Bug 19793

Summary: [intel] Xv windows crash X server when moved leftwards
Product: xorg Reporter: Lucius Windschuh <lwindschuh>
Component: Driver/intelAssignee: Wang Zhenyu <zhenyu.z.wang>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: 7.4 (2008.09)   
Hardware: x86 (IA32)   
OS: FreeBSD   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Patch to prevent Xorg from crashing
none
my xorg.conf
none
my Xorg log file none

Description Lucius Windschuh 2009-01-28 13:32:09 UTC 
Created attachment 22322 [details] [review]
Patch to prevent Xorg from crashing

Overview:
  Moving a Xv window off the screen makes Xorg crash with SIGSEGV

Steps to reproduce:
  - play a film (probably in high resolution?) with mplayer -vo xv
  - move the Xvideo window leftwards so that parts of it are off the screen
  - Xorg crashes with SIGSEGV as soon as 1 pixel is off screen

System information:
  - FreeBSD 8.0-CURRENT on a Lenovo Thinkpad T400
  - Xorg 7.4 built from the FreeBSD ports system
  - Graphics adapter: Mobile IntelĀ® GM45 Express Chipset, card=0x211217aa chip=0x2a428086 rev=0x07
  - xorg.conf, Xorg.0.log attached
  - more information on request

Analysis:

Commit d5a80e1e3ab5724d34b20f9ee6f830efd0f5b076 introduced two shortcuts with memcpy when srcPitch2 == dstPitch. These are the points where Xorg 7.4 from the FreeBSD ports crashes. Even if one is fixed, the other crashes.

Could it be that these memcpy()s are not the same as the "for() memcpy;" loop even if srcPitch2 == dstPitch? Or just in this special case when cropping the left part of the video window?

There is another similar shortcut in the code. This one could also be problematic.

Workaround: 

See attached patch.


Could somebody with more insight in the driver look at this?
Comment 1 Lucius Windschuh 2009-01-28 13:32:55 UTC 
Created attachment 22323 [details]
my xorg.conf
Comment 2 Lucius Windschuh 2009-01-28 13:33:30 UTC 
Created attachment 22324 [details]
my Xorg log file
Comment 3 Lucius Windschuh 2009-02-01 06:52:18 UTC 
It is fixed in xf86-video-intel 2.6.1.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.