xcb_xv_query_adaptors accesses invalid memory due to xcb_xv_adaptor_info_sizeof () not returning a 32 bit aligned value. This works fine in Xlib.
Created attachment 100689 [details] Test case showing Xlib working and XCB not I get the output showing the sizeof being 43 instead of the correct value of 44: Xlib: "Intel(R) Textured Video" "Intel(R) Video Sprite" XCB: "Intel(R) Textured Video" 43 "" 7436
Debugging shows it's the the padding after the name that's not being taken into account: <struct name="AdaptorInfo"> <field type="PORT" name="base_id" /> <field type="CARD16" name="name_size" /> <field type="CARD16" name="num_ports" /> <field type="CARD16" name="num_formats" /> <field type="CARD8" name="type" mask="Type" /> <pad bytes="1" /> <list type="char" name="name"> <fieldref>name_size</fieldref> </list> <list type="Format" name="formats"> <fieldref>num_formats</fieldref> </list> </struct> In xcb_xv_adaptor_info_sizeof () the logic is: /* name */ xcb_block_len += _aux->name_size * sizeof(char); xcb_tmp += xcb_block_len; xcb_align_to = ALIGNOF(char); /* insert padding */ xcb_pad = -xcb_block_len & (xcb_align_to - 1); xcb_buffer_len += xcb_block_len + xcb_pad; if (0 != xcb_pad) { xcb_tmp += xcb_pad; xcb_pad = 0; } xcb_block_len = 0; But ALIGNOF(char) returns 1 so no padding is added.
That "insert padding" code is some implicit padding that gets inserted everywhere. Most structures should be fine without. And for this case (list of 1byte types) it's obviously broken. Anyway, explicit padding is better than implicit, that's way I've hacked up patches that fixes the problem (for me): http://lists.freedesktop.org/archives/xcb/2014-June/009518.html Could you test the patches and report back?
I can confirm using the two patches (proto, libxcb) causes xcb_xv_query_adaptors to work correctly. Thanks!
Patches pushed out. Thanks for the patch, and thanks for testing.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.