Opened 15 years ago
Closed 14 years ago
#223 closed defect (fixed)
fb crashes if mouse moves during start up
Reported by: | Jakub Jermář | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | 0.4.3 |
Component: | helenos/srv/fb | Version: | mainline |
Keywords: | Cc: | ||
Blocker for: | Depends on: | ||
See also: |
Description
On the current head (r398), default ia32 build, the fb server crashes when mouse is being moved when the system starts up (just move it continuously from the grub menu and while kernel console is active).
See the attached screenshot for the stack trace and the attached fb.disasm for the disassembler output.
Attachments (2)
Change History (5)
by , 15 years ago
Attachment: | fbcrash.png added |
---|
comment:1 by , 15 years ago
Summary: | fb crashes if mous moves during start up → fb crashes if mouse moves during start up |
---|
comment:2 by , 14 years ago
I think this problem exists, because console starts to process mouse events even before gcons_init() is finished. The scenario which I observed looks something like this:
- in console, both xres and yres are 0 (i.e. before they are initialized to something non-zero)
- gcons_mouse_move() is called to process a mouse event
- no matter what the dx and dy parameters to gcons_mouse_mode() were, calling limit() (twice) will result in passing mouse_x == mouse_y == -1 to fb in the FB_POINTER_MOVE request
- fb receives the FB_POITNER_MOVE call and calls mouse_move()
- mouse_move() sets pointer_x and pointer_y to -1, which it read from the IPC request
- processing any consequent request from fb_client_connection() will result in calling mouse_show()
- mouse_show() sets the pointer vport's x and y coordinates to -1 and calls copy_vp_to_pixmap()
- copy_vp_to_pixmap() then calculates a source address for memcpy() using vport→y, which is -1, which results in adding a negative number to the fb start address
- memcpy() crashes because fb accesses memory around one scanline below the beginning of the framebuffer memory
comment:3 by , 14 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed in changeset:mainline,631.
Note:
See TracTickets
for help on using tickets.
Screenshot with the stack trace.