Ubuntu
xserver-xorg-video-intel package

X crashes when I set a Python Tkinter edit control to display a long text string in 25pt DejaVu font

Bug #731424 reported by Silas S. Brown on 2011-03-08

This bug affects 1 person

	Status	Importance	Assigned to
xf86-video-intel	Fix Released	Medium	freedesktop-bugs #36860
xserver-xorg-video-intel (Ubuntu)	Fix Released	High	Bryce Harrington
Natty	Fix Released	High	Bryce Harrington

Bug Description

I am on Ubuntu 10.10 with the default X server, and the following Python code crashes it every time:

from Tkinter import *
f=Frame()
f.option_add('*font', "-family {DejaVu Sans} -size -25 -weight normal -slant roman -underline 0 -overstrike 0")
f.pack()
text = StringVar(f)
entry = Entry(f, textvariable=text)
entry.pack()
text.set("a" * 600)
f.mainloop()

Unfortunately, I was not able to capture a backtrace with apport. I'm using an Asus X58Lseries laptop which I believe is 1280 x 800 (WXGA) using an Intel GMA X3100 graphics chipset. I have set System > Preferences > Appearance > Fonts > Details > Resolution to 160 DPI for a larger display.

#0 i965_set_picture_surface_state (intel=0x883dcd0, pixmap=0xb7103008, is_dst=1,
    picture=<value optimized out>) at ../../src/i965_render.c:1136
        priv = 0x0
        ss = <value optimized out>
        write_domain = <value optimized out>
        read_domains = <value optimized out>
        offset = <value optimized out>
#1 0x0020fa2a in i965_bind_surfaces (dest=0xb7103008, srcX=320, srcY=48, maskX=0, maskY=0, dstX=0,
    dstY=0, w=15, h=14) at ../../src/i965_render.c:1740
        binding_table = 0x8845f24
#2 i965_composite (dest=0xb7103008, srcX=320, srcY=48, maskX=0, maskY=0, dstX=0, dstY=0, w=15, h=14)
    at ../../src/i965_render.c:1845
        scrn = 0x8839040
        intel = 0x883dcd0
        render_state = <value optimized out>
        has_mask = 0
        src_x = {320, 320, 335}
        src_y = {48, 62, 62}
        src_w = {8.8028834e-33, 8.80539896e-33, 5.77529779e-33}
        mask_x = {0, 1.875, 4.48415509e-43}
        mask_y = {5.73971851e-42, 8.74344453e-33, 1.29830863e-39}
        mask_w = {-1.50051022, 3.02446732e-39, 0}
        is_affine = 1
#3 0x002197a0 in uxa_glyphs_via_mask (op=3 '\003', pSrc=0xa3398f8, pDst=0xa36e470,
    maskFormat=0x9efdd88, xSrc=0, ySrc=0, nlist=3, list=0xbfc017e0, glyphs=0xa36f260)
    at ../../uxa/uxa-glyphs.c:1002
        this_atlas = 0x9f2e8e8
        src_x = 320
        glyph = 0xa326798
        src_y = 48
        priv = 0x9efe490
        screen = 0x8831588
        mask = 0xa3597c0
        y = 14
        pixmap = 0xb7103008
        dst_off_x = 196611
        n = <value optimized out>
        dst_off_y = 13
        box = {x1 = 3, y1 = 13, x2 = 9003, y2 = 27}
        component_alpha = 1
        glyph_atlas = 0x9f2e8e8
        x = 0
        height = <value optimized out>
        error = 0
#4 uxa_glyphs (op=3 '\003', pSrc=0xa3398f8, pDst=0xa36e470, maskFormat=0x9efdd88, xSrc=0, ySrc=0,
    nlist=3, list=0xbfc017e0, glyphs=0xa36f260) at ../../uxa/uxa-glyphs.c:1157
...

See original description

Tags:

Related branches

lp:ubuntu/oneiric/xserver-xorg-video-intel

RedSingularity (redsingularity) on 2011-03-09

affects:

ubuntu → xorg-server (Ubuntu)

Revision history for this message

Silas S. Brown (ssb22) wrote on 2011-05-03:

Bug is still present after upgrade to Ubuntu 11.04

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-03:

Yep, I was able to reproduce this X server crash on natty myself.

description:	updated
Changed in xorg-server (Ubuntu):
importance:	Undecided → High
status:	New → Triaged
tags:	added: oneiric
tags:	added: natty

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-03:

[Tagging oneiric because I think this bug is worth looking at during the oneiric development cycle. I've not verified it affects oneiric, but at this point expect it probably will.]

Silas, please also attach your /var/log/Xorg.0.log, so we know what driver and so on you're on.

