[Pkg-electronics-devel] Bug#858045: Bug #858045: xcircuit: The File List Window can crash XCircuit
Bernhard Übelacker
bernhardu at mailbox.org
Sat Nov 24 15:26:16 GMT 2018
Dear Maintainer, hello Gonçalo,
I tried to have a look at this issue, and could
reproduce it in a jessie and buster amd64 qemu VM.
As far as I see xcircuit tries to draw all files into one big pixmap.
(gdb) list filelist.c:480
477 pixheight = flfiles * FILECHARHEIGHT + 25;
478 if (pixheight < textheight) pixheight = textheight;
479
480 flistpix = XCreatePixmap(dpy, areawin->window, textwidth, pixheight,
481 DefaultDepthOfScreen(xcScreen(w)));
(gdb) print pixheight
$1 = 42039
(gdb) print textheight
$2 = 98
(gdb) print flfiles
$3 = 3001
Unfortunately, depending on the font size, we get then a height
of e.g. 42039, that is not allowed in the xserver:
(gdb) list ProcCreatePixmap
1392 int
1393 ProcCreatePixmap(ClientPtr client)
...
1415 if (stuff->width > 32767 || stuff->height > 32767) {
1416 /* It is allowed to try and allocate a pixmap which is larger than
1417 * 32767 in either dimension. However, all of the framebuffer code
1418 * is buggy and does not reliably draw to such big pixmaps, basically
1419 * because the Region data structure operates with signed shorts
1420 * for the rectangles in it.
1421 *
1422 * Furthermore, several places in the X server computes the
1423 * size in bytes of the pixmap and tries to store it in an
1424 * integer. This integer can overflow and cause the allocated size
1425 * to be much smaller.
1426 *
1427 * So, such big pixmaps are rejected here with a BadAlloc
1428 */
1429 return BadAlloc;
1430 }
So a check like in filelist.c:478 could be added
to limit pixheight to 32767, or give a error message like
in the "(Invalid Directory)" case.
Kind regards,
Bernhard
Client:
(gdb) bt
#0 XCreatePixmap (dpy=0x561a0f1f4f60, d=8389047, width=339, height=42039, depth=24) at ../../src/CrPixmap.c:50
#1 0x00007f67bfa7d020 in listfiles (w=0x561a0f846e00, okaystruct=0x561a0fa27f60, calldata=0x0) at filelist.c:480
#2 0x00007f67bfa7d51a in newfilelist (w=0x561a0f846e00, okaystruct=0x561a0fa27f60) at filelist.c:547
#3 0x00007f67bfafaec2 in xctk_fileselect (clientData=0x561a0fa27f60, eventPtr=0x7ffff0ef86f0) at tclxcircuit.c:9567
#4 0x00007f67c19c7ff5 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x7ffff0ef86f0) at ./unix/../generic/tkEvent.c:1352
#5 0x00007f67c19bb3b0 in HandleEventGenerate (interp=interp at entry=0x561a0f46b6f0, mainWin=mainWin at entry=0x561a0f624180, objc=objc at entry=4, objv=objv at entry=0x561a0f486840) at ./unix/../generic/tkBind.c:3458
#6 0x00007f67c19baaf1 in Tk_EventObjCmd (clientData=0x561a0f624180, interp=0x561a0f46b6f0, objc=6, objv=0x561a0f486830) at ./unix/../generic/tkBind.c:2413
#7 0x00007f67c1608a96 in TclNRRunCallbacks (interp=interp at entry=0x561a0f46b6f0, result=0, rootPtr=0x0) at ./generic/tclBasic.c:4435
#8 0x00007f67c1607ecf in Tcl_EvalObjv (interp=interp at entry=0x561a0f46b6f0, objc=objc at entry=6, objv=objv at entry=0x561a0f486830, flags=flags at entry=2097168) at ./generic/tclBasic.c:4165
#9 0x00007f67c160964a in TclEvalEx (interp=0x561a0f46b6f0, script=0x7ffff0ef8af0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2", numBytes=<optimized out>, flags=<optimized out>, line=line at entry=1, clNextOuter=clNextOuter at entry=0x0, outerScript=0x7ffff0ef8af0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2") at ./generic/tclBasic.c:5304
#10 0x00007f67c16090f3 in Tcl_EvalEx (interp=<optimized out>, script=<optimized out>, numBytes=<optimized out>, flags=<optimized out>) at ./generic/tclBasic.c:4969
#11 0x00007f67c19b9705 in Tk_BindEvent (bindPtr=<optimized out>, eventPtr=eventPtr at entry=0x561a0f9f3aa0, tkwin=tkwin at entry=0x561a0f84c020, numObjects=<optimized out>, numObjects at entry=4, objectPtr=<optimized out>, objectPtr at entry=0x7ffff0ef8d20) at ./unix/../generic/tkBind.c:1505
#12 0x00007f67c19bff4d in TkBindEventProc (winPtr=winPtr at entry=0x561a0f84c020, eventPtr=eventPtr at entry=0x561a0f9f3aa0) at ./unix/../generic/tkCmds.c:319
#13 0x00007f67c19c8173 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x561a0f9f3aa0) at ./unix/../generic/tkEvent.c:1374
#14 0x00007f67c19c8920 in WindowEventProc (evPtr=evPtr at entry=0x561a0f9f3a90, flags=flags at entry=-3) at ./unix/../generic/tkEvent.c:1764
#15 0x00007f67c16d0e17 in Tcl_ServiceEvent (flags=flags at entry=-3) at ./generic/tclNotify.c:670
#16 0x00007f67c16d1066 in Tcl_DoOneEvent (flags=-3) at ./generic/tclNotify.c:903
#17 0x00007f67c19c8d72 in Tk_MainLoop () at ./unix/../generic/tkEvent.c:2148
#18 0x00007f67c19d741a in Tk_MainEx (argc=<optimized out>, argv=<optimized out>, appInitProc=0x561a0d485b30, interp=0x561a0f195f00) at ./unix/../generic/tkMain.c:390
#19 0x0000561a0d485a0c in ?? ()
#20 0x00007f67c07e7b17 in __libc_start_main (main=0x561a0d4859e0, argc=6, argv=0x7ffff0ef92a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffff0ef9298) at ../csu/libc-start.c:310
#21 0x0000561a0d485a4a in _start ()
XServer:
(gdb) bt
#0 ProcCreatePixmap (client=0x5599b8dce330) at ../../../../dix/dispatch.c:1415
#1 0x00005599b7d2698e in Dispatch () at ../../../../dix/dispatch.c:478
#2 0x00005599b7d2a936 in dix_main (argc=10, argv=0x7fffb806f7e8, envp=<optimized out>) at ../../../../dix/main.c:276
#3 0x00007fc906b67b17 in __libc_start_main (main=0x5599b7d14650 <main>, argc=10, argv=0x7fffb806f7e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb806f7d8) at ../csu/libc-start.c:310
#4 0x00005599b7d1468a in _start ()
-------------- next part --------------
# current jessie amd64
apt update
apt dist-upgrade
apt install dpkg-dev devscripts xserver-xorg lightdm openbox htop xcircuit wish libx11-6-dbg libtk8.6-dbg libtcl8.6-dbg
systemctl start lightdm
mkdir libx11-6/orig -p
cd libx11-6/orig
apt-get source libx11-6
cd ../..
