Bug 105368

Summary: Crash in ruvd_end_frame when calling vaBeginPicture/vaEndPicture without rendering anything
Product: Mesa Reporter: 67b0226d
Component: Drivers/Gallium/radeonsiAssignee: Default DRI bug account <dri-devel>
Status: RESOLVED MOVED QA Contact: Default DRI bug account <dri-devel>
Severity: normal    
Priority: medium    
Version: git   
Hardware: All   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description 67b0226d 2018-03-06 13:01:14 UTC 
VAAPI testing has revealed that ruvd_end_frame does not handle a particular edge case (see below), i.e. it crashes.

Source of the crash is here:
https://cgit.freedesktop.org/mesa/mesa/tree/src/gallium/drivers/radeon/radeon_uvd.c?id=e96e6f60f705c04a3d437eea9fe308826b494c67#n1246

The memset fails when you call vaBeginPicture/vaEndPicture without any relevant vaRenderPicture calls in-between and have previously decoded some frames using the context. Then ruvd_begin_frame (triggered by data buffers) is not called to set up a new bs_ptr, and the old pointer that was unmapped already is still around, so memset will segfault. Inserting dec->bs_ptr = NULL after the buffer_unmap works for me, but I don't know if this is the solution or just a workaround.

ffmpeg seems to do this under certain circumstances, which is how this bug surfaced. The vaapi documentation does not seem to forbid this, even if it does not make a lot of sense.
Comment 1 GitLab Migration User 2019-09-25 18:03:28 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/mesa/mesa/issues/1308.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.