GNOME Bugzilla – Bug 543217
GTK application crashed with directfb backend
Last modified: 2008-07-18 19:04:16 UTC
Steps to reproduce: 1. Using SDL as directfb's backend; 2. run any gtk app; 3. it caught signal 11, when gtk_init(); Stack trace: None Other information: I checked the code, and it crashed due to: _gdk_visual_init () in gdkvisual-directfb.c for (i = 0, c = 0; i < G_N_ELEMENTS (formats); i++) { IDirectFBSurface *src; DFBAccelerationMask acc; desc.flags = DSDESC_WIDTH | DSDESC_HEIGHT | DSDESC_PIXELFORMAT; desc.width = 8; desc.height = 8; desc.pixelformat = formats[i]; //call direct so fail silently is ok if (_gdk_display->directfb->CreateSurface (_gdk_display->directfb, &desc, &src) != DFB_OK) continue; visuals[i] = gdk_directfb_visual_create (formats[i]); dest->GetAccelerationMask (dest, src, &acc); if (acc & DFXL_BLIT || formats[i] == dlc.pixelformat) { system_visual = GDK_VISUAL (visuals[c]); <--Here is the bug, it should be 'i' not 'c' for array offset c++; } src->Release (src); }
Looks obvious to me. Can you make the patch and see if someone can apply it. Maybe mail it to the directfb.org list. I'm traveling and am unable to take care of this.
It only crash when SDL as directfb's backend, but it's not correct for all kind of backends. Since X11 only enter that "if" once for it has no accel at all, so the system_visual is ok to be visuals[0], which is for DSPF_ARGB and this will not cause the crash. But the SDL situation is not like that. it will enter that "if" twice, then the system_visuals are set for DSPF_LUT8, which is in some special colormap handle condition.finally, get a NULL pointer crash.
Created attachment 114642 [details] [review] the simple patch
2007-08-18 Matthias Clasen <mclasen@redhat.com> Bug 543217 – GTK application crashed with directfb backend * gdk/directfb/gdkvisual-directfb.c: Avoid a crash in _gdk_visual_init(). Patch by Huimin He.