############
export LANG=C
export DISPLAY=:0
xcircuit
1. Open xcircuit
2. File -> Read XCircuit File (the "File List Window" screen will open)
3. Write in the text box "/usr/share/doc"
4. Press return
---> no crash
############
root at debian:~# ls /usr/share/doc | wc -l
658
root at debian:~# for i in {1..6000}; do mkdir /usr/share/doc/tmp-$i; done
root at debian:~# ls /usr/share/doc | wc -l
6658
1. Open xcircuit
2. File -> Read XCircuit File (the "File List Window" screen will open)
3. Write in the text box "/usr/share/doc"
4. Press return
---> no crash
##############
root at debian:~# for i in {1..6000}; do mkdir /usr/share/doc/tmp-2-$i; done
root at debian:~# ls /usr/share/doc | wc -l
12658
benutzer at debian:~$ free -h
total used free shared buffers cached
Mem: 2.9G 844M 2.1G 7.9M 113M 558M
-/+ buffers/cache: 172M 2.8G
Swap: 879M 0B 879M
1. Open xcircuit
2. File -> Read XCircuit File (the "File List Window" screen will open)
3. Write in the text box "/usr/share/doc"
4. Press return
5. xcircuit crashes with the following output
benutzer at debian:~$ xcircuit
X Error of failed request: BadAlloc (insufficient resources for operation)
Major opcode of failed request: 53 (X_CreatePixmap)
Serial number of failed request: 6017
Current serial number in output stream: 8195
##############
benutzer at debian:~$ xcircuit &
[1] 30992
benutzer at debian:~$ gdb -q --pid 30992
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libx11-6/orig/libx11-1.6.2/src/util
(gdb) b XGetErrorText
(gdb) cont
Breakpoint 1, XGetErrorText (dpy=0x7ffcbbeccf80, code=-1142116480, buffer=0x7f4ce3013060 <_IO_2_1_stderr_> "\206 \255", <incomplete sequence \373>, nbytes=-1142099984) at ../../src/ErrDes.c:105
105 {
(gdb) bt
#0 XGetErrorText (dpy=0x7ffcbbeccf80, code=-1142116480, buffer=0x7f4ce3013060 <_IO_2_1_stderr_> "\206 \255", <incomplete sequence \373>, nbytes=-1142099984) at ../../src/ErrDes.c:105
#1 0x00007f4ce3b90c8b in _XPrintDefaultError (dpy=0x17395f0, event=0x7ffcbbeceff0, fp=0x7f4ce3013060 <_IO_2_1_stderr_>) at ../../src/XlibInt.c:1308
#2 0x00007f4ce3b924c3 in _XDefaultError (dpy=<optimized out>, event=<optimized out>) at ../../src/XlibInt.c:1413
#3 0x00007f4ce3b9260d in _XError (dpy=dpy at entry=0x17395f0, rep=rep at entry=0x192c030) at ../../src/XlibInt.c:1463
#4 0x00007f4ce3b8f567 in handle_error (dpy=0x17395f0, err=0x192c030, in_XReply=<optimized out>) at ../../src/xcb_io.c:213
#5 0x00007f4ce3b8f625 in handle_response (dpy=dpy at entry=0x17395f0, response=0x192c030, in_XReply=in_XReply at entry=0) at ../../src/xcb_io.c:325
#6 0x00007f4ce3b8ffd5 in _XEventsQueued (dpy=0x17395f0, mode=<optimized out>) at ../../src/xcb_io.c:364
#7 0x00007f4ce3b8c718 in XDrawString (dpy=0x17395f0, d=8389724, gc=<optimized out>, x=10, y=37598, string=0x1fe8a90 "tmp-2-1772/", length=11) at ../../src/Text.c:71
#8 0x00007f4ce074c722 in ?? () from /usr/lib/xcircuit/xcircuit.so
#9 0x00007f4ce074c9ba in ?? () from /usr/lib/xcircuit/xcircuit.so
#10 0x00007f4ce07c805e in ?? () from /usr/lib/xcircuit/xcircuit.so
#11 0x00007f4ce4ba88d5 in Tk_HandleEvent (eventPtr=0x7ffcbbecf5b0) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkEvent.c:1341
#12 0x00007f4ce4b9c2fd in HandleEventGenerate (interp=0x19d3060, mainWin=0x1b39fb0, objc=4, objv=0x1e680a0) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkBind.c:3439
#13 0x00007f4ce4b9b003 in Tk_EventObjCmd (clientData=0x1b39fb0, interp=0x19d3060, objc=6, objv=0x19d4b50) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkBind.c:2394
#14 0x00007f4ce47eca87 in TclNRRunCallbacks (interp=0x19d3060, result=0, rootPtr=0x0) at /tmp/buildd/tcl8.6-8.6.2+dfsg/generic/tclBasic.c:4390
#15 0x00007f4ce47ed7bb in TclEvalEx (interp=0x17395f0, script=0xb <error: Cannot access memory at address 0xb>, numBytes=-1142116480, flags=27085552, line=1, clNextOuter=clNextOuter at entry=0x0, outerScript=0x7ffcbbecf9b0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2") at /tmp/buildd/tcl8.6-8.6.2+dfsg/generic/tclBasic.c:5259
#16 0x00007f4ce47ed093 in Tcl_EvalEx (interp=<optimized out>, script=<optimized out>, numBytes=<optimized out>, flags=<optimized out>) at /tmp/buildd/tcl8.6-8.6.2+dfsg/generic/tclBasic.c:4924
#17 0x00007f4ce4b99ded in Tk_BindEvent (bindPtr=<optimized out>, eventPtr=eventPtr at entry=0x1cb2b00, tkwin=tkwin at entry=0x1ca07c0, numObjects=<optimized out>, numObjects at entry=4, objectPtr=0x191d740, objectPtr at entry=0x7ffcbbecfbe0) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkBind.c:1492
#18 0x00007f4ce4ba05a9 in TkBindEventProc (winPtr=winPtr at entry=0x1ca07c0, eventPtr=eventPtr at entry=0x1cb2b00) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkCmds.c:316
#19 0x00007f4ce4ba8b0b in Tk_HandleEvent (eventPtr=eventPtr at entry=0x1cb2b00) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkEvent.c:1363
#20 0x00007f4ce4ba90f4 in WindowEventProc (evPtr=evPtr at entry=0x1cb2af0, flags=flags at entry=-3) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkEvent.c:1753
#21 0x00007f4ce48b2fef in Tcl_ServiceEvent (flags=flags at entry=-3) at /tmp/buildd/tcl8.6-8.6.2+dfsg/generic/tclNotify.c:670
#22 0x00007f4ce48b3225 in Tcl_DoOneEvent (flags=-3) at /tmp/buildd/tcl8.6-8.6.2+dfsg/generic/tclNotify.c:903
#23 0x00007f4ce4ba9582 in Tk_MainLoop () at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkEvent.c:2131
#24 0x00007f4ce4bb7de6 in Tk_MainEx (argc=<optimized out>, argv=0x7ffcbbed0198, appInitProc=0x400b10 <_start+251>, interp=0x16e1d70) at /tmp/buildd/tk8.6-8.6.2/unix/../generic/tkMain.c:381
#25 0x0000000000400a0c in ?? ()
#26 0x00007f4ce2c8eb45 in __libc_start_main (main=0x4009e0, argc=6, argv=0x7ffcbbed0168, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffcbbed0158) at libc-start.c:287
#27 0x0000000000400a3e in _start ()
#################
# current buster amd64, 512 RAM, no swap
root at debian:~# free -h
total used free shared buff/cache available
Mem: 483Mi 63Mi 147Mi 1,0Mi 273Mi 407Mi
Swap: 0B 0B 0B
apt update
apt dist-upgrade
apt install dpkg-dev devscripts xserver-xorg lightdm openbox htop mc gdb xcircuit xcircuit-dbgsym libx11-6-dbgsym libtk8.6-dbgsym libtcl8.6-dbgsym xserver-xorg-core-dbgsym asciidoc
systemctl start lightdm
mkdir libx11-6/orig -p
cd libx11-6/orig
apt-get source libx11-6
cd ../..
