While reading through the Intel driver code, I spotted this in I830SetPortAttributeOverlay:
} else if (attribute == xvPipe) { xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn); if ((value < -1) || (value > xf86_config->num_crtc)) return BadValue; if (value < 0) adaptor_priv->desired_crtc = NULL; else adaptor_priv->desired_crtc = xf86_config->crtc[value];
This allows value == xf86_config->num_crtc to be valid, which would be the CRTC number _after_ the last one in the array. Presumably this is not desired, and the test should be ">=".
On Sun, 12 Aug 2012 10:01:44 +0100, Russell King - ARM Linux linux@arm.linux.org.uk wrote:
While reading through the Intel driver code, I spotted this in I830SetPortAttributeOverlay:
} else if (attribute == xvPipe) { xf86CrtcConfigPtr xf86_config = XF86_CRTC_CONFIG_PTR(scrn); if ((value < -1) || (value > xf86_config->num_crtc)) return BadValue; if (value < 0) adaptor_priv->desired_crtc = NULL; else adaptor_priv->desired_crtc = xf86_config->crtc[value];This allows value == xf86_config->num_crtc to be valid, which would be the CRTC number _after_ the last one in the array. Presumably this is not desired, and the test should be ">=".
Thanks for bringing this to our attention and poking Dave, who promptly pushed a patch to fix the bug. -Chris
dri-devel@lists.freedesktop.org
-
Chris Wilson -
Russell King - ARM Linux