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-03:

We also need to collect a full backtrace, but I can do that on my own system since I can reproduce it. Thanks majorly for providing a test case.

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-03:

gdb-Xorg.txt Edit (19.2 KiB, text/plain)

description:

updated

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-04:

intel_batch_mark_pixmap_domains() derefs null priv without check

Changed in xorg-server (Ubuntu):
assignee:	nobody → Bryce Harrington (bryce)
status:	Triaged → In Progress
Changed in xorg-server (Ubuntu Natty):
status:	New → Triaged
importance:	Undecided → High
assignee:	nobody → Bryce Harrington (bryce)

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-04:

Btw, don't worry about attaching your Xorg.0.log, it's obvious you're on -intel.

affects:

xorg-server (Ubuntu) → xserver-xorg-video-intel (Ubuntu)

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-05:

Intriguingly, 538 is the magic number. Setting the string to a length of 537 or below does not crash. Any value above that will crash the server.

Bryce Harrington (bryce) on 2011-05-05

Changed in xserver-xorg-video-intel (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-05-05:

This bug was fixed in the package xserver-xorg-video-intel - 2:2.14.0-4ubuntu8

---------------
xserver-xorg-video-intel (2:2.14.0-4ubuntu8) oneiric; urgency=low

  * Add 120_check_privates.patch: Check for null privates pointer
    on render_dest_picture. Prevents segmentation fault with Tk
    strings in widgets beyond a certain length.
    (LP: #731424)
-- Bryce Harrington <email address hidden> Wed, 04 May 2011 19:13:24 -0700

Changed in xserver-xorg-video-intel (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-05:

#10

If you can verify the fix, it can also be SRU'd for natty if you'd like.

I've prepared a natty package with the fix to simplify your testing:

https://launchpad.net/~bryce/+archive/gooseberry

Note that this fix just papers over the xserver crash - X shouldn't crash just due to an error in some client code. From what I can tell the sample code does not render its text as it should. So there is still the question of why this Tk code (which seems otherwise correct), malfunctions in this way.

Changed in xserver-xorg-video-intel (Ubuntu):
status:	Fix Released → New

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-05:

#11

Silas S. Brown - I've forwarded this bug upstream to http://bugs.freedesktop.org/show_bug.cgi?id=36860 - please subscribe yourself to this bug, in case they need further information or wish you to test something. Thanks ahead of time!

[Although the patch is uploaded for oneiric, I'm going to leave the task as In Progress until we hear back from upstream in case there is a better way to fix it.]

Changed in xserver-xorg-video-intel (Ubuntu):
status:	New → In Progress

Bug Watch Updater (bug-watch-updater) on 2011-05-05

Changed in xserver-xorg-video-intel:
importance:	Unknown → Medium
status:	Unknown → Confirmed

Revision history for this message

Silas S. Brown (ssb22) wrote on 2011-05-05:

#12

Thanks, I installed Bryce's 2 .deb files with dpkg -i, and now X no longer crashes when I run the above Python script (or the application I'm developing that I hit this in).

But as you say there are still problems displaying the text. The characters are displayed only when they are selected with the mouse's "click and drag to select text" function, and even then it seems to depend on the exact mouse movements used to make the selection (paint from right to left usually works, left to right sometimes).

Still I think it's a good idea to keep the fix for the X crash even if we can't get to the bottom of the Tk problem, because an X crash is vastly more serious than a text display problem. (A Tk problem makes one app hard to read, but an X crash might kill 25 other windows with unsaved data!)

Thanks.

Silas

bugbot (bugbot) on 2011-05-08

tags:

added: crash

Revision history for this message

Bryce Harrington (bryce) wrote on 2011-05-19:

#13

Alright, well thanks for confirming the crash is fixed. I guess we can close it at this point; there seems not to be any further action from the upstream bug report, although I do think there must be a better way to fix it. As to the fonts not displaying, this could be something particular to the Tk bindings, hard to say. Perhaps when upstream looks into it they'll have an idea on how to better address that.

Changed in xserver-xorg-video-intel (Ubuntu Natty):
status:	Triaged → Fix Released

Bryce Harrington (bryce) on 2011-05-19

Changed in xserver-xorg-video-intel (Ubuntu):
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-06-29

Changed in xserver-xorg-video-intel:
status:	Confirmed → Fix Released

Revision history for this message

Silas S. Brown (ssb22) wrote on 2012-02-20:

#14

This bug mysteriously seems to have returned on my old Ubuntu 11.04 box (which is still taking security updates); is it possible that the 11.04 package has regressed?

X11 crashes when a 25pt Tk input box contains a lot of text and you click in it and press Home, or Control-A for Select All.