[Bug 828085] Re: gtk-window-decorator crashed with SIGSEGV in get_button_position()

jmullee Sat, 20 Aug 2011 07:35:35 -0700

looks like the culprit is  "d->frame->titlebar_height"

#################


action_menu_map (WnckWindow *win, long button, Time time) {
...

if (!button || button == 1)
        {
        gtk_menu_popup (GTK_MENU (action_menu), NULL, NULL, 
position_action_menu, (gpointer) win, button, time);

// CALLS :

position_action_menu (GtkMenu *menu, gint *x, gint *y, gboolean *push_in, 
gpointer user_data)
        {
        WnckWindow *win = (WnckWindow *) user_data;
        ...
        gint bx, by, width, height;
        wnck_window_get_client_window_geometry (win, x, y, &width, &height);
        if ((*theme_get_button_position) (d, BUTTON_MENU, width, height, &bx, 
&by, &width, &height))

// WHICH CALLS


get_button_position (decor_t *d, gint i, gint width, gint height, gint *x, gint 
*y, gint *w, gint *h)
        {
        ...
// FAULT : SIGSEGV
        *y = bpos[i].y + bpos[i].yh * height + bpos[i].yth * 
(d->frame->titlebar_height - 17);

#################

grep_-n_^_/usr/src/compiz-0.9.5.0/gtk/window-decorator/cairo.c_|_head_-n_850_|_tail_-n_70
intermixed with gdb disassemble /m

809:gboolean
810:get_button_position_(decor_t_*d,
811:_____gint____i,
812:_____gint____width,
813:_____gint____height,
814:_____gint____*x,
815:_____gint____*y,
816:_____gint____*w,
817:_____gint____*h)
818:{
___0x000000000040c995_<+5>:________push___%rbx
819:____if_(i_>_BUTTON_MENU)
___0x000000000040c992_<+2>:________cmp____$0x3,%esi
___0x000000000040c996_<+6>:________jg_____0x40ca4f_<get_button_position+191>
820:________return_FALSE;
___0x000000000040c990_<+0>:________xor____%eax,%eax
821:
822:____if_(d->frame_window)
___0x000000000040c99c_<+12>:________cmpq___$0x0,0x218(%rdi)
___0x000000000040c9a4_<+20>:________je_____0x40ca58_<get_button_position+200>
823:____{
824:________*x_=_bpos[i].x_+_bpos[i].xw_*_width_+_d->frame->win_extents.left_+_4;
___0x000000000040c9aa_<+26>:________movslq_%esi,%r10
___0x000000000040c9ad_<+29>:________mov____0x8(%rdi),%rdi
___0x000000000040c9b1_<+33>:________lea____(%r10,%r10,4),%r11
___0x000000000040c9b5_<+37>:________shl____$0x3,%r11
___0x000000000040c9b9_<+41>:________mov____0x61daf0(%r11),%eax
___0x000000000040c9c0_<+48>:________imul___%edx,%eax
___0x000000000040c9c3_<+51>:________add____0x61dae0(%r11),%eax
___0x000000000040c9ca_<+58>:________add____(%rdi),%eax
___0x000000000040c9cc_<+60>:________add____$0x4,%eax
___0x000000000040c9cf_<+63>:________mov____%eax,(%r8)
825:________*y_=_bpos[i].y_+_bpos[i].yh_*_height_+_bpos[i].yth_*
___0x000000000040c9d5_<+69>:________mov____0x61daf4(%r11),%ebx
___0x000000000040c9df_<+79>:________imul___0x61db00(%r11),%eax
___0x000000000040c9e7_<+87>:________imul___%ecx,%ebx
___0x000000000040c9ea_<+90>:________add____%ebx,%eax
___0x000000000040c9ec_<+92>:________add____0x61dae4(%r11),%eax
826:____________(d->frame->titlebar_height_-_17)_+_d->frame->win_extents.top_+_2;
___0x000000000040c9d2_<+66>:________mov____0x20(%rdi),%eax
___0x000000000040c9dc_<+76>:________sub____$0x11,%eax
___0x000000000040c9f3_<+99>:________add____0x8(%rdi),%eax
___0x000000000040c9f6_<+102>:________add____$0x2,%eax
___0x000000000040c9f9_<+105>:________mov____%eax,(%r9)
827:____}
828:____else
829:____{
830:________*x_=_bpos[i].x_+_bpos[i].xw_*_width;
___0x000000000040ca58_<+200>:________movslq_%esi,%r10
___0x000000000040ca5f_<+207>:________lea____(%r10,%r10,4),%rax
___0x000000000040ca63_<+211>:________shl____$0x3,%rax
___0x000000000040ca67_<+215>:________mov____0x61daf0(%rax),%r11d
___0x000000000040ca6e_<+222>:________imul___%edx,%r11d
___0x000000000040ca72_<+226>:________add____0x61dae0(%rax),%r11d
___0x000000000040ca79_<+233>:________mov____%r11d,(%r8)
831:________*y_=_bpos[i].y_+_bpos[i].yh_*_height_+_bpos[i].yth_*
___0x000000000040ca80_<+240>:________mov____0x61daf4(%rax),%ebx
___0x000000000040ca8a_<+250>:________imul___0x61db00(%rax),%r11d
___0x000000000040ca92_<+258>:________imul___%ecx,%ebx
___0x000000000040ca95_<+261>:________add____%ebx,%r11d
___0x000000000040ca98_<+264>:________add____0x61dae4(%rax),%r11d
___0x000000000040ca9f_<+271>:________mov____%r11d,(%r9)
___0x000000000040caa2_<+274>:________jmpq___0x40c9fc_<get_button_position+108>
___0x000000000040caa7:________nopw___0x0(%rax,%rax,1)
832:____________(d->frame->titlebar_height_-_17);
___0x000000000040ca5b_<+203>:________mov____0x8(%rdi),%rdi

