fb crashes if mouse moves during start up

[Jakub Jermář]

On the current head (r398), default ia32 build, the fb server crashes when mouse is being moved when the system starts up (just move it continuously from the grub menu and while kernel console is active).

See the attached screenshot for the stack trace and the attached fb.disasm for the disassembler output.

[Jakub Jermář]

Screenshot with the stack trace.

[Jakub Jermář]

fb disassembler output.

[Jakub Jermář]

I think this problem exists, because console starts to process mouse events even before gcons_init() is finished. The scenario which I observed looks something like this:

• in console, both xres and yres are 0 (i.e. before they are initialized to something non-zero)
• gcons_mouse_move() is called to process a mouse event
• no matter what the dx and dy parameters to gcons_mouse_mode() were, calling limit() (twice) will result in passing mouse_x == mouse_y == -1 to fb in the FB_POINTER_MOVE request
• fb receives the FB_POITNER_MOVE call and calls mouse_move()
• mouse_move() sets pointer_x and pointer_y to -1, which it read from the IPC request
• processing any consequent request from fb_client_connection() will result in calling mouse_show()
• mouse_show() sets the pointer vport's x and y coordinates to -1 and calls copy_vp_to_pixmap()
• copy_vp_to_pixmap() then calculates a source address for memcpy() using vport→y, which is -1, which results in adding a negative number to the fb start address
• memcpy() crashes because fb accesses memory around one scanline below the beginning of the framebuffer memory

[Jakub Jermář]

Fixed in changeset:mainline,631.