mkdir xcircuit/orig -p
cd xcircuit/orig
apt-get source xcircuit
cd ../..
mkdir xserver-xorg-core/orig -p
cd xserver-xorg-core/orig
apt source xserver-xorg-core
cd ../..
root at debian:~# mkdir /test
root at debian:~# for i in {1..3000}; do mkdir /test/tmp-$i; done
root at debian:~# ls /test | wc -l
3000
benutzer at debian:~$ export LANG=C
benutzer at debian:~$ export DISPLAY=:0
benutzer at debian:~$ xcircuit &
[1] 24543
benutzer at debian:~$ gdb -q --pid 24543
Attaching to process 24543
[New LWP 24544]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007feef8f0122a in futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7fffa14204e0, expected=0, futex_word=0x563ab6dc4c34) at ../sysdeps/unix/sysv/linux/futex-internal.h:205
205 ../sysdeps/unix/sysv/linux/futex-internal.h: Datei oder Verzeichnis nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util
Source directories searched: /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util:$cdir:$cwd
(gdb) b XGetErrorText
Breakpoint 1 at 0x7feef88c3200: file ../../src/ErrDes.c, line 105.
(gdb) cont
(gdb) bt
#0 XGetErrorText (dpy=dpy at entry=0x563ab6e2df60, code=11, buffer=buffer at entry=0x7fffa141c340 "\234\001\256\004:V", nbytes=nbytes at entry=8192) at ../../src/ErrDes.c:105
#1 0x00007feef88e379b in _XPrintDefaultError (dpy=dpy at entry=0x563ab6e2df60, event=0x7fffa14203a0, fp=0x7feef82ca680 <_IO_2_1_stderr_>) at ../../src/XlibInt.c:1279
#2 0x00007feef88e4fc3 in _XDefaultError (dpy=0x563ab6e2df60, event=<optimized out>) at ../../src/XlibInt.c:1384
#3 0x00007feef88e511a in _XError (dpy=dpy at entry=0x563ab6e2df60, rep=rep at entry=0x563ab7661620) at ../../src/XlibInt.c:1444
#4 0x00007feef88e2077 in handle_error (dpy=0x563ab6e2df60, err=0x563ab7661620, in_XReply=<optimized out>) at ../../src/xcb_io.c:199
#5 0x00007feef88e211d in handle_response (dpy=dpy at entry=0x563ab6e2df60, response=0x563ab7661620, in_XReply=in_XReply at entry=0) at ../../src/xcb_io.c:324
#6 0x00007feef88e2a55 in _XEventsQueued (dpy=0x563ab6e2df60, mode=<optimized out>) at ../../src/xcb_io.c:363
#7 0x00007feef88c45ea in XFlush (dpy=0x563ab6e2df60) at ../../src/Flush.c:39
#8 0x00007feef93c3918 in DisplaySetupProc (clientData=<optimized out>, flags=<optimized out>) at ./unix/../unix/tkUnixEvent.c:307
#9 0x00007feef901e0c0 in Tcl_DoOneEvent (flags=-3) at ./generic/tclNotify.c:930
#10 0x00007feef9315d72 in Tk_MainLoop () at ./unix/../generic/tkEvent.c:2148
#11 0x00007feef932441a in Tk_MainEx (argc=<optimized out>, argv=<optimized out>, appInitProc=0x563ab6618b30, interp=0x563ab6dcef00) at ./unix/../generic/tkMain.c:390
#12 0x0000563ab6618a0c in ?? ()
#13 0x00007feef8134b17 in __libc_start_main (main=0x563ab66189e0, argc=6, argv=0x7fffa14208c8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffa14208b8) at ../csu/libc-start.c:310
#14 0x0000563ab6618a4a in _start ()
(gdb)
X Error of failed request: BadAlloc (insufficient resources for operation)
Major opcode of failed request: 53 (X_CreatePixmap)
Serial number of failed request: 6718
Current serial number in output stream: 9728
Without debug symbols:
Thread 1 "wish" hit Breakpoint 1, XGetErrorText (dpy=dpy at entry=0x559ba7e67f60, code=11, buffer=buffer at entry=0x7ffe2756ca60 "H\326V'\376\177", nbytes=nbytes at entry=8192) at ../../src/ErrDes.c:105
105 ../../src/ErrDes.c: Datei oder Verzeichnis nicht gefunden.
