[Xorg-driver-geode] Xv PutImage crash

Daniel Drake dsd at laptop.org
Tue Aug 3 07:28:17 PDT 2010 

Hi,

On 2 August 2010 23:57, Cui, Hunk <Hunk.Cui at amd.com> wrote:
>        My platform is Ubuntu 10.04, Xserver version is 1.8.99,
> xf86-video-geode version is 2.11.8.
>        I have tested http://olpc.dailymotion.com/, then clicked on the
> second-from-left image ('Un jour ... a Paris ...' - the one with Walter
> Bender's face), The file started to be shown, and the video can normally
> broadcast, The input was accepted from keyboard and the USB mouse can be
> used.

There are several reasons why you might not see the crash. Most likely
is that you're using Firefox or some other browser that plays back ogg
files without using Xv.

For the OLPC OS we have modified Firefox so that it uses totem to play
back ogg files, which uses Xv (through gstreamer) to play back. (Using
firefox's software-based ogg support is far too slow for our low-power
hardware)

Secondly, as the buffer is not overflowed that much (512 bytes) and
the overflow is an overflow in read rather than write, the problem is
not always obvious. Indeed, if I play the video at full screen rather
than from inside the browser, the crashes are much less common. If I
change optimization or debug flags at compile time, the problem
becomes much harder to reproduce (and in some cases seemingly even
disappears). And even in the standard crash-prone configuration,
sometimes I have to wait 2 or 3 minutes for the crash to occur,
meaning that we've overflowed the buffer a few thousand times before
something bad happens.

I feel that diagnosis based on software versions/configuration is not
worth the time/hassle because I've already narrowed down the exact
lines of code (in git HEAD) where the buffer is overflowed, in my
previous mail. If you spend 10-15 minutes tracing the LXCopyPlanar()
code (just with your eyes and some paper), with the goal of verifying
if the code ever reads outside of the image buffer or not, I think
you'll agree that the overflow is clear. You can start with these
parameters:

x1=0
x2=512
y1=0
y2=288
width=512
height=288

The total size of buf is 221184 bytes. (if you read one byte more than
that, you're overflowing)

Once you reach the first loop iteration inside
gp_color_bitmap_to_screen_blt() the reason for the overflow will
become apparent.

Nevertheless I'll get the information you requested later today.
Daniel

More information about the Xorg-driver-geode mailing list