Bug 10276 - xorg crashes when v4l module is loaded on AMD64
Summary: xorg crashes when v4l module is loaded on AMD64
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Driver/other (show other bugs)
Version: 7.1 (2006.05)
Hardware: x86-64 (AMD64) Linux (All)
: medium critical
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-13 04:32 UTC by Frédéric Giquel
Modified: 2011-10-17 02:35 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments
Xorg log with my crash (70.65 KB, text/plain)
2008-03-21 03:47 UTC, Pekka Paalanen 		no flags Details
Gdb session (32.07 KB, text/plain)
2008-03-21 03:50 UTC, Pekka Paalanen 		no flags Details
View All

Description Frédéric Giquel 2007-03-13 04:32:02 UTC 
Using xvinfo makes xorg crashes when v4l module is loaded. It's reproducible.
I've found the reason of the crash. It's related to the 64 bits architecture.

The explanation :
- line 648 of v4l.c : ioctl(V4L_FD,VIDIOCGFREQ,value);
- line 612 of v4l.c : we know that value is INT32 *
- in videodev.h :
#define VIDIOCGFREQ          _IOR('v',14, unsigned long)

With 32 bits architecture, long is 32 bits and there's no problem.
With 64 bits architecture like AMD64, long is 64 bits and ioctl try to
write to the double-word *value and an unauthorized double-word near
*value. So xorg crashes.

To temporally fix the bug, I replace the line 648 of v4l.c with the next
3 lines :
unsigned long freq;
ioctl(V4L_FD,VIDIOCGFREQ,&freq);
*value = (INT32) freq;

There is no crash anymore with xvinfo. We lose some information (64 bits
-> 32 bits) but it seems unimportant (the frequency value is between 0
and 16000 according to line 190 of v4l.c).
Perhaps, a better solution can be found...

We certainly have the same problem with VIDIOCSFREQ to set the
frequency (line 597 of v4l.c) but I didn't try anything.

If other information is needed, the debian bug report : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413640
Comment 1 Brice Goglin 2007-05-02 15:56:46 UTC 
We just got another report about this bug in the Debian BTS (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422008). Same problem, xvinfo crashes the server when the v4l module is loaded. It was with the ATI driver instead of NV this time, still on AMD64.

Since the submitter of this bug already posted an explanation of the bug and a possible fix, it'd be nice if somebody could look at it.

Thanks,
Brice
Comment 2 spam 2007-10-21 18:17:37 UTC 
the problem is also present in xorg 7.2 :-/
Comment 3 Pekka Paalanen 2007-12-18 16:08:25 UTC 
This bug is the closest match to what I experienced right now on Gentoo, using xorg-server 1.4.0.90 from Gentoo official packages. I have a tv-card which works with the bttv driver.

If bttv is loaded when X starts, running xvinfo makes X segfault somewhere in dispatch(), the backtrace seems quite useless. If bttv is not loaded during X startup, xvinfo works fine. I can load bttv and xvinfo continues to work fine in the current X session. And I can watch tv with tvtime.

And yes, this is amd64 architecture.
Comment 4 Pekka Paalanen 2008-03-21 03:47:06 UTC 
Created attachment 15371 [details]
Xorg log with my crash
Comment 5 Pekka Paalanen 2008-03-21 03:50:41 UTC 
Created attachment 15372 [details]
Gdb session

Here's the gdb session I did today, with x11-base/xorg-server-1.4.0.90-r3 in Gentoo. It shows a NULL pointer dereference in Dispatch(), dispatch.c:459.
The crash goes away if I remove Load "v4l" from config, or unload bttv driver.
Comment 6 Jeremy Huddleston Sequoia 2011-10-17 02:35:04 UTC 
This code was completely changed in February.  I suggest you try current git, 
and if that doesn't work, contact Mauro Carvalho Chehab <mchehab@redhat.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.