additional NULL pointer checks before this one.

[Backtrace]
#0 XkbHandleBell (force=0 '\0', eventOnly=0 '\0', kbd=0x8273490, percent=50 '2', pCtrl=0x8273cc8, class=0 '\0', name=0, pWin=0x0, pClient=0x8262fd8)
    at ../../xkb/xkbEvents.c:404
        bn = {type = 111 'o', xkbType = 8 '\b', sequenceNumber = 280, time = 504481, deviceID = 0 '\0', bellClass = 0 '\0', bellID = 0 '\0',
  percent = 50 '2', pitch = 400, duration = 100, name = 0, window = 0, eventOnly = 0 '\0', pad1 = 58 ':', pad2 = 2167, pad3 = 4120}
        initialized = <value optimized out>
        xkbi = <value optimized out>
        interest = <value optimized out>
        id = <value optimized out>
        pitch = <value optimized out>
        duration = <value optimized out>
        time = <value optimized out>
        winID = <value optimized out>
#1 0x0808386c in ProcBell (client=0x8262fd8) at ../../dix/devices.c:1859
        keybd = (DeviceIntPtr) 0x8273490
        base = <value optimized out>
        newpercent = 0
#2 0x0815076e in XaceCatchDispatchProc (client=0x8262fd8) at ../../Xext/xace.c:281
        major = 104
#3 0x0808d8df in Dispatch () at ../../dix/dispatch.c:502
        result = <value optimized out>
        client = (ClientPtr) 0x8262fd8
        nready = 0
        start_tick = 2680
#4 0x0807471b in main (argc=3, argv=0xbfeb0fd4, envp=Cannot access memory at address 0x8
) at ../../dix/main.c:452
        i = 1
        error = 136163204
        xauthfile = <value optimized out>
        alwaysCheckForInput = {0, 1}

[Original Report]
I get crashes of the Xorg server if I press the "Del" key. This happened three times recently and seems to be repeatable. The system is an up-to-date Kubuntu 8.04.
The dmesg says:
[ 754.699253] Xorg[5444]: segfault at 000001a4 eip 0818fa3a esp bfa98800 error 4
[ 866.241862] Xorg[9589]: segfault at 000001a4 eip 0818fa3a esp bfd02030 error 4
[ 1039.389615] Xorg[10174]: segfault at 000001a4 eip 0818fa3a esp bfd978d0 error 4

The first two crashes happened with a Java program while saving a file. I placed the cursor in the middle of the default filename and pressed the "Del" key. As here were no more characters to delete left, Xorg crashed.
The third crash happened with Seamonkey while editing the Ubuntu bug report search query.

Note: Special on my system is, that I have a Wacom Bamboo connected.

My xorg.conf will follow.