NetBSD Problem Report #47124

From www@NetBSD.org  Thu Oct 25 16:41:14 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id ADB9163E6C2
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 25 Oct 2012 16:41:14 +0000 (UTC)
Message-Id: <20121025164113.C436D63CA81@www.NetBSD.org>
Date: Thu, 25 Oct 2012 16:41:13 +0000 (UTC)
From: aran@100acres.us
Reply-To: aran@100acres.us
To: gnats-bugs@NetBSD.org
Subject: Cairo sends invalid parameter to X Server
X-Send-Pr-Version: www-1.0

>Number:         47124
>Category:       pkg
>Synopsis:       Cairo sends invalid parameter to X Server
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bsiegert
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Oct 25 16:45:00 +0000 2012
>Closed-Date:    Sat Aug 08 12:52:40 +0000 2015
>Last-Modified:  Sat Aug 08 12:52:40 +0000 2015
>Originator:     Aran Clauson
>Release:        6.99.11
>Organization:
>Environment:
NetBSD sanders 6.99.11 NetBSD 6.99.11 (SANDERS) #0: Mon Sep 17 14:11:22 PDT 2012  aran@sanders:/home/NetBSD/obj/sys/arch/amd64/compile/SANDERS amd64
>Description:
Cairo doesn't initialize all of the members of XShmCompletionEvent in _cairo_xlib_shm_surface_mark_active.  Sometimes, this sends invalid arguments to the X.  With Firefox, this is detected as an unrecoverable error and the processes terminates.
>How-To-Repeat:
Build cairo, xulrunner, and firfox with pkgsrc-current.  
>Fix:
Add a bzero to the structure before sending it to the X server.  The following patch replaces pkgsrc/graphics/cairo/patches/patch-src_cairo-xlib-surface-shm.c.  The new stuff is the second chunk.


$NetBSD: patch-src_cairo-xlib-surface-shm.c,v 1.3 2012/10/20 00:55:07 wiz Exp $

First chunk:
Whilst reading through other users of XShm, it became apparent that
IPC_RMID behaves differently across the platforms. Linux allows
processes to attach to an existing ShmSegment id after a IPC_RMID, but
for others the IPC_RMID takes immediate effect. On those platforms
without a "deferred" IPC_RMID, we then need to perform the XShmAttach
synchronously before perfomring the IPC_RMID.

Reported-by: Thomas Klausner <wiz@NetBSD.org>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>

Rest:
Prevent application crashes under old version of X.org e.g. under
Mac OS X Lion. Patch taken from here:

http://cgit.freedesktop.org/cairo/commit/?id=b1532f465e05d566f6d160c5ca916a5a12614067

--- src/cairo-xlib-surface-shm.c.orig	2012-10-05 13:06:00.000000000 +0000
+++ src/cairo-xlib-surface-shm.c
@@ -449,6 +449,9 @@ _cairo_xlib_shm_pool_create(cairo_xlib_d

     pool->attached = NextRequest (dpy);
     success = XShmAttach (dpy, &pool->shm);
+#if !IPC_RMID_DEFERRED_RELEASE
+    XSync (dpy, FALSE);
+#endif
     shmctl (pool->shm.shmid, IPC_RMID, NULL);

     if (! success)
@@ -1018,6 +1021,7 @@ _cairo_xlib_shm_surface_mark_active (cai
     cairo_xlib_display_t *display = (cairo_xlib_display_t *) _shm->device;
     XShmCompletionEvent ev;

+    bzero (&ev, sizeof(ev));
     ev.type = display->shm->event;
     ev.drawable = display->shm->window;
     ev.major_code = display->shm->opcode;
@@ -1121,6 +1125,24 @@ _cairo_xlib_shm_surface_is_idle (cairo_s
     return shm->idle > 0;
 }

+#define XORG_VERSION_ENCODE(major,minor,patch,snap) \
+    (((major) * 10000000) + ((minor) * 100000) + ((patch) * 1000) + snap)
+
+static cairo_bool_t
+xorg_has_buggy_send_event(Display *dpy)
+{
+    /* Avoid incurring the wrath fixed by:
+     *
+     * commit 2d2dce558d24eeea0eb011ec9ebaa6c5c2273c39
+     * Author: Sam Spilsbury <sam.spilsbury@canonical.com>
+     * Date:   Wed Sep 14 09:58:34 2011 +0800
+     *
+     * Remove the SendEvent bit (0x80) before doing range checks on event type.
+     */
+    return (strstr (ServerVendor (dpy), "X.Org") != NULL &&
+	    VendorRelease (dpy) < XORG_VERSION_ENCODE(1,11,0,1));
+}
+
 void
 _cairo_xlib_display_init_shm (cairo_xlib_display_t *display)
 {
@@ -1153,6 +1175,9 @@ _cairo_xlib_display_init_shm (cairo_xlib
 				 DefaultVisual (display->display, scr),
 				 CWOverrideRedirect, &attr);

+    if (xorg_has_buggy_send_event(display->display))
+	has_pixmap = 0;
+
     shm->has_pixmaps = has_pixmap ? MIN_PIXMAP_SIZE : 0;
     cairo_list_init (&shm->pool);


>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->bsiegert
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Sat, 08 Aug 2015 12:52:40 +0000
Responsible-Changed-Why:
Your patch is now obsolete with the current version of cairo
(1.14.2nb1).


State-Changed-From-To: open->closed
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Sat, 08 Aug 2015 12:52:40 +0000
State-Changed-Why:


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.