After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 762482 - fbdevsink SIGSEGV
fbdevsink SIGSEGV
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-bad
1.6.3
Other Linux
: Normal normal
: 1.6.4
Assigned To: GStreamer Maintainers
GStreamer Maintainers
1.6.4
Depends on:
Blocks:
 
 
Reported: 2016-02-22 19:19 UTC by Peter Seiderer
Modified: 2016-04-14 17:43 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Ffx fbdevsink bytes per pixel calculation (6.91 KB, patch)
2016-02-22 19:19 UTC, Peter Seiderer
committed Details | Review

Description Peter Seiderer 2016-02-22 19:19:49 UTC
Created attachment 321888 [details] [review]
Ffx fbdevsink bytes per pixel calculation

Simple pipeline

        $ gst-launch-1.0 videotestsrc ! fbdevsink

crashes with SIGSEGV in case the frambuffer xres is smaller
than the virtual xres resolution, e.g.:

        $ fbset

  mode "800x480-0"
          # D: 0.000 MHz, H: 0.000 kHz, V: 0.000 Hz
          geometry 800 480 1920 1200 16
          timings 0 0 0 0 0 0 0
          accel true
          rgba 5/11,6/5,5/0,0/0
  endmode

Debug:
        $ gdb gst-launch-1.0
  (gdb) run videotestsrc ! fbdevsink
  (gdb) where
  #0  0xb6bd2d24 in __memcpy_neon ()
      at ../sysdeps/arm/armv7/multiarch/memcpy_impl.S:591
  #1  0xb69b04e8 in gst_fbdevsink_show_frame (videosink=0x10a3378,
      buf=0xb5c08838) at gstfbdevsink.c:269
  #2  0xb69e88c4 in gst_base_sink_do_preroll (sink=sink@entry=0x10a3378,
      obj=0xb5c08838, obj@entry=0xa0) at gstbasesink.c:2281
  #3  0xb69e92bc in gst_base_sink_do_sync (basesink=basesink@entry=0x10a3378,
      obj=0xa0, obj@entry=0xb5c08838, late=0x0, late@entry=0xb6548ba0,
      step_end=0x140, step_end@entry=0xb6548ba4) at gstbasesink.c:2500
  #4  0xb69ea67c in gst_base_sink_chain_unlocked (
      basesink=basesink@entry=0x10a3378, obj=0x0, obj@entry=0xb5c08838,
      is_list=is_list@entry=0, pad=<optimized out>) at gstbasesink.c:3486
  #5  0xb69ec1c0 in gst_base_sink_chain_main (basesink=0x10a3378,
      pad=<optimized out>, obj=0xb5c08838, is_list=0) at gstbasesink.c:3647
  #6  0xb6eb5b10 in gst_pad_chain_data_unchecked (pad=0x10a6170,
      type=<optimized out>, data=0xb5c08838) at gstpad.c:4086
  #7  0xb6eb7a34 in gst_pad_push_data (pad=pad@entry=0x10a6020,
      type=type@entry=4112, data=0xb5c08838) at gstpad.c:4338
  #8  0xb6ebf344 in gst_pad_push (pad=pad@entry=0x10a6020,
      buffer=<optimized out>) at gstpad.c:4454
  #9  0xb69f22f0 in gst_base_src_loop (pad=0x10a6020) at gstbasesrc.c:2845
  #10 0xb6eeddfc in gst_task_func (task=0x10a8828) at gsttask.c:331
  #11 0xb6d485a0 in g_thread_pool_thread_proxy (data=<optimized out>)
   at gthreadpoQuit
  (gdb) frame 1  #1  0xb69b04e8 in gst_fbdevsink_show_frame (videosink=0x10a3378,
      buf=0xb5c08838) at gstfbdevsink.c:269
  269     gstfbdevsink.c: No such file or directory.
  (gdb) p fbdevsink
  $1 = (GstFBDEVSink *) 0x10a3378
  (gdb) p *fbdevsink
  $2 = {videosink = {element = {element = {object = {object = {
              g_type_instance = {g_class = 0x10a2d60}, ref_count = 3,
              qdata = 0x0}, lock = {p = 0x0, i = {0, 0}},
            name = 0x10a2f30 "fbdevsink0", parent = 0x10a70a0, flags = 32,
            control_bindings = 0x0, control_rate = 100000000,
            last_sync = 18446744073709551615, _gst_reserved = 0x0},
          state_lock = {p = 0x109f9a8, i = {0, 0}}, state_cond = {p = 0x0, i = {
              3, 0}}, state_cookie = 2, target_state = GST_STATE_PAUSED,
          current_state = GST_STATE_READY, next_state = GST_STATE_PAUSED,
          pending_state = GST_STATE_PAUSED,
