We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1812 - X11_KeyRepeat crash
Summary: X11_KeyRepeat crash
Status: RESOLVED FIXED
Alias: None
Product: SDL
Classification: Unclassified
Component: video (show other bugs)
Version: HG 2.0
Hardware: All Linux
: P2 blocker
Assignee: Ryan C. Gordon
QA Contact: Sam Lantinga
URL:
Keywords: target-2.0.0
: 1683 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-04-18 05:36 UTC by driedfruit
Modified: 2013-07-27 00:33 UTC (History)
3 users (show)

See Also:

Attachments
gdb backtrace (1.12 KB, text/plain)
2013-04-18 05:36 UTC, driedfruit 		Details
valgrind output (1.27 KB, text/plain)
2013-04-18 05:37 UTC, driedfruit 		Details
minimal test program (905 bytes, text/plain)
2013-04-18 05:37 UTC, driedfruit 		Details
patch to workaround this libXi bug (2.99 KB, patch)
2013-07-15 15:31 UTC, Steve Soule 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description driedfruit 2013-04-18 05:36:33 UTC 
Created attachment 1116 [details]
gdb backtrace

On X11, sometimes, when you move your mouse and release the keyboard
key at the same time, you get a SIGSERV crash. 

I've "tracked" it down to the X11_KeyRepeat function in
SDL_x11events.c. The function looks for next X11 event in the queue and
compares it to the current one, working around keyboard auto-repeat
feature of X11.

The culprit is XPeekEvent, which either crashes itself, either
corrupts something, so next XNextEvent call crashes.

To easier reproduce this, change "2" to "10" or a larger value here:

src/video/x11/SDL_x11events.c:113
((peekevent.xkey.time-event->xkey.time) < 2)) {

You're aiming to "inject" a MotionNotify event inbetween the
KeyRelease and the auto-repeated KeyPress. For me, it crashes reliably
when this happens.

I've tested this on different hardware (32 and 64 bit) and different libX11 versions, it doesn't seem to be an X bug, but an SDL2 bug :(
Comment 1 driedfruit 2013-04-18 05:37:03 UTC 
Created attachment 1117 [details]
valgrind output
Comment 2 driedfruit 2013-04-18 05:37:39 UTC 
Created attachment 1118 [details]
minimal test program
Comment 3 Ondra Hošek 2013-04-18 19:08:30 UTC 
I can't reproduce this with the minimal program (and modification) you provided.

* Xlib 1.5.0
* X server 1.14.1
* awesome v3.5.1-1-g2d31033 (window manager)
* tip-of-the-trunk SDL2

What is your X server version? Which window manager are you using?
Comment 4 driedfruit 2013-04-19 02:38:42 UTC 
* i686
* Xlib 1.4.1
* Xserver 1.9.4
* awesome 3.4.8 (wm)
* latest SDL hg

and

* amd64
* Xlib 1.3.3-4
* X server 1.7.7-14
* enlightenment wm (don't have info on the version right now)
* latest SDL hg
Comment 5 driedfruit 2013-04-30 11:10:05 UTC 
After investigating more upon it, I've found that the reason for this crash has nothing to do with SDL2, but all with libXi:

http://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=af65475b1f6b7209750220a74aaad9968d54aaf7

Applying this patch to 1.4.1 libXi fixes the issue. It's part of the more recent libXi releases. Sorry!
Comment 6 Steve Soule 2013-07-15 15:31:48 UTC 
Created attachment 1236 [details]
patch to workaround this libXi bug

This patch is a workaround for the bug in libXi.  It avoids calling X functions that trigger the bug.  See the forum thread http://forums.libsdl.org/viewtopic.php?p=38071 for my explanation of what this workaround is intended to do.
Comment 7 Sam Lantinga 2013-07-16 03:30:51 UTC 
Reopened to investigate Steve's patch.
Comment 8 Ryan C. Gordon 2013-07-18 23:05:10 UTC 
That email thread has some really impressive research.

This patch looks good to me. Sam, you want to give this a looking at before I apply it?

Thanks,
--ryan.
Comment 9 Sam Lantinga 2013-07-20 01:40:12 UTC 
It looks good to me. Go for it.  Great work everyone!
Comment 10 Ryan C. Gordon 2013-07-20 13:12:26 UTC 
This patch is now http://hg.libsdl.org/SDL/rev/c244bc85fb84, thanks!

--ryan.
Comment 11 Ryan C. Gordon 2013-07-27 00:33:18 UTC 
*** Bug 1683 has been marked as a duplicate of this bug. ***