NetBSD Problem Report #49408
From www@NetBSD.org Fri Nov 21 12:03:01 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 48C97A66A6
for <gnats-bugs@gnats.NetBSD.org>; Fri, 21 Nov 2014 12:03:01 +0000 (UTC)
Message-Id: <20141121120259.DB7C3A66A6@mollari.NetBSD.org>
Date: Fri, 21 Nov 2014 12:02:59 +0000 (UTC)
From: jmcneill@invisible.ca
Reply-To: jmcneill@invisible.ca
To: gnats-bugs@NetBSD.org
Subject: XftGlyphSpecRender crash with gcc 4.8.4 on earmv7hf
X-Send-Pr-Version: www-1.0
>Number: 49408
>Category: toolchain
>Synopsis: XftGlyphSpecRender crash with gcc 4.8.4 on earmv7hf
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: toolchain-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Nov 21 12:05:00 +0000 2014
>Closed-Date: Sat Jul 06 17:01:27 +0000 2019
>Last-Modified: Sat Jul 06 17:01:27 +0000 2019
>Originator: Jared McNeill
>Release: 7.99.1
>Organization:
>Environment:
NetBSD a31 7.99.1 NetBSD 7.99.1 (HUMMINGBIRD_A31) #381: Thu Nov 20 09:20:40 AST 2014 jmcneill@megatron.local:/Users/jmcneill/branches/HEAD/src/sys/arch/evbarm/compile/obj/HUMMINGBIRD_A31 evbarm
>Description:
Unless you build xftrender.c with -O0, libXft crashes like this:
Memory fault (core dumped)
#0 0x400b8ed0 in XftGlyphSpecRender () from /home/jmcneill/libXft.so.3
#1 0x400b7fe4 in XftDrawGlyphSpec () from /home/jmcneill/libXft.so.3
#2 0x400b8268 in XftDrawCharSpec () from /home/jmcneill/libXft.so.3
#3 0x0004a5a4 in xtermXftDrawString.part.0 ()
#4 0x0004a67c in drawClippedXftString ()
#5 0x0005032c in drawXtermText ()
#6 0x000227f8 in ShowCursor ()
#7 0x0002a6c0 in VTparse ()
#8 0x0002a858 in VTRun ()
#9 0x0005abe8 in main ()
>How-To-Repeat:
Edit src/external/mit/xorg/lib/libXft/Makefile and remove the -O0 hack, rebuild libXft, and run "xterm -fa monospace".
>Fix:
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@duskware.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: xsrc/49408: XftGlyphSpecRender crash with gcc 4.8.4 on earmv7hf
Date: Sat, 22 Nov 2014 21:10:01 +0100
Actually looks like a compiler bug to me:
(gdb) x/16i $pc-32
0x400b8eb0 <XftGlyphSpecRender+1012>: str r5, [r4, #448] ; 0x1c0
0x400b8eb4 <XftGlyphSpecRender+1016>: ldr r5, [r4, #448] ; 0x1c0
0x400b8eb8 <XftGlyphSpecRender+1020>: mla r8, r12, r10, r8
0x400b8ebc <XftGlyphSpecRender+1024>: str r8, [r4, #408] ; 0x198
0x400b8ec0 <XftGlyphSpecRender+1028>: ldr r8, [r4, #444] ; 0x1bc
0x400b8ec4 <XftGlyphSpecRender+1032>: add r4, r8, r5, lsl #2
0x400b8ec8 <XftGlyphSpecRender+1036>:
sub r5, r11, #8192 ; 0x2000
0x400b8ecc <XftGlyphSpecRender+1040>: ldr r5, [r5, #448] ; 0x1c0
=> 0x400b8ed0 <XftGlyphSpecRender+1044>: ldr r8, [r5, #444] ; 0x1bc
0x400b8ed4 <XftGlyphSpecRender+1048>: str r7, [r8, r5, lsl #2]
0x400b8ed8 <XftGlyphSpecRender+1052>:
sub r8, r11, #8192 ; 0x2000
0x400b8edc <XftGlyphSpecRender+1056>: mov r5, #1
0x400b8ee0 <XftGlyphSpecRender+1060>: mov r7, r8
0x400b8ee4 <XftGlyphSpecRender+1064>: str r5, [r8, #448] ; 0x1c0
0x400b8ee8 <XftGlyphSpecRender+1068>: ldr r8, [r8, #408] ; 0x198
0x400b8eec <XftGlyphSpecRender+1072>: str r8, [r4, #4]
and it dies because r5 is NULL:
(gdb) info reg
r0 0x3 3
r1 0x40b06e60 1085304416
r2 0x7fffa850 2147461200
r3 0x0 0
r4 0x7fff8dc8 2147454408
r5 0x0 0
r6 0x4094d000 1083494400
r7 0x2600011 39845905
r8 0x7fff8dc8 2147454408
r9 0x0 0
r10 0x1 1
r11 0x7fffa7f4 2147461108
r12 0x0 0
sp 0x7fff8968 0x7fff8968
lr 0x400b8b88 1074498440
pc 0x400b8ed0 0x400b8ed0 <XftGlyphSpecRender+1044>
cpsr 0x600e0210 1611530768
This happens here:
(gdb) list
294 if (n)
295 {
296 elts[nelt].nchars = n;
297 nelt++;
298 }
299 elts[nelt].glyphset = font->glyphset;
...... crash here
300 elts[nelt].chars = char8 + size * j;
301 elts[nelt].xOff = glyphs[i].x - x;
302 elts[nelt].yOff = glyphs[i].y - y;
303 x = glyphs[i].x;
and a few values, according to gcc, are:
(gdb) p elts
$9 = (XGlyphElt8 *) 0x7fff8dc8
(gdb) p nelt
$10 = 0
(gdb) p font
$11 = (XftFontInt *) 0x4094d000
(gdb) p &font->glyphset
$12 = (GlyphSet *) 0x4094d080
(gdb) p &elts[nelt]
$13 = (XGlyphElt8 *) 0x7fff8dc8
(gdb) p &elts[nelt].glyphset
$14 = (GlyphSet *) 0x7fff8dc8
Martin
Responsible-Changed-From-To: xsrc-manager->toolchain-manager
Responsible-Changed-By: jmcneill@NetBSD.org
Responsible-Changed-When: Sun, 23 Nov 2014 23:55:00 +0000
Responsible-Changed-Why:
Toolchain problem.
State-Changed-From-To: open->feedback
State-Changed-By: maya@NetBSD.org
State-Changed-When: Tue, 25 Dec 2018 13:44:16 +0000
State-Changed-Why:
There's no -O0 hack there any more. Is this still a problem?
State-Changed-From-To: feedback->closed
State-Changed-By: jmcneill@NetBSD.org
State-Changed-When: Sat, 06 Jul 2019 17:01:27 +0000
State-Changed-Why:
Works with 8.99.50.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.