I have been trying to debug this and think I found the problem:
- The crash is caused when an already freed drawable is used (drawable contents are invalid)
- The crashing resource always has xid=0. If I prevent DrawableGone calls when xid=0, the crash does not happen. XID=0 seems strange, as the minimum xid should be SERVER_MINID (=32). Also, walking through clientTable[0]->resources[0] shows we have multiple resources with xid=0, which seems strange as well (i.e. calling FreeResource(0, x) may well remove the wrong resource).
- The resources with xid=0 are added via DoCreateGLXDrawable, where pDraw->id is used to add the resource. pDraw->id is 0 in these calls.
- The pDraw with xid=0 should be the X pixmap backing the GLX pixmap. This pixmap is created via ProcCompositeNameWindowPixmap. This function indeed creates pixmaps with drawable.id=0.
The glxdrawable should be registered with the glxdrawableid and the drawableid of the backing X pixmap, as stated in the comment in DoCreateGLXDrawable. In DoCreateGLXDrawable this would be easy, but drawableGone does not get this pixmaps drawableid as parameter. Therefore in my opinion this could only work if the pixmaps drawableid is properly set, so I changed ProcCompositeNameWindowPixmap to set the pixmaps drawableid to stuff->pixmap (like ProcCreatePixmap would do). With that change I no longer get resources with xid=0 and KDM does not crash anymore when I logout.
So far all seems to work fine, but I am not sure if setting the drawable id like this is safe.
The attachment contains gdb traces with and without my change (X built without optimization to get access to all symbols).
I have been trying to debug this and think I found the problem: 0]->resources[ 0] shows we have multiple resources with xid=0, which seems strange as well (i.e. calling FreeResource(0, x) may well remove the wrong resource). able, where pDraw->id is used to add the resource. pDraw->id is 0 in these calls. meWindowPixmap. This function indeed creates pixmaps with drawable.id=0.
- The crash is caused when an already freed drawable is used (drawable contents are invalid)
- The crashing resource always has xid=0. If I prevent DrawableGone calls when xid=0, the crash does not happen. XID=0 seems strange, as the minimum xid should be SERVER_MINID (=32). Also, walking through clientTable[
- The resources with xid=0 are added via DoCreateGLXDraw
- The pDraw with xid=0 should be the X pixmap backing the GLX pixmap. This pixmap is created via ProcCompositeNa
The glxdrawable should be registered with the glxdrawableid and the drawableid of the backing X pixmap, as stated in the comment in DoCreateGLXDraw able. In DoCreateGLXDrawable this would be easy, but drawableGone does not get this pixmaps drawableid as parameter. Therefore in my opinion this could only work if the pixmaps drawableid is properly set, so I changed ProcCompositeNa meWindowPixmap to set the pixmaps drawableid to stuff->pixmap (like ProcCreatePixmap would do). With that change I no longer get resources with xid=0 and KDM does not crash anymore when I logout.
So far all seems to work fine, but I am not sure if setting the drawable id like this is safe.
The attachment contains gdb traces with and without my change (X built without optimization to get access to all symbols).