Re: [Qemu-devel] Re: More displaystate fallout?

[Stefan Weil <weil@mail.berlios.de>]

Stefano Stabellini schrieb:
> Stefan Weil wrote:
>
>   
>> Hi,
>>
>> maybe the bug is related to a similar one I got:
>>
>> Emulation of a system without VGA will crash while switching from
>> serial console to monitor. I got this crash with SDL and VNC displays.
>>     
>
>
> I don't think that the problem you are seeing is related to this one.
> I assume that you have manually applied this patch:
>
> http://lists.gnu.org/archive/html/qemu-devel/2009-01/msg01304.html
>
> because it has not been committed yet.
>
>  
>   

Not exactly :-)

I had made the same change before you published your patch.
Because it worked only partially, I did not publish my change.


>> The crash is caused by a surface which is too small: your patch for
>> dumb terminals assumes 640 x 480 pixels, but the monitor is much
>> larger. So the allocated display data is too small.
>>
>>     
>
>
> I tried to reproduce the issue but so far I didn't get any crash: I am
> starting a VM with -vga none and switching from the monitor to the
> serial and back.
> So far is working correctly for me.
>
>
>
>
>   

To reproduce it, the 1st console window must be larger than 640 x 480
(or the surface of dumb terminal smaller than this).

Systems without VGA start with the monitor console which is larger.
Qemu (SDL or VNC) will crash when switching from 1st to 2nd console
and then back to 1st (which will never show again).

See stack trace below. Maybe you must add a simple assertion to console.c
to see the access violation.

A simple (but crude) fix is to increase the size of the surface.

Regards
Stefan Weil


qemu-system-mipsel: /home/stefan/src/qemu/trunk/console.c:456:
vga_putcharxy: Assertion `d < ds->surface->data + ds->surface->linesize
* ds->surface->height' failed.

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fbd8b6b26e0 (LWP 15733)]
0x00007fbd89d04ed5 in raise () from /lib/libc.so.6
(gdb) i s
#0  0x00007fbd89d04ed5 in raise () from /lib/libc.so.6
#1  0x00007fbd89d063f3 in abort () from /lib/libc.so.6
#2  0x00007fbd89cfddc9 in __assert_fail () from /lib/libc.so.6
#3  0x0000000000487481 in vga_putcharxy (ds=0xf5d6e0, x=0, y=30, ch=32,
t_attrib=0x12a28d9) at ~/src/qemu/trunk/console.c:456
#4  0x0000000000487dc4 in console_refresh (s=0x1011b60) at
~/src/qemu/trunk/console.c:640
#5  0x00000000004892f4 in text_console_invalidate (opaque=0x1011b60) at
~/src/qemu/trunk/console.c:1202
#6  0x0000000000486e69 in vga_hw_invalidate () at
~/src/qemu/trunk/console.c:173
#7  0x0000000000488e02 in console_select (index=0) at
~/src/qemu/trunk/console.c:1081
#8  0x00000000004aab61 in sdl_refresh (ds=0xf5d6e0) at
~/src/qemu/trunk/sdl.c:391
#9  0x000000000040b2d3 in dpy_refresh (s=0xf5d6e0) at
~/src/qemu/trunk/console.h:180
#10 0x000000000040b240 in gui_update (opaque=0xf5d6e0) at
~/src/qemu/trunk/vl.c:3409
#11 0x00000000004074ef in qemu_run_timers (ptimer_head=0xb8f900,
current_time=11851244) at ~/src/qemu/trunk/vl.c:1211
#12 0x000000000040bbba in main_loop_wait (timeout=0) at
~/src/qemu/trunk/vl.c:3721
#13 0x000000000040c001 in main_loop () at ~/src/qemu/trunk/vl.c:3870
#14 0x000000000040ebf7 in main (argc=13, argv=0x7fff936d8a78,
envp=0x7fff936d8ae8) at ~/src/qemu/trunk/vl.c:5749
(gdb) up
#1  0x00007fbd89d063f3 in abort () from /lib/libc.so.6
(gdb)
#2  0x00007fbd89cfddc9 in __assert_fail () from /lib/libc.so.6
(gdb)
#3  0x0000000000487481 in vga_putcharxy (ds=0xf5d6e0, x=0, y=30, ch=32,
t_attrib=0x12a28d9) at ~/src/qemu/trunk/console.c:456
456         assert(d < ds->surface->data + ds->surface->linesize *
ds->surface->height);
(gdb) p *ds->surface
$1 = {flags = 2 '\002', width = 640, height = 480, linesize = 2560, data
= 0x115bc10 "", pf = {bits_per_pixel = 32 ' ',
    bytes_per_pixel = 4 '\004', depth = 24 '\030', rmask = 16711680,
gmask = 65280, bmask = 255, amask = 0, rshift = 16 '\020',
    gshift = 8 '\b', bshift = 0 '\0', ashift = 0 '\0', rmax = 255 '?',
gmax = 255 '?', bmax = 255 '?', amax = 0 '\0'}}