After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 762908 - wayland: crash if cogl_wayland_texture_2d_new_from_buffer() returns NULL
wayland: crash if cogl_wayland_texture_2d_new_from_buffer() returns NULL
Status: RESOLVED DUPLICATE of bug 762828
Product: mutter
Classification: Core
Component: wayland
3.19.x
Other Linux
: Normal normal
: ---
Assigned To: mutter-maint
mutter-maint
Depends on:
Blocks:
 
 
Reported: 2016-03-01 08:59 UTC by Olivier Fourdan
Modified: 2016-03-01 09:20 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
wayland: Do not crash if cogl texture is NULL (1.10 KB, patch)
2016-03-01 09:02 UTC, Olivier Fourdan
reviewed Details | Review

Description Olivier Fourdan 2016-03-01 08:59:41 UTC
Description:

If cogl_wayland_texture_2d_new_from_buffer() fails and return NULL, mutter will crash while trying to unref the cogl texture.

Steps to reproduce:

1. Run gnome-shell
2. Open xterm
3. move the mouse

Actual results:

Crash with following backtrace:



    #0  cogl_object_unref (obj=0x0) at cogl-object.c:112
    #1  0x00007ffff36f9cba in update_cursor_sprite_texture (surface=surface@entry=0x886060)
        at wayland/meta-wayland-pointer.c:991
    #2  0x00007ffff36f9e24 in pointer_set_cursor (client=0x880a20, resource=0x25f1000, serial=4,
        surface_resource=<optimized out>, hot_x=4, hot_y=4) at wayland/meta-wayland-pointer.c:1087
    #3  0x00007fffea4f7d30 in ffi_call_unix64 () from /lib64/libffi.so.6
    #4  0x00007fffea4f779b in ffi_call () from /lib64/libffi.so.6
    #5  0x00007fffea704e4a in wl_closure_invoke (closure=closure@entry=0x2e236e0, flags=flags@entry=2,
        target=target@entry=0x25f1000, opcode=opcode@entry=0, data=data@entry=0x880a20)
        at src/connection.c:949
    #6  0x00007fffea7015a6 in wl_client_connection_data (fd=<optimized out>, mask=<optimized out>,
        data=0x880a20) at src/wayland-server.c:337
    #7  0x00007fffea703232 in wl_event_loop_dispatch (loop=0x64f700, timeout=timeout@entry=0)
        at src/event-loop.c:421
    #8  0x00007ffff36f20a7 in wayland_event_source_dispatch (base=<optimized out>,
        callback=<optimized out>, data=<optimized out>) at wayland/meta-wayland.c:77
    #9  0x00007fffeb1c6cfa in g_main_dispatch (context=0x64d270) at gmain.c:3154
    #10 g_main_context_dispatch (context=context@entry=0x64d270) at gmain.c:3769
    #11 0x00007fffeb1c7058 in g_main_context_iterate (context=0x64d270, block=block@entry=1,
        dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3840
    #12 0x00007fffeb1c7372 in g_main_loop_run (loop=0x87ef00) at gmain.c:4034
    #13 0x00007ffff36c63fc in meta_run () at core/main.c:537
    #14 0x00000000004026e7 in main (argc=1, argv=0x7fffffffdba8) at main.c:471

Expected result:

No crash

Additional data:

Not sure why this bug shows up now, never seen that before, but given that cogl_wayland_texture_2d_new_from_buffer() can (and will) return NULL is nome error case, we might as well check for that and not crash.
Comment 1 Olivier Fourdan 2016-03-01 09:02:20 UTC
Created attachment 322726 [details] [review]
wayland: Do not crash if cogl texture is NULL

cogl_wayland_texture_2d_new_from_buffer() may return NULL in which case
mutter will crash while trying to unref the resulting texture.
Comment 2 Jonas Ådahl 2016-03-01 09:13:17 UTC
Review of attachment 322726 [details] [review]:

Maybe because we release the wl_buffer quite early. This means we can't really create the texture here, because we have already released the wl_buffer. This makes me wonder, why are we even creating the texture here? It should already have been created at surface->buffer->texture. FWIW, this seems related to bug 762828.
Comment 3 Olivier Fourdan 2016-03-01 09:20:43 UTC
Yes, attachment 322599 [details] [review] from bug 762828 would fix it the same indeed.

*** This bug has been marked as a duplicate of bug 762828 ***