=>_0x000000000040ca7c_<+236>:________mov____0x20(%rdi),%r11d

___0x000000000040ca86_<+246>:________sub____$0x11,%r11d
833:____}
834:
835:____*w_=_bpos[i].w_+_bpos[i].ww_*_width;
___0x000000000040c9fc_<+108>:________lea____(%r10,%r10,4),%rax
___0x000000000040ca00_<+112>:________mov____0x10(%rsp),%r9
___0x000000000040ca05_<+117>:________shl____$0x3,%rax
___0x000000000040ca09_<+121>:________imul___0x61daf8(%rax),%edx
___0x000000000040ca10_<+128>:________add____0x61dae8(%rax),%edx
___0x000000000040ca16_<+134>:________mov____%edx,(%r9)
836:____*h_=_bpos[i].h_+_bpos[i].hh_*_height_+_bpos[i].hth_+
___0x000000000040ca19_<+137>:________imul___0x61dafc(%rax),%ecx
___0x000000000040ca20_<+144>:________add____0x61daec(%rax),%ecx
___0x000000000040ca26_<+150>:________add____0x61db04(%rax),%ecx
___0x000000000040ca32_<+162>:________lea____-0x11(%rcx,%rax,1),%ecx
___0x000000000040ca36_<+166>:________mov____0x18(%rsp),%rax
___0x000000000040ca3b_<+171>:________mov____%ecx,(%rax)
837:________(d->frame->titlebar_height_-_17);
___0x000000000040ca2c_<+156>:________mov____0x20(%rdi),%eax
838:
839:____/*_hack_to_position_multiple_buttons_on_the_right_*/
840:____if_(i_!=_BUTTON_MENU)
___0x000000000040ca2f_<+159>:________cmp____$0x3,%esi
___0x000000000040ca42_<+178>:________je_____0x40ca4f_<get_button_position+191>
841:________*x_-=_10_+_16_*_i;
___0x000000000040ca44_<+180>:________neg____%esi
___0x000000000040ca46_<+182>:________shl____$0x4,%esi
___0x000000000040ca49_<+185>:________sub____$0xa,%esi
___0x000000000040ca4c_<+188>:________add____%esi,(%r8)
842:
843:____return_TRUE;
___0x000000000040ca3d_<+173>:________mov____$0x1,%eax
844:}
___0x000000000040ca4f_<+191>:________pop____%rbx
___0x000000000040ca50_<+192>:________retq___
___0x000000000040ca51_<+193>:________nopl___0x0(%rax)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/828085

Title:
  gtk-window-decorator crashed with SIGSEGV in get_button_position()

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/compiz/+bug/828085/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 828085] Re: gtk-window-decorator crashed with SIGSEGV in get_button_position()

Reply via email to