(gdb) bt
#0 XGetErrorText (dpy=dpy at entry=0x559ba7e67f60, code=11, buffer=buffer at entry=0x7ffe2756ca60 "H\326V'\376\177", nbytes=nbytes at entry=8192) at ../../src/ErrDes.c:105
#1 0x00007f40720d279b in _XPrintDefaultError (dpy=dpy at entry=0x559ba7e67f60, event=0x7ffe27570ac0, fp=0x7f4071ab9680 <_IO_2_1_stderr_>) at ../../src/XlibInt.c:1279
#2 0x00007f40720d3fc3 in _XDefaultError (dpy=0x559ba7e67f60, event=<optimized out>) at ../../src/XlibInt.c:1384
#3 0x00007f40720d411a in _XError (dpy=dpy at entry=0x559ba7e67f60, rep=rep at entry=0x559ba86a0070) at ../../src/XlibInt.c:1444
#4 0x00007f40720d1077 in handle_error (dpy=0x559ba7e67f60, err=0x559ba86a0070, in_XReply=<optimized out>) at ../../src/xcb_io.c:199
#5 0x00007f40720d111d in handle_response (dpy=dpy at entry=0x559ba7e67f60, response=0x559ba86a0070, in_XReply=in_XReply at entry=0) at ../../src/xcb_io.c:324
#6 0x00007f40720d1a55 in _XEventsQueued (dpy=0x559ba7e67f60, mode=<optimized out>) at ../../src/xcb_io.c:363
#7 0x00007f40720ce210 in XDrawString (dpy=0x559ba7e67f60, d=8390095, gc=<optimized out>, x=10, y=24550, string=0x559ba87f2760 "tmp-2575/", length=9) at ../../src/Text.c:71
#8 0x00007f4070c02267 in ?? () from /usr/lib/xcircuit/xcircuit.so
#9 0x00007f4070c0251a in ?? () from /usr/lib/xcircuit/xcircuit.so
#10 0x00007f4070c7fec2 in ?? () from /usr/lib/xcircuit/xcircuit.so
#11 0x00007f4072b03ff5 in Tk_HandleEvent () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#12 0x00007f4072af73b0 in ?? () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#13 0x00007f4072af6af1 in ?? () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#14 0x00007f4072744a96 in TclNRRunCallbacks () from /usr/lib/x86_64-linux-gnu/libtcl8.6.so
#15 0x00007f407274564a in ?? () from /usr/lib/x86_64-linux-gnu/libtcl8.6.so
#16 0x00007f40727450f3 in Tcl_EvalEx () from /usr/lib/x86_64-linux-gnu/libtcl8.6.so
#17 0x00007f4072af5705 in Tk_BindEvent () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#18 0x00007f4072afbf4d in TkBindEventProc () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#19 0x00007f4072b04173 in Tk_HandleEvent () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#20 0x00007f4072b04920 in ?? () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#21 0x00007f407280ce17 in Tcl_ServiceEvent () from /usr/lib/x86_64-linux-gnu/libtcl8.6.so
#22 0x00007f407280d066 in Tcl_DoOneEvent () from /usr/lib/x86_64-linux-gnu/libtcl8.6.so
#23 0x00007f4072b04d72 in Tk_MainLoop () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#24 0x00007f4072b1341a in Tk_MainEx () from /usr/lib/x86_64-linux-gnu/libtk8.6.so
#25 0x0000559ba7201a0c in ?? ()
#26 0x00007f4071923b17 in __libc_start_main (main=0x559ba72019e0, argc=6, argv=0x7ffe27571c38, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffe27571c28) at ../csu/libc-start.c:310
#27 0x0000559ba7201a4a in _start ()
benutzer at debian:~$ gdb -q --pid 13239
Attaching to process 13239
[New LWP 13240]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007fc21940b22a in futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7fff6d4d0c50, expected=0, futex_word=0x55e4e1ac8c30) at ../sysdeps/unix/sysv/linux/futex-internal.h:205
205 ../sysdeps/unix/sysv/linux/futex-internal.h: Datei oder Verzeichnis nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util
Source directories searched: /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util:$cdir:$cwd
(gdb) directory /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1
Source directories searched: /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1:/home/benutzer/libx11-6/orig/libx11-1.6.7/src/util:$cdir:$cwd
(gdb) b XGetErrorText
Breakpoint 1 at 0x7fc218dcd200: file ../../src/ErrDes.c, line 105.
(gdb) print _Xdebug
$1 = 0
(gdb) set _Xdebug=1
(gdb) cont
Continuing.
Thread 1 "wish" hit Breakpoint 1, XGetErrorText (dpy=dpy at entry=0x55e4e1b31f60, code=11, buffer=buffer at entry=0x7fff6d4cbe60 "H\312Lm\377\177", nbytes=nbytes at entry=8192) at ../../src/ErrDes.c:105
105 {
(gdb) bt
#0 XGetErrorText (dpy=dpy at entry=0x55e4e1b31f60, code=11, buffer=buffer at entry=0x7fff6d4cbe60 "H\312Lm\377\177", nbytes=nbytes at entry=8192) at ../../src/ErrDes.c:105
#1 0x00007fc218ded79b in _XPrintDefaultError (dpy=dpy at entry=0x55e4e1b31f60, event=0x7fff6d4cfec0, fp=0x7fc2187d4680 <_IO_2_1_stderr_>) at ../../src/XlibInt.c:1279
#2 0x00007fc218deefc3 in _XDefaultError (dpy=0x55e4e1b31f60, event=<optimized out>) at ../../src/XlibInt.c:1384
#3 0x00007fc218def11a in _XError (dpy=dpy at entry=0x55e4e1b31f60, rep=rep at entry=0x55e4e237b270) at ../../src/XlibInt.c:1444
#4 0x00007fc218dec077 in handle_error (dpy=0x55e4e1b31f60, err=0x55e4e237b270, in_XReply=<optimized out>) at ../../src/xcb_io.c:199
#5 0x00007fc218dec11d in handle_response (dpy=dpy at entry=0x55e4e1b31f60, response=0x55e4e237b270, in_XReply=in_XReply at entry=0) at ../../src/xcb_io.c:324
#6 0x00007fc218deca55 in _XEventsQueued (dpy=0x55e4e1b31f60, mode=<optimized out>) at ../../src/xcb_io.c:363
#7 0x00007fc218de9210 in XDrawString (dpy=0x55e4e1b31f60, d=8390063, gc=<optimized out>, x=10, y=40944, string=0x55e4e1f70110 "tmp-929/", length=8) at ../../src/Text.c:71
#8 0x00007fc21791d267 in listfiles (w=0x55e4e21421a0, okaystruct=0x55e4e2329890, calldata=0x0) at filelist.c:500
#9 0x00007fc21791d51a in newfilelist (w=0x55e4e21421a0, okaystruct=0x55e4e2329890) at filelist.c:547
#10 0x00007fc21799aec2 in xctk_fileselect (clientData=0x55e4e2329890, eventPtr=0x7fff6d4d0480) at tclxcircuit.c:9567
