After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 782898 - NULL pointer dereference when moving a window to the right side of the screen
NULL pointer dereference when moving a window to the right side of the screen
Status: RESOLVED DUPLICATE of bug 783630
Product: mutter
Classification: Core
Component: general
3.24.x
Other Linux
: Normal critical
: ---
Assigned To: mutter-maint
mutter-maint
Depends on:
Blocks:
 
 
Reported: 2017-05-21 09:24 UTC by Alexander Steffen
Modified: 2017-07-07 10:12 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
Patch to restore previous behavior (606 bytes, patch)
2017-05-21 09:24 UTC, Alexander Steffen 		none Details | Review

Description Alexander Steffen 2017-05-21 09:24:08 UTC 
Created attachment 352258 [details] [review]
Patch to restore previous behavior

When moving a window to the left side of the screen, the window is maximized on the left half of the screen. When moving a window to the right side of the screen, gnome-shell crashes:

Core was generated by `/usr/bin/gnome-shell'.
Program terminated with signal SIGSEGV, Segmentation fault.

+ Trace 237502

  • #0 update_move
    at core/window.c line 5656
  • #0 update_move
    at core/window.c line 5656
  • #1 meta_window_handle_mouse_grab_op_event
    at core/window.c line 6087
  • #2 meta_display_handle_event
    at core/events.c line 304
  • #3 event_callback
    at core/events.c line 417
  • #4 _clutter_event_process_filters
    at clutter-event.c line 1913
  • #5 emit_pointer_event
    at clutter-main.c line 2011
  • #6 _clutter_process_event_details
    at clutter-main.c line 2327
  • #7 _clutter_process_event
    at clutter-main.c line 2548
  • #8 _clutter_stage_process_queued_events
    at clutter-stage.c line 1026
  • #9 master_clock_process_events
    at clutter-master-clock-default.c line 364
  • #10 clutter_clock_dispatch
    at clutter-master-clock-default.c line 561
  • #11 g_main_context_dispatch
  • #12 0x00007fa955ad6a20 in
  • #13 g_main_loop_run
  • #14 meta_run
    at core/main.c line 648
  • #15 main 

This is caused by meta_monitor_manager_get_logical_monitor_at returning NULL, causing update_move to dereference the NULL pointer stored in monitor. meta_monitor_manager_get_logical_monitor_at returns NULL in this case, because POINT_IN_RECT decides that x=2560 is not contained in a monitor with width=2560.

Digging into the history, this was apparently not a problem until commit 2df4ebff47, which changed the function call in update_move from meta_screen_get_current_logical_monitor_for_pos to meta_monitor_manager_get_logical_monitor_at. meta_screen_get_current_logical_monitor_for_pos, unlike meta_monitor_manager_get_logical_monitor_at, simply returned the first monitor if there was only one monitor present, skipping the POINT_IN_RECT check that now fails.

The attached patch restores the previous behavior and fixes the problem for me, but the algorithm probably needs a better fix, since I'd still expect it to fail when more than one monitor is present.
Comment 1 Alexander Steffen 2017-06-28 05:35:16 UTC 
mutter 3.24.3 is still affected.
Comment 2 Jonas Ådahl 2017-06-28 05:55:42 UTC 
Does the patch in bug 783630 fix the issue for you.
Comment 3 Alexander Steffen 2017-06-28 06:06:51 UTC 
Yes, that patch works.
Comment 4 Rui Matos 2017-07-07 10:12:53 UTC 

*** This bug has been marked as a duplicate of bug 783630 ***