GNOME Bugzilla – Bug 762482
fbdevsink SIGSEGV
Last modified: 2016-04-14 17:43:18 UTC
Created attachment 321888 [details] [review] Ffx fbdevsink bytes per pixel calculation Simple pipeline $ gst-launch-1.0 videotestsrc ! fbdevsink crashes with SIGSEGV in case the frambuffer xres is smaller than the virtual xres resolution, e.g.: $ fbset mode "800x480-0" # D: 0.000 MHz, H: 0.000 kHz, V: 0.000 Hz geometry 800 480 1920 1200 16 timings 0 0 0 0 0 0 0 accel true rgba 5/11,6/5,5/0,0/0 endmode Debug: $ gdb gst-launch-1.0 (gdb) run videotestsrc ! fbdevsink (gdb) where #0 0xb6bd2d24 in __memcpy_neon () at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:591 #1 0xb69b04e8 in gst_fbdevsink_show_frame (videosink=0x10a3378, buf=0xb5c08838) at gstfbdevsink.c:269 #2 0xb69e88c4 in gst_base_sink_do_preroll (sink=sink@entry=0x10a3378, obj=0xb5c08838, obj@entry=0xa0) at gstbasesink.c:2281 #3 0xb69e92bc in gst_base_sink_do_sync (basesink=basesink@entry=0x10a3378, obj=0xa0, obj@entry=0xb5c08838, late=0x0, late@entry=0xb6548ba0, step_end=0x140, step_end@entry=0xb6548ba4) at gstbasesink.c:2500 #4 0xb69ea67c in gst_base_sink_chain_unlocked ( basesink=basesink@entry=0x10a3378, obj=0x0, obj@entry=0xb5c08838, is_list=is_list@entry=0, pad=<optimized out>) at gstbasesink.c:3486 #5 0xb69ec1c0 in gst_base_sink_chain_main (basesink=0x10a3378, pad=<optimized out>, obj=0xb5c08838, is_list=0) at gstbasesink.c:3647 #6 0xb6eb5b10 in gst_pad_chain_data_unchecked (pad=0x10a6170, type=<optimized out>, data=0xb5c08838) at gstpad.c:4086 #7 0xb6eb7a34 in gst_pad_push_data (pad=pad@entry=0x10a6020, type=type@entry=4112, data=0xb5c08838) at gstpad.c:4338 #8 0xb6ebf344 in gst_pad_push (pad=pad@entry=0x10a6020, buffer=<optimized out>) at gstpad.c:4454 #9 0xb69f22f0 in gst_base_src_loop (pad=0x10a6020) at gstbasesrc.c:2845 #10 0xb6eeddfc in gst_task_func (task=0x10a8828) at gsttask.c:331 #11 0xb6d485a0 in g_thread_pool_thread_proxy (data=<optimized out>) at gthreadpoQuit (gdb) frame 1 #1 0xb69b04e8 in gst_fbdevsink_show_frame (videosink=0x10a3378, buf=0xb5c08838) at gstfbdevsink.c:269 269 gstfbdevsink.c: No such file or directory. (gdb) p fbdevsink $1 = (GstFBDEVSink *) 0x10a3378 (gdb) p *fbdevsink $2 = {videosink = {element = {element = {object = {object = { g_type_instance = {g_class = 0x10a2d60}, ref_count = 3, qdata = 0x0}, lock = {p = 0x0, i = {0, 0}}, name = 0x10a2f30 "fbdevsink0", parent = 0x10a70a0, flags = 32, control_bindings = 0x0, control_rate = 100000000, last_sync = 18446744073709551615, _gst_reserved = 0x0}, state_lock = {p = 0x109f9a8, i = {0, 0}}, state_cond = {p = 0x0, i = { 3, 0}}, state_cookie = 2, target_state = GST_STATE_PAUSED, current_state = GST_STATE_READY, next_state = GST_STATE_PAUSED, pending_state = GST_STATE_PAUSED, last_return = GST_STATE_CHANGE_ASYNC, bus = 0x108bcb8, clock = 0x0, base_time = 0, start_time = 0, numpads = 1, pads = 0x109cc20, numsrcpads = 0, srcpads = 0x0, numsinkpads = 1, sinkpads = 0x109cc30, pads_cookie = 1, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}, sinkpad = 0x10a6170, pad_mode = GST_PAD_MODE_PUSH, offset = 0, can_activate_pull = 0, can_activate_push = 1, preroll_lock = {p = 0x1, i = {1, 0}}, preroll_cond = {p = 0x0, i = {0, 0}}, eos = 0, need_preroll = 1, have_preroll = 0, playing_async = 1, have_newsegment = 1, segment = {flags = GST_SEGMENT_FLAG_NONE, rate = 1, applied_rate = 1, format = GST_FORMAT_TIME, base = 0, offset = 0, start = 0, stop = 18446744073709551615, time = 0, position = 33333333, duration = 18446744073709551615, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}, clock_id = 0x0, sync = 1, flushing = 0, running = 0, max_lateness = 20000000, priv = 0x10a3188, _gst_reserved = { 0x0 <repeats 20 times>}}, width = 0, height = 0, priv = 0x10a3180, _gst_reserved = {0x0, 0x0, 0x0, 0x0}}, fixinfo = { id = '\000' <repeats 15 times>, smem_start = 1078984704, smem_len = 4608000, type = 0, type_aux = 0, visual = 2, xpanstep = 1, ypanstep = 1, ywrapstep = 0, line_length = 3840, mmio_start = 0, mmio_len = 0, accel = 0, capabilities = 0, reserved = {0, 0}}, varinfo = { xres = 800, yres = 480, xres_virtual = 1920, yres_virtual = 1200, xoffset = 0, yoffset = 0, bits_per_pixel = 16, grayscale = 0, red = { offset = 11, length = 5, msb_right = 0}, green = {offset = 5, length = 6, msb_right = 0}, blue = {offset = 0, length = 5, msb_right = 0}, transp = {offset = 0, length = 0, msb_right = 0}, nonstd = 0, activate = 0, height = 4294967295, width = 4294967295, accel_flags = 1, pixclock = 0, left_margin = 0, right_margin = 0, upper_margin = 0, lower_margin = 0, hsync_len = 0, vsync_len = 0, sync = 0, vmode = 0, rotate = 0, colorspace = 0, reserved = {0, 0, 0, 0}}, fd = 5, framebuffer = 0xb654a000 <error: Cannot access memory at address 0xb654a000>, device = 0x10a38d8 "/dev/fb0", width = 320, height = 240, cx = 240, cy = 120, linelen = 1280, lines = 240, bytespp = 4, fps_n = 30, fps_d = 1} (gdb) p map $3 = {memory = 0xb5d24008, flags = GST_MAP_READ, data = 0xb5d24058 '\377' <repeats 90 times>, "\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\377\a\377\a\377\a\377\a\377\a\377\a\377\a\377\a\377\a"..., size = 153600, maxsize = 153603, user_data = {0x0, 0xb69e3ba4 <gst_base_sink_set_last_buffer_unlocked+92>, 0x10a3378, 0x0}, _gst_reserved = {0x1, 0x10a3378, 0xb6f50dd8 <_gst_debug_min>, 0xb5c08838}} (gdb) p i $4 = 121 Fix this by changing the fbdevsink->bytespp calculation using the frame buffer xres_virtual size instead of xres.
commit df4ef4be394868faa5244a6dcec8a70e3c710b9c Author: Peter Seiderer <ps.report@gmx.net> Date: Mon Feb 22 10:21:47 2016 +0100 fbdevsink: fix bytes per pixel calculation Simple pipeline $ gst-launch-1.0 videotestsrc ! fbdevsink crashes with SIGSEGV in case the frambuffer xres is smaller than the virtual xres resolution, e.g.: $ fbset mode "800x480-0" # D: 0.000 MHz, H: 0.000 kHz, V: 0.000 Hz geometry 800 480 1920 1200 16 timings 0 0 0 0 0 0 0 accel true rgba 5/11,6/5,5/0,0/0 endmode