#11 0x00007fc21981eff5 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x7fff6d4d0480) at ./unix/../generic/tkEvent.c:1352
#12 0x00007fc2198123b0 in HandleEventGenerate (interp=interp at entry=0x55e4e1db8d00, mainWin=mainWin at entry=0x55e4e1f58680, objc=objc at entry=4, objv=objv at entry=0x55e4e1dc3820) at ./unix/../generic/tkBind.c:3458
#13 0x00007fc219811af1 in Tk_EventObjCmd (clientData=0x55e4e1f58680, interp=0x55e4e1db8d00, objc=6, objv=0x55e4e1dc3810) at ./unix/../generic/tkBind.c:2413
#14 0x00007fc21945fa96 in TclNRRunCallbacks (interp=interp at entry=0x55e4e1db8d00, result=0, rootPtr=0x0) at ./generic/tclBasic.c:4435
#15 0x00007fc21945eecf in Tcl_EvalObjv (interp=interp at entry=0x55e4e1db8d00, objc=objc at entry=6, objv=objv at entry=0x55e4e1dc3810, flags=flags at entry=2097168) at ./generic/tclBasic.c:4165
#16 0x00007fc21946064a in TclEvalEx (interp=0x55e4e1db8d00, script=0x7fff6d4d0880 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2", numBytes=<optimized out>, flags=<optimized out>, line=line at entry=1, clNextOuter=clNextOuter at entry=0x0, outerScript=0x7fff6d4d0880 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2") at ./generic/tclBasic.c:5304
#17 0x00007fc2194600f3 in Tcl_EvalEx (interp=<optimized out>, script=<optimized out>, numBytes=<optimized out>, flags=<optimized out>) at ./generic/tclBasic.c:4969
#18 0x00007fc219810705 in Tk_BindEvent (bindPtr=<optimized out>, eventPtr=eventPtr at entry=0x55e4e1d61560, tkwin=tkwin at entry=0x55e4e21487c0, numObjects=<optimized out>, numObjects at entry=4, objectPtr=<optimized out>, objectPtr at entry=0x7fff6d4d0ab0) at ./unix/../generic/tkBind.c:1505
#19 0x00007fc219816f4d in TkBindEventProc (winPtr=winPtr at entry=0x55e4e21487c0, eventPtr=eventPtr at entry=0x55e4e1d61560) at ./unix/../generic/tkCmds.c:319
#20 0x00007fc21981f173 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x55e4e1d61560) at ./unix/../generic/tkEvent.c:1374
#21 0x00007fc21981f920 in WindowEventProc (evPtr=evPtr at entry=0x55e4e1d61550, flags=flags at entry=-3) at ./unix/../generic/tkEvent.c:1764
#22 0x00007fc219527e17 in Tcl_ServiceEvent (flags=flags at entry=-3) at ./generic/tclNotify.c:670
#23 0x00007fc219528066 in Tcl_DoOneEvent (flags=-3) at ./generic/tclNotify.c:903
#24 0x00007fc21981fd72 in Tk_MainLoop () at ./unix/../generic/tkEvent.c:2148
#25 0x00007fc21982e41a in Tk_MainEx (argc=<optimized out>, argv=<optimized out>, appInitProc=0x55e4dfa4fb30, interp=0x55e4e1ad2f00) at ./unix/../generic/tkMain.c:390
#26 0x000055e4dfa4fa0c in ?? ()
#27 0x00007fc21863eb17 in __libc_start_main (main=0x55e4dfa4f9e0, argc=6, argv=0x7fff6d4d1038, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff6d4d1028) at ../csu/libc-start.c:310
#28 0x000055e4dfa4fa4a in _start ()
(gdb) list listfiles
364 /*----------------------------------------------------------------------*/
365 /* Make a list of the files in the list widget window */
366 /*----------------------------------------------------------------------*/
367
368 void listfiles(xcWidget w, popupstruct *okaystruct, caddr_t calldata)
369 {
...
488 for (n = 0; n < flfiles; n++) {
489 switch (files[n].filetype) {
490 case DIRECTORY:
491 XSetForeground(dpy, sgc, colorlist[SELECTCOLOR].color.pixel);
492 break;
493 case MATCH:
494 XSetForeground(dpy, sgc, colorlist[FILTERCOLOR].color.pixel);
495 break;
496 case NONMATCH:
497 XSetForeground(dpy, sgc, colorlist[FOREGROUND].color.pixel);
498 break;
499 }
500 XDrawString(dpy, flistpix, sgc, 10, 10 + FILECHARASCENT + n * FILECHARHEIGHT,
501 files[n].filename, strlen(files[n].filename));
502 }
(gdb) list XDrawString
40 int length)
41 {
42 int Datalength = 0;
43 register xPolyText8Req *req;
44
45 if (length <= 0)
46 return 0;
47
48 LockDisplay(dpy);
49 FlushGC(dpy, gc);
50 GetReq (PolyText8, req);
51 req->drawable = d;
52 req->gc = gc->gid;
53 req->x = x;
54 req->y = y;
55
56
57 Datalength += SIZEOF(xTextElt) * ((length + 253) / 254) + length;
58
59
60 req->length += (Datalength + 3)>>2; /* convert to number of 32-bit words */
61
62
63 /*
64 * If the entire request does not fit into the remaining space in the
65 * buffer, flush the buffer first. If the request does fit into the
66 * empty buffer, then we won't have to flush it at the end to keep
67 * the buffer 32-bit aligned.
68 */
69
70 if (dpy->bufptr + Datalength > dpy->bufmax)
71 _XFlush (dpy);
72
###########
benutzer at debian:~$ xcircuit
#client
benutzer at debian:~$ gdb -q --pid $(ps aux | grep xcircuit | grep -v "grep xcircuit" | awk '{print $2}')
Attaching to process 19489
[New LWP 19490]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007f2938a3022a in futex_abstimed_wait_cancelable (private=<optimized out>, abstime=0x7ffebfb3a870, expected=0, futex_word=0x561d115b7c34) at ../sysdeps/unix/sysv/linux/futex-internal.h:205
205 ../sysdeps/unix/sysv/linux/futex-internal.h: Datei oder Verzeichnis nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util
Source directories searched: /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util:$cdir:$cwd
(gdb) directory /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1
Source directories searched: /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1:/home/benutzer/libx11-6/orig/libx11-1.6.7/src/util:$cdir:$cwd
(gdb) set _Xdebug=1
(gdb) b XGetErrorText
Breakpoint 1 at 0x7f29383f2200: file ../../src/ErrDes.c, line 105.
(gdb) b Text.c:71
Breakpoint 2 at 0x7f293840e208: file ../../src/Text.c, line 71.
(gdb) cont
Continuing.
