Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-12836

Crash when using a custom XWindow with a different (but compatible) visual than the default visual

    XMLWordPrintable

Details

    Description

      QWidget allows the use of custom windows using the QWidget::create(Wid, ...) call. When using this call, it causes a crash when the custom window had been created with a different visual than the default visual.

      In the attached test case, I create such a custom window. Instead of using the CopyFromParent visual, I try finding a visual from the list of visuals returned by XGetVisualInfo().

      On my system, this list looks as follows:

      0x8077e20 33 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077e40 34 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077e60 155 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077e80 156 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077ea0 157 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077ec0 158 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077ee0 159 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077f00 160 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077f20 161 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077f40 162 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077f60 163 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077f80 164 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077fa0 165 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077fc0 166 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8077fe0 167 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078000 168 0 24 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078020 169 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078040 170 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078060 171 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078080 172 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80780a0 173 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80780c0 174 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80780e0 175 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078100 176 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078120 177 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078140 178 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078160 179 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8078180 180 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80781a0 181 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80781c0 182 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x80781e0 183 0 24 5 "111111110000000000000000" "1111111100000000" "11111111" 256 8
      0x8075230 106 0 32 4 "111111110000000000000000" "1111111100000000" "11111111" 256 8

      As you see, there are multiple visuals which have "24 bits TrueColor" (c_class == 4 means TrueColor).

      When I pick the first matching visual in this list (id == 33), I get no crash. Appearantly this is the visual Qt picks.

      But when I pick the last matching visual in this list (id == 168), I get this crash (line numbers are from current Qt 4.7.0 branch):

      Program received signal SIGSEGV, Segmentation fault.
      0xb6caf9f4 in XVisualIDFromVisual (visual=0x122e67a) at Misc.c:61
      61 {
      (gdb) bt
      #0 0xb6caf9f4 in XVisualIDFromVisual (visual=0x122e67a) at Misc.c:61
      #1 0xb75bd1f0 in qt_x11_getX11InfoForWindow (xinfo=0x80bbccc, att=...) at /local/git/Qt/qt/src/gui/kernel/qwidget_x11.cpp:3049
      #2 0xb75b1ec4 in qt_x11_getX11InfoForWindow (xinfo=0x80bbccc, a=...) at /local/git/Qt/qt/src/gui/kernel/qwidget_x11.cpp:427
      #3 0xb75b28a4 in QWidgetPrivate::create_sys (this=0x80bbba8, window=69206018, initializeWindow=true, destroyOldWindow=true) at /local/git/Qt/qt/src/gui/kernel/qwidget_x11.cpp:588
      #4 0xb7550f32 in QWidget::create (this=0xbffff224, window=69206018, initializeWindow=true, destroyOldWindow=true) at /local/git/Qt/qt/src/gui/kernel/qwidget.cpp:1398
      #5 0x0804ac82 in Widget::Widget (this=0xbffff224, parent=0x0) at main.cpp:35
      #6 0x0804a4e4 in main (argc=1, argv=0xbffff2f4) at main.cpp:45

      This crash has been report as KDE bugs:

      https://bugs.kde.org/show_bug.cgi?id=198294
      https://bugs.kde.org/show_bug.cgi?id=188623

      I tried looking at the source, but eventually gave up. The problem is probably in the checks around line 530 in qwidget_x11.cpp. It looks like it tries to set up the xinfo, and later around line 588 it tries to setup the xinfo again from the custom window and somehow passes an incorrect visual pointer to XVisualIDFromVisual. Note that this function just does "return visual->id" so it is no bug in X11.

      (And please don't say "Qt does it right"

      Attachments

        1. main.cpp
          1 kB
          Christoph Feck
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            laknoll Lars Knoll
            cfeck Christoph Feck
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes