https://bugs.freedesktop.org/show_bug.cgi?id=32246
Summary: Compiz 0.9 switcher segfaults in mipmap generation code Product: Mesa Version: git Platform: Other OS/Version: All Status: NEW Severity: normal Priority: medium Component: Drivers/DRI/R600 AssignedTo: dri-devel@lists.freedesktop.org ReportedBy: chalserogers@gmail.com
Created an attachment (id=40939) --> (https://bugs.freedesktop.org/attachment.cgi?id=40939) gdb session log of crash with backtrace.
Triggering the window switcher with mipmapping enabled in Compiz 0.9.2 results in a segfault in the mipmap generation code on r600c (but not r600g), apparently because the driver private data for the texture is not initialised.
Bottom of the backtrace inline, full backtrace attached:
Program received signal SIGSEGV, Segmentation fault. 0x00007f7b76eed81b in do_row (datatype=<value optimised out>, comps=<value optimised out>, srcWidth=<value optimised out>, srcRowA=0x0, srcRowB=0xe40, dstWidth=<value optimised out>, dstRow=0x35ffe00) at main/mipmap.c:171 in main/mipmap.c (gdb) bt full #0 0x00007f7b76eed81b in do_row (datatype=<value optimised out>, comps=<value optimised out>, srcWidth=<value optimised out>, srcRowA=0x0, srcRowB=0xe40, dstWidth=<value optimised out>, dstRow=0x35ffe00) at main/mipmap.c:171 i = <value optimised out> k = <value optimised out> rowB = 0xe40 dst = 0x35ffe00 j = <value optimised out> rowA = 0x0 k0 = 1 colStride = 2 #1 0x00007f7b76eeee9f in make_2d_mipmap (datatype=5121, comps=3, border=0, srcWidth=1214, srcHeight=1000, srcPtr=0x0, srcRowStride=1216, dstWidth=607, dstHeight=500, dstPtr=0x35ffe00 "\340\271T\003", dstRowStride=607) at main/mipmap.c:1192 bpt = 3 srcWidthNB = 1214 dstWidthNB = 607 dstHeightNB = 500 srcRowBytes = <value optimised out> dstRowBytes = 1821 srcA = <value optimised out> srcB = <value optimised out> dst = <value optimised out> row = <value optimised out> srcRowStep = <value optimised out> __PRETTY_FUNCTION__ = "make_2d_mipmap" #2 0x00007f7b76ef3e61 in _mesa_generate_mipmap (ctx=0x1585520, target=3553, texObj=0x1ed6300) at main/mipmap.c:1825 srcImage = 0x1e186e0 srcHeight = 1000 srcDepth = 1 dstWidth = 607 dstHeight = 500 border = 0 dstImage = 0x3405cf0 srcWidth = 1214 dstDepth = 1 srcImage = <value optimised out> convertFormat = MESA_FORMAT_RGB888 srcData = 0x0 dstData = 0x35ffe00 "\340\271T\003" level = 0 maxLevels = 15 datatype = 5121 comps = 3 __PRETTY_FUNCTION__ = "_mesa_generate_mipmap" #3 0x00007f7b76eacc3d in radeon_generate_mipmap (ctx=0x1585520, target=<value optimised out>, texObj=0x1ed6300) at radeon_texture.c:256 i = <value optimised out> nr_faces = 1 face = <value optimised out> #4 radeonGenerateMipmap (ctx=0x1585520, target=<value optimised out>, texObj=0x1ed6300) at radeon_texture.c:299 rmesa = <value optimised out> bo = <value optimised out> face = <value optimised out> baseimage = 0x1e186e0 __func__ = "radeonGenerateMipmap" #5 0x00007f7b76ede567 in _mesa_GenerateMipmapEXT (target=3553) at main/fbobject.c:2177 texObj = 0x1ed6300 ctx = 0x1585520 #6 0x00007f7b77a52b88 in GLTexture::enable (this=0x1e1e250, filter=<value optimised out>) at /build/buildd/compiz-0.9.2.1+glibmainloop2/plugins/opengl/src/texture.cpp:232 gs = 0x15659d0 ...snip... And
(gdb) up #1 0x00007f7b76eeee9f in make_2d_mipmap (datatype=5121, comps=3, border=0, srcWidth=1214, srcHeight=1000, srcPtr=0x0, srcRowStride=1216, dstWidth=607, dstHeight=500, dstPtr=0x35ffe00 "\340\271T\003", dstRowStride=607) at main/mipmap.c:1192 1192 in main/mipmap.c (gdb) up #2 0x00007f7b76ef3e61 in _mesa_generate_mipmap (ctx=0x1585520, target=3553, texObj=0x1ed6300) at main/mipmap.c:1825 1825 in main/mipmap.c (gdb) uESC[ESC[Kprint *texObj $1 = {Mutex = {__data = {__lock = 0, __count = 0, __owner = 0, __nusers = 0, __kind = 0, __spins = 0, __list = {__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 39 times>, __align = 0}, RefCount = 3, Name = 75, Target = 3553, Priority = 1, BorderColor = {f = {0, 0, 0, 0}, ui = {0, 0, 0, 0}, i = {0, 0, 0, 0}}, WrapS = 33071, WrapT = 33071, WrapR = 10497, MinFilter = 9987, MagFilter = 9729, MinLod = -1000, MaxLod = 1000, LodBias = 0, BaseLevel = 0, MaxLevel = 1000, MaxAnisotropy = 1, CompareMode = 0, CompareFunc = 515, CompareFailValue = 0, DepthMode = 6409, _MaxLevel = 10, _MaxLambda = 10, CropRect = {0, 0, 0, 0}, Swizzle = {6403, 6404, 6405, 6406}, _Swizzle = 1672, GenerateMipmap = 0 '\000', _Complete = 0 '\000', _RenderToTexture = 1 '\001', Purgeable = 0 '\000', Image = {{0x1e186e0, 0x3405cf0, 0x0 <repeats 13 times>}, { 0x0 <repeats 15 times>}, {0x0 <repeats 15 times>}, {0x0 <repeats 15 times>}, {0x0 <repeats 15 times>}, {0x0 <repeats 15 times>}}, Palette = { InternalFormat = 0, _BaseFormat = 0, Size = 0, TableF = 0x0, TableUB = 0x0, RedSize = 0 '\000', GreenSize = 0 '\000', BlueSize = 0 '\000', AlphaSize = 0 '\000', LuminanceSize = 0 '\000', IntensitySize = 0 '\000'}, DriverData = 0x0}
https://bugs.freedesktop.org/show_bug.cgi?id=32246
--- Comment #1 from Alex Deucher agd5f@yahoo.com 2010-12-08 21:17:38 PST --- Should be fixed in: fd543e1f9506fe41e6e9e78aebbe0bca01df055c
https://bugs.freedesktop.org/show_bug.cgi?id=32246
--- Comment #2 from Christopher James Halse Rogers chalserogers@gmail.com 2010-12-09 12:25:50 PST --- This is not fixed in mesa up to commit 05e534e6, which includes fd543e1f. The backtrace remains the same.
https://bugs.freedesktop.org/show_bug.cgi?id=32246
--- Comment #3 from Ian Romanick idr@freedesktop.org 2010-12-09 13:42:17 PST --- This looks a lot like bug #32096. Different driver, but the end of the backtrace (from _mesa_generate_mipmap to the segfault) is the same.
https://bugs.freedesktop.org/show_bug.cgi?id=32246
--- Comment #4 from Bryce Harrington bryce@canonical.com 2011-02-15 18:02:31 PST --- Created an attachment (id=43410) --> (https://bugs.freedesktop.org/attachment.cgi?id=43410) 0001-Check-for-null-pointer-in-mipmap-image-data.patch
It looks to me like this occurs when the calling application passes in a mipmap that has undefined image data (e.g. priv-target->Image[0][0]->Data == NULL in this case).
For the case where _mesa_is_format_compressed() is true, there is an ASSERT to catch that this is undefined, but there is no such check for the false case.
The attached patch adds such a check (a problem message rather than an assertion, though). Possibly it should be using _mesa_error() or perhaps an assert; I'm not certain.
https://bugs.freedesktop.org/show_bug.cgi?id=32246
Jerome Glisse glisse@freedesktop.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Compiz 0.9 switcher |[RADEON:KMS:R600C] compiz |segfaults in mipmap |0.9 switcher segfaults in |generation code |mipmap generation code
https://bugs.freedesktop.org/show_bug.cgi?id=32246
Andreas Boll andreas.boll.dev@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO
--- Comment #5 from Andreas Boll andreas.boll.dev@gmail.com --- Note: classic r600 driver has been abandoned. Please use r600g (gallium driver) instead.
Is this still an issue with a newer driver/kernel?
https://bugs.freedesktop.org/show_bug.cgi?id=32246
Andreas Boll andreas.boll.dev@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Resolution|--- |WONTFIX
--- Comment #6 from Andreas Boll andreas.boll.dev@gmail.com --- The classic r600 driver has been abandoned long ago. It was replaced by the Gallium driver r600g.
If you have issues with r600g please file a new bug report with component Drivers/Gallium/r600
Thanks.
dri-devel@lists.freedesktop.org
-
bugzilla-daemon@freedesktop.org