Thread 1 "wish" hit Breakpoint 2, XDrawString (dpy=0x561d11620f60, d=8390060, gc=<optimized out>, x=10, y=8170, string=0x561d121cd8c0 "tmp-1521/", length=9) at ../../src/Text.c:71
71 _XFlush (dpy);
(gdb) bt
#0 XDrawString (dpy=0x561d11620f60, d=8390060, gc=<optimized out>, x=10, y=8170, string=0x561d121cd8c0 "tmp-1521/", length=9) at ../../src/Text.c:71
#1 0x00007f2936ef9267 in listfiles (w=0x561d11c72560, okaystruct=0x561d11e5b770, calldata=0x0) at filelist.c:500
#2 0x00007f2936ef951a in newfilelist (w=0x561d11c72560, okaystruct=0x561d11e5b770) at filelist.c:547
#3 0x00007f2936f76ec2 in xctk_fileselect (clientData=0x561d11e5b770, eventPtr=0x7ffebfb3a0a0) at tclxcircuit.c:9567
#4 0x00007f2938e43ff5 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x7ffebfb3a0a0) at ./unix/../generic/tkEvent.c:1352
#5 0x00007f2938e373b0 in HandleEventGenerate (interp=interp at entry=0x561d118976f0, mainWin=mainWin at entry=0x561d11a51b80, objc=objc at entry=4, objv=objv at entry=0x561d118b2840) at ./unix/../generic/tkBind.c:3458
#6 0x00007f2938e36af1 in Tk_EventObjCmd (clientData=0x561d11a51b80, interp=0x561d118976f0, objc=6, objv=0x561d118b2830) at ./unix/../generic/tkBind.c:2413
#7 0x00007f2938a84a96 in TclNRRunCallbacks (interp=interp at entry=0x561d118976f0, result=0, rootPtr=0x0) at ./generic/tclBasic.c:4435
#8 0x00007f2938a83ecf in Tcl_EvalObjv (interp=interp at entry=0x561d118976f0, objc=objc at entry=6, objv=objv at entry=0x561d118b2830, flags=flags at entry=2097168) at ./generic/tclBasic.c:4165
#9 0x00007f2938a8564a in TclEvalEx (interp=0x561d118976f0, script=0x7ffebfb3a4a0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2", numBytes=<optimized out>, flags=<optimized out>, line=line at entry=1, clNextOuter=clNextOuter at entry=0x0, outerScript=0x7ffebfb3a4a0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2") at ./generic/tclBasic.c:5304
#10 0x00007f2938a850f3 in Tcl_EvalEx (interp=<optimized out>, script=<optimized out>, numBytes=<optimized out>, flags=<optimized out>) at ./generic/tclBasic.c:4969
#11 0x00007f2938e35705 in Tk_BindEvent (bindPtr=<optimized out>, eventPtr=eventPtr at entry=0x561d11e27640, tkwin=tkwin at entry=0x561d11c7b790, numObjects=<optimized out>, numObjects at entry=4, objectPtr=<optimized out>, objectPtr at entry=0x7ffebfb3a6d0) at ./unix/../generic/tkBind.c:1505
#12 0x00007f2938e3bf4d in TkBindEventProc (winPtr=winPtr at entry=0x561d11c7b790, eventPtr=eventPtr at entry=0x561d11e27640) at ./unix/../generic/tkCmds.c:319
#13 0x00007f2938e44173 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x561d11e27640) at ./unix/../generic/tkEvent.c:1374
#14 0x00007f2938e44920 in WindowEventProc (evPtr=evPtr at entry=0x561d11e27630, flags=flags at entry=-3) at ./unix/../generic/tkEvent.c:1764
#15 0x00007f2938b4ce17 in Tcl_ServiceEvent (flags=flags at entry=-3) at ./generic/tclNotify.c:670
#16 0x00007f2938b4d066 in Tcl_DoOneEvent (flags=-3) at ./generic/tclNotify.c:903
#17 0x00007f2938e44d72 in Tk_MainLoop () at ./unix/../generic/tkEvent.c:2148
#18 0x00007f2938e5341a in Tk_MainEx (argc=<optimized out>, argv=<optimized out>, appInitProc=0x561d0fde4b30, interp=0x561d115c1f00) at ./unix/../generic/tkMain.c:390
#19 0x0000561d0fde4a0c in ?? ()
#20 0x00007f2937c63b17 in __libc_start_main (main=0x561d0fde49e0, argc=6, argv=0x7ffebfb3ac58, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffebfb3ac48) at ../csu/libc-start.c:310
#21 0x0000561d0fde4a4a in _start ()
#server
root at debian:~# gdb -q --pid $(pidof Xorg)
Attaching to process 19059
[New LWP 19070]
[New LWP 19071]
[New LWP 19072]
[New LWP 19073]
[New LWP 19074]
[New LWP 19075]
[New LWP 19076]
[New LWP 19077]
[New LWP 19080]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
0x00007fc906c3d207 in epoll_wait (epfd=3, events=events at entry=0x7fffb806e9b0, maxevents=maxevents at entry=256, timeout=119114) at ../sysdeps/unix/sysv/linux/epoll_wait.c:30
30 ../sysdeps/unix/sysv/linux/epoll_wait.c: Datei oder Verzeichnis nicht gefunden.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/xserver-xorg-core/orig/xorg-server-1.20.3/hw/xfree86/drivers/modesetting
Source directories searched: /home/benutzer/xserver-xorg-core/orig/xorg-server-1.20.3/hw/xfree86/drivers/modesetting:$cdir:$cwd
(gdb) b dixLookupResourceByClass
Breakpoint 1 at 0x5599b7d4c690: file ../../../../dix/resource.c, line 1231.
(gdb) cont
Continuing.
...
(gdb) cont
Continuing.
Thread 1 "Xorg" hit Breakpoint 1, dixLookupResourceByClass (result=result at entry=0x7fffb806f5d0, id=id at entry=8390060, rclass=rclass at entry=1073741824, client=client at entry=0x5599b8f22740, mode=mode at entry=2) at ../../../../dix/resource.c:1231
1231 int cid = CLIENT_ID(id);
(gdb) bt
#0 dixLookupResourceByClass (result=result at entry=0x7fffb806f5d0, id=id at entry=8390060, rclass=rclass at entry=1073741824, client=client at entry=0x5599b8f22740, mode=mode at entry=2) at ../../../../dix/resource.c:1231
#1 0x00005599b7d2ae2c in dixLookupDrawable (pDraw=pDraw at entry=0x7fffb806f620, id=8390060, client=client at entry=0x5599b8f22740, type=type at entry=4294967295, access=access at entry=2) at ../../../../dix/dixutils.c:202
#2 0x00005599b7d22ec1 in ProcPolyFillRectangle (client=0x5599b8f22740) at ../../../../dix/dispatch.c:1926
#3 0x00005599b7d2698e in Dispatch () at ../../../../dix/dispatch.c:478
#4 0x00005599b7d2a936 in dix_main (argc=10, argv=0x7fffb806f7e8, envp=<optimized out>) at ../../../../dix/main.c:276
#5 0x00007fc906b67b17 in __libc_start_main (main=0x5599b7d14650 <main>, argc=10, argv=0x7fffb806f7e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb806f7d8) at ../csu/libc-start.c:310
#6 0x00005599b7d1468a in _start ()
(gdb) next
1236 if ((cid < LimitClients) && clientTable[cid].buckets) {
(gdb)
1237 res = clientTable[cid].resources[HashResourceID(id, clientTable[cid].hashsize)];
