Bug 79317

Summary: xorg crashes due to assert() when a large "image" is created
Product: Spice Reporter: David Mansfield <freedesktop-bugzilla>
Component: xorg qxlAssignee: Spice Bug List <spice-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: avoid assert() crash by dynamically adjusting image chunk size

Description David Mansfield 2014-05-27 14:33:44 UTC 
Created attachment 99951 [details]
avoid assert() crash by dynamically adjusting image chunk size

The maximum number of "commands" that can be queued at once is fixed at compile time at MAX_RELOCS. However, during the creation of an image object in qxl_image_create(), the image is split into commands of maximum size 512*512. For a large dual-head system, it is easy to create an image for which the number of chunks will result in an overflow of MAX_RELOCS number of "commands".

Identify this scenario and dynamically increase the chunk size to avoid the overflow, and the resulting assert() which crashes Xorg.

Note: the debugging statement is currently enabled in this patch.

This is almost certainly the cause of:

https://bugzilla.redhat.com/show_bug.cgi?id=1013840
http://retrace.fedoraproject.org/faf/problems/1528867/
http://retrace.fedoraproject.org/faf/reports/345040/
Comment 1 Marc-Andre Lureau 2014-11-02 23:14:35 UTC 
applied upstream

commit 3d511c30206bd8c9a207c436186a03af0bb02962
Author: David Mansfield <spice@dm.cobite.com>
Date:   Tue Jun 3 10:05:42 2014 -0400

    Dynamically adjust chunk size to avoid command buffer overflow.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.