          last_return = GST_STATE_CHANGE_ASYNC, bus = 0x108bcb8, clock = 0x0,
          base_time = 0, start_time = 0, numpads = 1, pads = 0x109cc20,
          numsrcpads = 0, srcpads = 0x0, numsinkpads = 1, sinkpads = 0x109cc30,
          pads_cookie = 1, _gst_reserved = {0x0, 0x0, 0x0, 0x0}},
        sinkpad = 0x10a6170, pad_mode = GST_PAD_MODE_PUSH, offset = 0,
        can_activate_pull = 0, can_activate_push = 1, preroll_lock = {p = 0x1,
          i = {1, 0}}, preroll_cond = {p = 0x0, i = {0, 0}}, eos = 0,
        need_preroll = 1, have_preroll = 0, playing_async = 1,
        have_newsegment = 1, segment = {flags = GST_SEGMENT_FLAG_NONE, rate = 1,
          applied_rate = 1, format = GST_FORMAT_TIME, base = 0, offset = 0,
          start = 0, stop = 18446744073709551615, time = 0, position = 33333333,
          duration = 18446744073709551615, _gst_reserved = {0x0, 0x0, 0x0,
            0x0}}, clock_id = 0x0, sync = 1, flushing = 0, running = 0,
        max_lateness = 20000000, priv = 0x10a3188, _gst_reserved = {
          0x0 <repeats 20 times>}}, width = 0, height = 0, priv = 0x10a3180,
      _gst_reserved = {0x0, 0x0, 0x0, 0x0}}, fixinfo = {
      id = '\000' <repeats 15 times>, smem_start = 1078984704,
      smem_len = 4608000, type = 0, type_aux = 0, visual = 2, xpanstep = 1,
      ypanstep = 1, ywrapstep = 0, line_length = 3840, mmio_start = 0,
      mmio_len = 0, accel = 0, capabilities = 0, reserved = {0, 0}}, varinfo = {
    xres = 800, yres = 480, xres_virtual = 1920, yres_virtual = 1200,
    xoffset = 0, yoffset = 0, bits_per_pixel = 16, grayscale = 0, red = {
      offset = 11, length = 5, msb_right = 0}, green = {offset = 5,
      length = 6, msb_right = 0}, blue = {offset = 0, length = 5,
      msb_right = 0}, transp = {offset = 0, length = 0, msb_right = 0},
      nonstd = 0, activate = 0, height = 4294967295, width = 4294967295,
      accel_flags = 1, pixclock = 0, left_margin = 0, right_margin = 0,
      upper_margin = 0, lower_margin = 0, hsync_len = 0, vsync_len = 0,
      sync = 0, vmode = 0, rotate = 0, colorspace = 0, reserved = {0, 0, 0, 0}},
    fd = 5,
    framebuffer = 0xb654a000 <error: Cannot access memory at address 0xb654a000>, device = 0x10a38d8 "/dev/fb0", width = 320, height = 240, cx = 240, cy = 120,
    linelen = 1280, lines = 240, bytespp = 4, fps_n = 30, fps_d = 1}
  (gdb) p map
  $3 = {memory = 0xb5d24008, flags = GST_MAP_READ,
    data = 0xb5d24058 '\377' <repeats 90 times>, "\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\340\377\377\a\377\a\377\a\377\a\377\a\377\a\377\a\377\a\377\a"...,
    size = 153600, maxsize = 153603, user_data = {0x0,
      0xb69e3ba4 <gst_base_sink_set_last_buffer_unlocked+92>, 0x10a3378, 0x0},
    _gst_reserved = {0x1, 0x10a3378, 0xb6f50dd8 <_gst_debug_min>, 0xb5c08838}}
  (gdb) p i
  $4 = 121

Fix this by changing the fbdevsink->bytespp calculation using
the frame buffer xres_virtual size instead of xres.
Comment 1 Sebastian Dröge (slomo) 2016-02-23 09:38:57 UTC
commit df4ef4be394868faa5244a6dcec8a70e3c710b9c
Author: Peter Seiderer <ps.report@gmx.net>
Date:   Mon Feb 22 10:21:47 2016 +0100

    fbdevsink: fix bytes per pixel calculation
    
    Simple pipeline
    
        $ gst-launch-1.0 videotestsrc ! fbdevsink
    
    crashes with SIGSEGV in case the frambuffer xres is smaller
    than the virtual xres resolution, e.g.:
    
        $ fbset
    
      mode "800x480-0"
              # D: 0.000 MHz, H: 0.000 kHz, V: 0.000 Hz
              geometry 800 480 1920 1200 16
              timings 0 0 0 0 0 0 0
              accel true
              rgba 5/11,6/5,5/0,0/0
      endmode