(gdb) print cid
$1 = 4
(gdb) print clientTable[cid].hashsize
$2 = 8
(gdb) print id
$3 = 8390060
(gdb) list HashResourceID
668 int
669 HashResourceID(XID id, int numBits)
670 {
671 static XID mask;
672
673 if (!mask)
674 mask = RESOURCE_ID_MASK;
675 id &= mask;
676 if (numBits < 9)
677 return (id ^ (id >> numBits) ^ (id >> (numBits<<1))) & ~((~0) << numBits);
(gdb)
678 return (id ^ (id >> numBits)) & ~((~0) << numBits);
679 }
680
681 static XID
682 AvailableID(int client, XID id, XID maxid, XID goodid)
683 {
684 ResourcePtr res;
685
686 if ((goodid >= id) && (goodid <= maxid))
687 return goodid;
(gdb) step
HashResourceID (id=id at entry=8390060, numBits=8) at ../../../../dix/resource.c:673
673 if (!mask)
(gdb) next
675 id &= mask;
(gdb) print id
$4 = 8390060
(gdb) next
676 if (numBits < 9)
(gdb) print id
$5 = 1452
(gdb) print numBits
$6 = 8
(gdb) next
677 return (id ^ (id >> numBits) ^ (id >> (numBits<<1))) & ~((~0) << numBits);
(gdb) finish
Run till exit from #0 HashResourceID (id=1452, id at entry=8390060, numBits=8) at ../../../../dix/resource.c:677
0x00005599b7d4c73e in dixLookupResourceByClass (result=result at entry=0x7fffb806f5d0, id=id at entry=8390060, rclass=rclass at entry=1073741824, client=client at entry=0x5599b8f22740, mode=mode at entry=2) at ../../../../dix/resource.c:1237
1237 res = clientTable[cid].resources[HashResourceID(id, clientTable[cid].hashsize)];
Value returned is $7 = 169
(gdb) print clientTable[cid].resources
value has been optimized out
(gdb) list
1232 ResourcePtr res = NULL;
1233
1234 *result = NULL;
1235
1236 if ((cid < LimitClients) && clientTable[cid].buckets) {
1237 res = clientTable[cid].resources[HashResourceID(id, clientTable[cid].hashsize)];
1238
1239 for (; res; res = res->next)
1240 if (res->id == id && (res->type & rclass))
1241 break;
(gdb) list -
1222
1223 *result = res->value;
1224 return Success;
1225 }
1226
1227 int
1228 dixLookupResourceByClass(void **result, XID id, RESTYPE rclass,
1229 ClientPtr client, Mask mode)
1230 {
1231 int cid = CLIENT_ID(id);
(gdb) list
1232 ResourcePtr res = NULL;
1233
1234 *result = NULL;
1235
1236 if ((cid < LimitClients) && clientTable[cid].buckets) {
1237 res = clientTable[cid].resources[HashResourceID(id, clientTable[cid].hashsize)];
1238
1239 for (; res; res = res->next)
1240 if (res->id == id && (res->type & rclass))
1241 break;
(gdb) next
1239 for (; res; res = res->next)
(gdb) print res
$8 = (ResourcePtr) 0x0
(gdb) bt
#0 dixLookupResourceByClass (result=result at entry=0x7fffb806f5d0, id=id at entry=8390060, rclass=rclass at entry=1073741824, client=client at entry=0x5599b8f22740, mode=mode at entry=2) at ../../../../dix/resource.c:1239
#1 0x00005599b7d2ae2c in dixLookupDrawable (pDraw=pDraw at entry=0x7fffb806f620, id=8390060, client=client at entry=0x5599b8f22740, type=type at entry=4294967295, access=access at entry=2) at ../../../../dix/dixutils.c:202
#2 0x00005599b7d22ec1 in ProcPolyFillRectangle (client=0x5599b8f22740) at ../../../../dix/dispatch.c:1926
#3 0x00005599b7d2698e in Dispatch () at ../../../../dix/dispatch.c:478
#4 0x00005599b7d2a936 in dix_main (argc=10, argv=0x7fffb806f7e8, envp=<optimized out>) at ../../../../dix/main.c:276
#5 0x00007fc906b67b17 in __libc_start_main (main=0x5599b7d14650 <main>, argc=10, argv=0x7fffb806f7e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb806f7d8) at ../csu/libc-start.c:310
#6 0x00005599b7d1468a in _start ()
(gdb) next
1243 if (client) {
(gdb)
1244 client->errorValue = id;
(gdb)
1246 if (!res)
(gdb) display/i $pc
1: x/i $pc
=> 0x5599b7d4c71b <dixLookupResourceByClass+139>: add $0x18,%rsp
(gdb) stepi
0x00005599b7d4c71f 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c71f <dixLookupResourceByClass+143>: mov $0x2,%eax
(gdb)
0x00005599b7d4c724 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c724 <dixLookupResourceByClass+148>: pop %rbx
(gdb)
0x00005599b7d4c725 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c725 <dixLookupResourceByClass+149>: pop %rbp
(gdb)
0x00005599b7d4c726 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c726 <dixLookupResourceByClass+150>: pop %r12
(gdb)
0x00005599b7d4c728 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c728 <dixLookupResourceByClass+152>: pop %r13
(gdb)
0x00005599b7d4c72a 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c72a <dixLookupResourceByClass+154>: pop %r14
(gdb)
0x00005599b7d4c72c 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c72c <dixLookupResourceByClass+156>: pop %r15
(gdb)
0x00005599b7d4c72e 1246 if (!res)
1: x/i $pc
=> 0x5599b7d4c72e <dixLookupResourceByClass+158>: retq
(gdb) list
1241 break;
1242 }
1243 if (client) {
1244 client->errorValue = id;
1245 }
1246 if (!res)
1247 return BadValue;
1248
1249 if (client) {
1250 cid = XaceHook(XACE_RESOURCE_ACCESS, client, id, res->type,
###########
client:
gdb -q --pid $(ps aux | grep xcircuit | grep -v "grep xcircuit" | awk '{print $2}')
set width 0
set pagination off
directory /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util
directory /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1
set _Xdebug=1
b XGetErrorText
b Text.c:71
cont
server:
gdb -q --pid $(pidof Xorg)
set width 0
set pagination off
directory /home/benutzer/xserver-xorg-core/orig/xorg-server-1.20.3/hw/xfree86/drivers/modesetting
b dixLookupResourceByClass
cont
# b dixLookupDrawable
# b ProcPolyText
# b doPolyText
# b SendErrorToClient
###########
(gdb) print pixheight
$6 = 42039
(gdb) print textheight
$7 = 98
(gdb)
480 flistpix = XCreatePixmap(dpy, areawin->window, textwidth, pixheight,
###########
client:
gdb -q --pid $(ps aux | grep xcircuit | grep -v "grep xcircuit" | awk '{print $2}')
set width 0
set pagination off
directory /home/benutzer/libx11-6/orig/libx11-1.6.7/src/util
directory /home/benutzer/xcircuit/orig/xcircuit-3.9.73+dfsg.1
