xserver crash (repeatable, triggered by drawing circle/ellipse e.g. in xfig)

Note: the Xorg log that apport has added is almost certainly irrelevant. Look at the one I manually attached.

Here is the output of:
    strace xfig > xfig.strace 2>&1

Here is the output of
   ltrace xfig > xfig.ltrace 2>&1

Are you sure this is the input driver rather than the x-server? I've been happily using this machine in other ways for a week without trouble - and I'm sure that the mouse-click itself isn't the issue. What I think is happening is that clicking the mouse under those particular circumstances makes xfig ask a specific request of the x-server, which causes the server to crash.

I think that the strace file contains something useful, though I don't know how to interpret it, the last fragment looks relevant:

read(4, "! $Xorg: XErrorDB,v 1.3 2000/08/"..., 41481) = 41481
close(4) = 0
write(2, "xfig3.2.5b: X error trapped - er"..., 57xfig3.2.5b: X error trapped - error message follows:
187
) = 57
write(2, "Request code: X_GetSelectionOwne"..., 34Request code: X_GetSelectionOwner
) = 34
rt_sigaction(SIGHUP, {SIG_DFL, [HUP], SA_RESTART}, {0x809b8c0, [HUP], SA_RESTART}, 8) = 0
rt_sigaction(SIGFPE, {SIG_DFL, [FPE], SA_RESTART}, {0x809b8c0, [FPE], SA_RESTART}, 8) = 0
rt_sigaction(SIGBUS, {SIG_DFL, [BUS], SA_RESTART}, {0x809b8c0, [BUS], SA_RESTART}, 8) = 0
rt_sigaction(SIGSEGV, {SIG_DFL, [SEGV], SA_RESTART}, {0x809b8c0, [SEGV], SA_RESTART}, 8) = 0
write(2, "xfig: figure empty or not modifi"..., 45xfig: figure empty or not modified - exiting
) = 45
chdir("/home/rjn") = 0
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
gettid() = 5734
tgkill(5734, 5734, SIGABRT) = 0
--- SIGABRT (Aborted) @ 0 (0) ---
+++ killed by SIGABRT (core dumped) +++

BTW, this bug seems to be specific to this laptop with the ATI card; if I try it on a different machine (an Acer Netbook) which has the Intel graphics, I cannot reproduce it.

Hmm, in theory apport should be collecting a backtrace for you but I gather in this case it is not. However we need a full backtrace before analysis can be done. Please collect a full backtrace - see http://wiki.ubuntu.com/X/Backtracing for directions on how to do this manually with gdb.

The fix to this issue is commited in debian git

http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commit;h=94ccaae1ff45c11453141469f5659b6d2a16c4bf

Sorry for editing to my taste, apparently I have too much rights. If you would like to know, I trigger this bug by pressing a ShapedButton (like the one with the Italy flag) in wxPython demo (wx2.8-examples package). (That widget also draws a black circle/ellipse.) The computer has ATI Technologies Inc RC410 [Radeon Xpress 200] video card, and radeon driver is used.

Is it a release critical bug?

Re #6, sorry I haven't had a chance to do this yet. Given that a fix already exists in #7, do you still need the backtraces?
Re #8, I'd say that this is release-critical imho.

This issue occurs for me without pressing any key before intending to draw a circle/ellipse as I described in Bug #560681 which became a duplicate of this bug.

Selecting to draw a circle in XFig and placing the pointer to the drawing area crashes X immediately in an amd64 computer with ATI radeon x700 graphics card. No any other drawing object causes this failure just the mentioned one. This issue is not presented on an x86 architecture using mga graphics card.

Committed to ubuntu-x git

As this bug makes xfig unusable, it would be nice if it could be fixed in Lucid and not wait for Maverick Meerkat. I am of course willing to test an update.

Seconded. I ended up using xfig under vnc which did work, but is a bit more
cumbersome. Otherwise (with a nvidia geforce 310m) xserver crashes.

Accepted xorg-server into lucid-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Nice job!

The proposed Xorg package works well and xfig (particularly drawing circle) does not cause any xserver crash using this upgrade.

Same here, after updating, drawing a circle in xfig works fine

This fixes the problem.

Thank you very much, indeed!

This bug was fixed in the package xorg-server - 2:1.7.6-2ubuntu7.1

---------------
xorg-server (2:1.7.6-2ubuntu7.1) lucid-proposed; urgency=low

  [Bryce Harrington]
  * Add 123_exa_sys_ptr_nullpointer_check.patch: Patch from upstream to
    verify a pointer is not NULL before dereferencing it. Fixes X
    segfault in miCopyRegion which occurs while using firefox (e.g. typing
    into fields in AOL). Issue found by Jerry Lamos.
    (LP: #539772)
  * Add 19-exa-handle-pixmap-create-destroy-in-lower-layers.diff: Patch
    from Debian to fix X segfault on mouse click in xfig, when pixmaps
    are created in the course of software fallbacks.
    (LP: #553647)
  * debian/rules: Don't reference the package uploader for support; instead point
    users to the standard Ubuntu support page.
    (LP: #589811)

  [Martin Pitt]
  * debian/local/64-xorg-xkb.rules: Ignore XKBMODEL=="SKIP" and
    XKBVARIANT=="U.S. English", which happen to get into
    /etc/default/console-setup in some cases like the VMWare automatic
    installer.
    (LP: #548891)

  [ Christopher James Halse Rogers ]
  * Update 122_xext_fix_card32_overflow_in_xauth.patch to most recent version
    on patchwork tracker. This one actually fixes the crash with xauth
    generate (LP: #519049)
 -- Christopher James Halse Rogers <email address hidden> Mon, 07 Jun 2010 12:56:54 +1000

Chris, please upload this ASAP to maverick (SRU policy).

I have the same bug on Ubuntu 13.04. Xserver instantly crashes (and is restarted by display manager)
when I try to draw a circle with dash line with xfig. I also downgraded xfig to the ubuntu 12.10 version, but
the problem remains.

I have too this problem again. Opened a new bug: https://bugs.launchpad.net/ubuntu/+source/xorg-server/+bug/1184085