From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 10427 invoked by alias); 19 Jun 2013 00:05:43 -0000 Mailing-List: contact cygwin-xfree-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-xfree-owner@cygwin.com Reply-To: cygwin-xfree@cygwin.com Mail-Followup-To: cygwin-xfree@cygwin.com Received: (qmail 10417 invoked by uid 89); 19 Jun 2013 00:05:42 -0000 X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,KHOP_THREADED,RCVD_IN_DNSWL_NONE,RCVD_IN_HOSTKARMA_YE,TW_CP autolearn=ham version=3.3.1 Received: from nm2-vm2.bt.bullet.mail.ir2.yahoo.com (HELO nm2-vm2.bt.bullet.mail.ir2.yahoo.com) (212.82.99.121) by sourceware.org (qpsmtpd/0.84/v0.84-167-ge50287c) with ESMTP; Wed, 19 Jun 2013 00:05:41 +0000 Received: from [212.82.98.41] by nm2.bt.bullet.mail.ir2.yahoo.com with NNFMP; 19 Jun 2013 00:05:38 -0000 Received: from [77.238.189.17] by tm2.bt.bullet.mail.ir2.yahoo.com with NNFMP; 19 Jun 2013 00:05:38 -0000 Received: from [127.0.0.1] by smtp817.mail.ird.yahoo.com with NNFMP; 19 Jun 2013 00:05:38 -0000 X-Yahoo-SMTP: u.JgLvyswBBMp9ZJJfsX14qmYb3T2ivhMAr6OupnxLpNQEFZ9g-- X-Rocket-Received: from [192.168.1.72] (jon.turney@86.132.50.252 with plain) by smtp817.mail.ird.yahoo.com with SMTP; 19 Jun 2013 00:05:38 +0000 GMT Message-ID: <51C0F5DA.8010104@dronecode.org.uk> Date: Wed, 19 Jun 2013 00:05:00 -0000 From: Jon TURNEY Reply-To: cygwin-xfree User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6 MIME-Version: 1.0 To: cygwin-xfree@cygwin.com CC: matt@codespunk.com Subject: Re: Cygwin/X crashes when combined with ssh/nx tunneling and -multiwindow References: <51BCFAF7.5060107@dronecode.org.uk> <51BE32B4.7020309@codespunk.com> In-Reply-To: <51BE32B4.7020309@codespunk.com> Content-Type: multipart/mixed; boundary="------------000005090701020904070307" X-Virus-Found: No X-SW-Source: 2013-06/txt/msg00040.txt.bz2 --------------000005090701020904070307 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-length: 2678 On 16/06/2013 22:48, Matt D. wrote: > > I've applied a fix to address the immediate problem of not checking > > for the failure, and I've uploaded a snapshot at [1]. Perhaps you > > could try that and see if it fixes the issue for you? > > Yes, this solves the crash problem (thank you!). > > > I would also be interested to know how the icon for the window which > > was causing this issue appears. > > I've attached some screenshots of the taskbar and titlebar icons for Eclipse > 4.2 using your XWin.exe build running with an without nx. > > The titlebar icon does NOT appear when running Eclipse with vanilla X. The > taskbar icon also uses full colors; I do not know if it's a different icon or > if nx is using some kind of compression. > > The second set of images (eclipse-4_2-nx_2 and eclipse-4_2-nonx_2) indicate > the time of crash. When Eclipse starts up is displays a splash image which > initially does not have an icon in its titlebar. Notably, a window border only > appears when running Eclipse with nx. Despite not having a border, the icon is > still relevant because it is the same one used to display in the taskbar. > > The crash occurs when the icon is being loaded onto the splash window. To > reiterate, the window is NOT created with this icon. It is loaded sometime > later while Eclipse is initializing. Ah. I was hoping you could use xprop to examine the _NET_WM_ICON property of the window, but if it's a transient state that may not be practical. I would guess that the difference in appearance between the nx and non-nx cases is due to nx not transporting some window appearance hints. > > Hmm... this seems to indicate that icon was of size -1x-1, which > > doesn't seem right... > > Perhaps it has to do with the icon being applied after the window has already > been created? > > > From the backtrace, it looks like the crash is occurring due to a > > failure when converting the X11 icon to a Windows icon, and then not > > checking properly for that failure. > > It looked to me like the crash was occurring at line 264 of icon_convert.c; a > memcpy to DIB_pixels which I believe was uninitialized. Regardless, the memcpy > is one without verifying DIB_pixels or checking the return value of CreateBitmap. > > This is what I has planned to look into.. if I ever get XWin.exe to compile. I did a bit more testing and managed to craft some malformed _NET_WM_ICON properties which could crash the multiwindow mode WM in different ways (small test case attached), so I've added another patch to do more validation of _NET_WM_ICON data before it is used. -- Jon TURNEY Volunteer Cygwin/X X Server maintainer --------------000005090701020904070307 Content-Type: text/plain; charset=windows-1252; name="test-invalid-net-wm-icon.c" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="test-invalid-net-wm-icon.c" Content-length: 1509 /* gcc test-invalid-net-wm-icon.c -o test-invalid-net-wm-icon -lX11 */ #include #include #include #include Display *d; Window w; Atom net_wm_icon; Atom cardinal; void test(unsigned int *buffer, unsigned int buffer_length) { int length = buffer_length/sizeof(unsigned int); XChangeProperty(d, w, net_wm_icon, cardinal, 32, PropModeReplace, (const unsigned char*) buffer, length); XFlush(d); sleep(1); } int main(int argc, char **argv) { /* Invalid _NET_WM_ICON icons */ d = XOpenDisplay(0); int s = DefaultScreen(d); net_wm_icon = XInternAtom(d, "_NET_WM_ICON", False); cardinal = XInternAtom(d, "CARDINAL", False); XEvent e; w = XCreateWindow(d, RootWindow(d, s), 0, 0, 200, 200, 0, CopyFromParent, InputOutput, CopyFromParent, 0, 0); XMapWindow(d, w); XFlush(d); sleep(1); // sizes are just absurd unsigned int buffer[] = {-1, -1, 0xFFFFFFFF, 0xFFFFFFFF}; test(buffer, sizeof(buffer)); // property should be 256K, but is only 64K int propsize = 0x10000; unsigned int *buffer2 = malloc(propsize); buffer2[0] = 512; buffer2[1] = 512; test(buffer2, propsize); // property is absurdly large, but still not enough for icon propsize = 0x100000; unsigned int *buffer3 = malloc(propsize); assert(buffer3); buffer2[0] = 0x3000; buffer2[1] = 0x3000; test(buffer3, propsize); while(1) XNextEvent(d, &e); } --------------000005090701020904070307 Content-Type: text/plain; charset=us-ascii Content-length: 223 -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://x.cygwin.com/docs/ FAQ: http://x.cygwin.com/docs/faq/ --------------000005090701020904070307--