set _Xdebug=1
b listfiles
cont
(gdb) list filelist.c:480
477 pixheight = flfiles * FILECHARHEIGHT + 25;
478 if (pixheight < textheight) pixheight = textheight;
479
480 flistpix = XCreatePixmap(dpy, areawin->window, textwidth, pixheight,
481 DefaultDepthOfScreen(xcScreen(w)));
(gdb) print pixheight
$1 = 42039
(gdb) print textheight
$2 = 98
(gdb) print flfiles
$3 = 3001
(gdb) bt
#0 XCreatePixmap (dpy=0x561a0f1f4f60, d=8389047, width=339, height=42039, depth=24) at ../../src/CrPixmap.c:50
#1 0x00007f67bfa7d020 in listfiles (w=0x561a0f846e00, okaystruct=0x561a0fa27f60, calldata=0x0) at filelist.c:480
#2 0x00007f67bfa7d51a in newfilelist (w=0x561a0f846e00, okaystruct=0x561a0fa27f60) at filelist.c:547
#3 0x00007f67bfafaec2 in xctk_fileselect (clientData=0x561a0fa27f60, eventPtr=0x7ffff0ef86f0) at tclxcircuit.c:9567
#4 0x00007f67c19c7ff5 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x7ffff0ef86f0) at ./unix/../generic/tkEvent.c:1352
#5 0x00007f67c19bb3b0 in HandleEventGenerate (interp=interp at entry=0x561a0f46b6f0, mainWin=mainWin at entry=0x561a0f624180, objc=objc at entry=4, objv=objv at entry=0x561a0f486840) at ./unix/../generic/tkBind.c:3458
#6 0x00007f67c19baaf1 in Tk_EventObjCmd (clientData=0x561a0f624180, interp=0x561a0f46b6f0, objc=6, objv=0x561a0f486830) at ./unix/../generic/tkBind.c:2413
#7 0x00007f67c1608a96 in TclNRRunCallbacks (interp=interp at entry=0x561a0f46b6f0, result=0, rootPtr=0x0) at ./generic/tclBasic.c:4435
#8 0x00007f67c1607ecf in Tcl_EvalObjv (interp=interp at entry=0x561a0f46b6f0, objc=objc at entry=6, objv=objv at entry=0x561a0f486830, flags=flags at entry=2097168) at ./generic/tclBasic.c:4165
#9 0x00007f67c160964a in TclEvalEx (interp=0x561a0f46b6f0, script=0x7ffff0ef8af0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2", numBytes=<optimized out>, flags=<optimized out>, line=line at entry=1, clNextOuter=clNextOuter at entry=0x0, outerScript=0x7ffff0ef8af0 "event generate .filelist.listwin.win <ButtonPress> -button 2 ; event generate .filelist.listwin.win <ButtonRelease> -button 2") at ./generic/tclBasic.c:5304
#10 0x00007f67c16090f3 in Tcl_EvalEx (interp=<optimized out>, script=<optimized out>, numBytes=<optimized out>, flags=<optimized out>) at ./generic/tclBasic.c:4969
#11 0x00007f67c19b9705 in Tk_BindEvent (bindPtr=<optimized out>, eventPtr=eventPtr at entry=0x561a0f9f3aa0, tkwin=tkwin at entry=0x561a0f84c020, numObjects=<optimized out>, numObjects at entry=4, objectPtr=<optimized out>, objectPtr at entry=0x7ffff0ef8d20) at ./unix/../generic/tkBind.c:1505
#12 0x00007f67c19bff4d in TkBindEventProc (winPtr=winPtr at entry=0x561a0f84c020, eventPtr=eventPtr at entry=0x561a0f9f3aa0) at ./unix/../generic/tkCmds.c:319
#13 0x00007f67c19c8173 in Tk_HandleEvent (eventPtr=eventPtr at entry=0x561a0f9f3aa0) at ./unix/../generic/tkEvent.c:1374
#14 0x00007f67c19c8920 in WindowEventProc (evPtr=evPtr at entry=0x561a0f9f3a90, flags=flags at entry=-3) at ./unix/../generic/tkEvent.c:1764
#15 0x00007f67c16d0e17 in Tcl_ServiceEvent (flags=flags at entry=-3) at ./generic/tclNotify.c:670
#16 0x00007f67c16d1066 in Tcl_DoOneEvent (flags=-3) at ./generic/tclNotify.c:903
#17 0x00007f67c19c8d72 in Tk_MainLoop () at ./unix/../generic/tkEvent.c:2148
#18 0x00007f67c19d741a in Tk_MainEx (argc=<optimized out>, argv=<optimized out>, appInitProc=0x561a0d485b30, interp=0x561a0f195f00) at ./unix/../generic/tkMain.c:390
#19 0x0000561a0d485a0c in ?? ()
#20 0x00007f67c07e7b17 in __libc_start_main (main=0x561a0d4859e0, argc=6, argv=0x7ffff0ef92a8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7ffff0ef9298) at ../csu/libc-start.c:310
#21 0x0000561a0d485a4a in _start ()
server:
(gdb) bt
#0 ProcCreatePixmap (client=0x5599b8dce330) at ../../../../dix/dispatch.c:1415
#1 0x00005599b7d2698e in Dispatch () at ../../../../dix/dispatch.c:478
#2 0x00005599b7d2a936 in dix_main (argc=10, argv=0x7fffb806f7e8, envp=<optimized out>) at ../../../../dix/main.c:276
#3 0x00007fc906b67b17 in __libc_start_main (main=0x5599b7d14650 <main>, argc=10, argv=0x7fffb806f7e8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffb806f7d8) at ../csu/libc-start.c:310
#4 0x00005599b7d1468a in _start ()
(gdb) list ProcCreatePixmap
1389 return (*pPixmap->drawable.pScreen->DestroyPixmap) (pPixmap);
1390 }
1391
1392 int
1393 ProcCreatePixmap(ClientPtr client)
1394 {
1395 PixmapPtr pMap;
1396 DrawablePtr pDraw;
1397
1398 REQUEST(xCreatePixmapReq);
1399 DepthPtr pDepth;
1400 int i, rc;
1401
1402 REQUEST_SIZE_MATCH(xCreatePixmapReq);
1403 client->errorValue = stuff->pid;
1404 LEGAL_NEW_RESOURCE(stuff->pid, client);
1405
1406 rc = dixLookupDrawable(&pDraw, stuff->drawable, client, M_ANY,
1407 DixGetAttrAccess);
1408 if (rc != Success)
1409 return rc;
1410
1411 if (!stuff->width || !stuff->height) {
1412 client->errorValue = 0;
1413 return BadValue;
1414 }
1415 if (stuff->width > 32767 || stuff->height > 32767) {
1416 /* It is allowed to try and allocate a pixmap which is larger than
1417 * 32767 in either dimension. However, all of the framebuffer code
1418 * is buggy and does not reliably draw to such big pixmaps, basically
1419 * because the Region data structure operates with signed shorts
1420 * for the rectangles in it.
1421 *
1422 * Furthermore, several places in the X server computes the
1423 * size in bytes of the pixmap and tries to store it in an
1424 * integer. This integer can overflow and cause the allocated size
1425 * to be much smaller.
1426 *
1427 * So, such big pixmaps are rejected here with a BadAlloc
1428 */
1429 return BadAlloc;
1430 }
###########
root at debian:~# for i in {1..2300}; do mkdir /test/tmp-$i -p; done # -> works with 512M
root at debian:~# for i in {1..2400}; do mkdir /test/tmp-$i -p; done # -> fails with 512M
More information about the Pkg-electronics-devel
mailing list