https://bugs.freedesktop.org/show_bug.cgi?id=85267
Bug ID: 85267 Summary: vlc crashes with vdpau (Radeon 3850HD) [r600] Product: Mesa Version: unspecified Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium Component: Drivers/Gallium/r600 Assignee: dri-devel@lists.freedesktop.org Reporter: arthur.marsh@internode.on.net
I'm using version 10.3.1-1 on Debian of most mesa-related packages and Linux kernel 3.18.0-rc1 from Linus' git head.
replaying a particular dvd in VLC triggers some errors:
(see also http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766058 )
vdpau-related packages are also installed;
when I ran the dvd in VLC under valgrind I encountered:
(comments are from michel@daenzer.net )
==13424== Invalid read of size 1 ==13424== at 0x1A8789C0: r600_bind_blend_state_internal (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1A6723C0: blitter_restore_fragment_states (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1A675C47: util_blitter_clear_render_target (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1A852985: r600_clear_render_target (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1A69D9A9: vl_compositor_render (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1A629E96: vlVdpPresentationQueueDisplay (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1F2F80A3: Queue (in /usr/lib/vlc/plugins/vdpau/libvdpau_display_plugin.so) ==13424== by 0x30D0E6DB48: ThreadDisplayPicture (in /usr/lib/libvlccore.so.8.0.0) ==13424== by 0x30D0E6DEB2: Thread (in /usr/lib/libvlccore.so.8.0.0) ==13424== by 0x30022080A3: start_thread (pthread_create.c:309) ==13424== Address 0xedfe51d is 61 bytes inside a block of size 64 free'd ==13424== at 0x4A08E90: free (vg_replace_malloc.c:473) ==13424== by 0x1A62C7DD: vlVdpOutputSurfaceRenderBitmapSurface (in /usr/lib/x86_64-linux-gnu/vdpau/libvdpau_r600.so.1.0.0) ==13424== by 0x1F2F8200: Queue (in /usr/lib/vlc/plugins/vdpau/libvdpau_display_plugin.so) ==13424== by 0x30D0E6DB48: ThreadDisplayPicture (in /usr/lib/libvlccore.so.8.0.0) ==13424== by 0x30D0E6DEB2: Thread (in /usr/lib/libvlccore.so.8.0.0) ==13424== by 0x30022080A3: start_thread (pthread_create.c:309)
This looks like a use-after-free bug in the Mesa r600g driver. Can you report this upstream at https://bugs.freedesktop.org/enter_bug.cgi?product=Mesa , component Drivers/Gallium/r600?
https://bugs.freedesktop.org/show_bug.cgi?id=85267
--- Comment #1 from Michel Dänzer michel@daenzer.net --- Created attachment 108144 --> https://bugs.freedesktop.org/attachment.cgi?id=108144&action=edit r600g: Drop references to destroyed blend state
Does this patch fix this problem?
https://bugs.freedesktop.org/show_bug.cgi?id=85267
--- Comment #2 from Arthur Marsh arthur.marsh@internode.on.net --- Created attachment 108163 --> https://bugs.freedesktop.org/attachment.cgi?id=108163&action=edit log file of running valgrind with default options run against mesa rebuilt with patch
It appears from this log that the particular error reported in this bug no longer occurs.
https://bugs.freedesktop.org/show_bug.cgi?id=85267
--- Comment #3 from Dieter Nützel Dieter@nuetzel-hh.de --- Fixed bug 84140, too.
https://bugs.freedesktop.org/show_bug.cgi?id=85267
Michel Dänzer michel@daenzer.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED
--- Comment #4 from Michel Dänzer michel@daenzer.net --- Module: Mesa Branch: master Commit: ae879718c4086fc5905070e7f26dfa2757df0c86 URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=ae879718c4086fc5905070e7f26...
Author: Michel Dänzer michel.daenzer@amd.com Date: Tue Oct 21 12:40:15 2014 +0900
r600g: Drop references to destroyed blend state
dri-devel@lists.freedesktop.org
-
bugzilla-daemon@freedesktop.org