netbsd-bugs: xsrc/18110: XFree 4.2.0 core dump with NVidia Riva 128

Subject: xsrc/18110: XFree 4.2.0 core dump with NVidia Riva 128
To: None <gnats-bugs@gnats.netbsd.org>
From: None <martti@netbsd.org>
List: netbsd-bugs
Date: 08/29/2002 21:31:01
>Number:         18110
>Category:       xsrc
>Synopsis:       XFree 4.2.0 core dump with NVidia Riva 128
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    xsrc-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Aug 29 12:32:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Martti Kuparinen
>Release:        NetBSD 1.6
>Organization:
>Environment:
NetBSD pc1 1.6_RC1 NetBSD 1.6_RC1 (PC) #3: Wed Aug 28 21:03:16 UTC 2002     root@pc1:/work/netbsd/src/sys/arch/i386/compile/PC i386
Architecture: i386
Machine: i386
>Description:

I have an old PC with NVidia Riva 128 card and XFree86 dumps core
before getting into the graphical mode.

The crash occurs when the server tries to use a non-existing
array on lines 1655-1656.

========================================================================
XFree86 Version 4.2.0 / X Window System
(protocol Version 11, revision 0, vendor release 6600)
Release Date: 23 January 2002
        If the server is older than 6-12 months, or if your card is
        newer than the above date, look for a newer version before
        reporting problems.  (See http://www.XFree86.Org/)
Build Operating System: NetBSD/i386 1.6_RC1 [ELF] The NetBSD Foundation, Inc.
Markers: (--) probed, (**) from config file, (==) default setting,
         (++) from command line, (!!) notice, (II) informational,
         (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/XFree86.0.log", Time: Thu Aug 29 19:48:15 2002
(==) Using config file: "/etc/X11/XF86Config"
(EE) NV(0): The Riva 128 chipset does not support depth 16.  Using depth 15 instead

Program received signal SIGSEGV, Segmentation fault.
0x8053517 in LoadStateExt (chip=0x8520800, state=0x85208c0) at riva_hw.c:1655
1655        chip->PCRTC[0x00000140/4] = 0;
(gdb)
(gdb) p chip
$1 = (RIVA_HW_INST *) 0x8520800
(gdb) p chip->PCRTC
$2 = (U032 *) 0x0
========================================================================

>How-To-Repeat:
	
>Fix:

--- riva_hw.c	Sat Aug 17 20:42:42 2002
+++ riva_hw.c	Thu Aug 29 19:52:53 2002
@@ -1652,8 +1652,11 @@
     /*
      * Turn off VBlank enable and reset.
      */
-    chip->PCRTC[0x00000140/4] = 0;
-    chip->PCRTC[0x00000100/4] = chip->VBlankBit;
+    if (chip->PCRTC) {
+        chip->PCRTC[0x00000140/4] = 0;
+        chip->PCRTC[0x00000100/4] = chip->VBlankBit;
+    }
+
     /*
      * Set interrupt enable.
      */    
>Release-Note:
>Audit-Trail:
>Unformatted: