[BUG] Segfault during movie and all desktop mode

[felixfung]

I found one bug/segfault when I play movie in one virtual desktop, then invoke skippy-xd in all desktop mode. It does not happen all the time, some times it give the intended behaviour, i.e. iconified window of movie window shows without actual content among all other exposed windows.

gdb shows that segfault happens at line clientwin.c:304, in case CLIDISP_FILLED. Presumably cw->pict_filled is null and we have a null dereferencing.

I managed to get a trace of a segfault scenario. Here, the printf() entries print the function name, and cw pointer address. The (nil) entries are cw->pict_filled.

m_check(): Your WM looks EWMH compliant. main(): running once then quitting... wm_get_stack_sub(): Retrieved window stack from _NET_CLIENT_LIST. clientwin_update(): 0x558fe14b5fb0 clientwin_free_res2(): 0x558fe14b5fb0 clientwin_get_disp_mode(): 0x558fe14b5fb0 clientwin_update(): 0x558fe14be920 clientwin_free_res2(): 0x558fe14be920 clientwin_get_disp_mode(): 0x558fe14be920 clientwin_update(): 0x558fe148b940 clientwin_free_res2(): 0x558fe148b940 clientwin_get_disp_mode(): 0x558fe148b940 clientwin_get_disp_mode(): 0x558fe148b940 (nil) clientwin_update(): 0x558fe14903c0 clientwin_free_res2(): 0x558fe14903c0 clientwin_get_disp_mode(): 0x558fe14903c0 clientwin_update(): 0x558fe14b05a0 clientwin_free_res2(): 0x558fe14b05a0 clientwin_get_disp_mode(): 0x558fe14b05a0 clientwin_update(): 0x558fe14bb250 clientwin_free_res2(): 0x558fe14bb250 clientwin_get_disp_mode(): 0x558fe14bb250 clientwin_get_disp_mode(): 0x558fe14bb250 (nil) clientwin_update(): 0x558fe14bb310 clientwin_free_res2(): 0x558fe14bb310 clientwin_get_disp_mode(): 0x558fe14bb310 clientwin_get_disp_mode(): 0x558fe14bb310 (nil) clientwin_update(): 0x558fe14bb410 clientwin_free_res2(): 0x558fe14bb410 clientwin_get_disp_mode(): 0x558fe14bb410 clientwin_free_res2(): 0x558fe14b5fb0 clientwin_free_res2(): 0x558fe14bb310 clientwin_update2_filled(): 0x558fe14bb310 clientwin_free_res2(): 0x558fe14bb410 clientwin_free_res2(): 0x558fe14b05a0 clientwin_free_res2(): 0x558fe14903c0 clientwin_free_res2(): 0x558fe14bb250 clientwin_update2_filled(): 0x558fe14bb250 clientwin_free_res2(): 0x558fe148b940 clientwin_update2_filled(): 0x558fe148b940 clientwin_free_res2(): 0x558fe14be920 [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 307 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 308 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 309 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 310 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 312 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 313 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 314 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 315 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 317 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 318 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 319 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 320 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 322 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 323 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 324 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 325 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 327 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 328 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 329 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 330 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 332 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 333 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 334 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 335 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 337 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 338 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 339 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 340 ("BadDrawable (invalid Pixmap or Window parameter)") [ 0.02 ] error 2 (BadValue) request 12 minor 0 serial 342 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 2 (BadValue) request 53 minor 0 serial 343 ("BadValue (integer parameter out of range for operation)") [ 0.02 ] error 4 (BadPixmap) request 2 minor 0 serial 344 ("BadPixmap (invalid Pixmap parameter)") [ 0.02 ] error 9 (BadDrawable) request 139 minor 4 serial 345 ("BadDrawable (invalid Pixmap or Window parameter)") clientwin_repaint(0x558fe14bb310): 0, 0, 732, 246 (nil) Segmentation fault (core dumped)

IMPACT:

For some users, this is probably a high impact bug. Any how this bug probably directly impacts the reputation of skippy-xd. For those who want to add live preview for minimized windows, this bug may be relevant in terms of code paths.

[dreamcat4]

what does CLIDISP_FILLED do?

here we can see it is (most likely} a bug around icon state. this enum specifies what type of a preview skippy will display for a clientwin preview:

https://github.com/dreamcat4/skippy-xd/blob/master/src/skippy.h#L190-L195

presumably filled is the one where you get the grey boxes, or blue boxes. for example during minimized state

===== btw

for stepping through code at runtime, {it is a personal preference, you do not have to do this)... but perhaps {if it is helpful to hunting bugs), can try out vscode and its debugger debugger. it might be useful.

and with its extensions maybe it makes easier to run other static memory analysis tools. for example like valgrind (or similar). hth

[felixfung]

.... After lots of debugging, turns out the ClientWindow->pict_filled == NULL, ClientWindow->mini.width and height are 0, which is due to MainWin->multiplier == 0, which is due to the boxy layout code giving some crazy big positioning coordinates....

...Ultimately because of arithmetics between signed and unsigned int.