crash on video playback
FreeBSD 12.1 amd64, AMD Ryzen 3200G.
#0 0x0000000804f26c85 in memset () from /lib/libc.so.7
#1 0x000000080991563a in send_cmd_dec (dec=0x841c03e80, target=0x83136d7a0, picture=0x81151f078) at ../radeon/radeon_vcn_dec.c:1387
#2 0x00000008099174bf in radeon_dec_end_frame (decoder=0x841c03e80, target=0x83136d7a0, picture=0x81151f078) at ../radeon/radeon_vcn_dec.c:1429
#3 0x000000080f36fe46 in vlVaEndPicture (ctx=0x8313c6000, context_id=14) at picture.c:662
#4 0x0000000801f08862 in vaEndPicture () from /usr/local/lib/libva.so.2
#5 0x0000000802edbe24 in avcodec_parameters_to_context () from /usr/local/lib/libavcodec.so.58
#6 0x0000000802eeb162 in avcodec_parameters_to_context () from /usr/local/lib/libavcodec.so.58
#7 0x000000080296a3de in avpriv_fits_header_parse_line () from /usr/local/lib/libavcodec.so.58
#8 0x0000000802983e4b in avpriv_h264_has_num_reorder_frames () from /usr/local/lib/libavcodec.so.58
#9 0x0000000802824c11 in avcodec_send_packet () from /usr/local/lib/libavcodec.so.58
#10 0x0000000802824913 in avcodec_send_packet () from /usr/local/lib/libavcodec.so.58
#11 0x0000000000c247b7 in CDVDVideoCodecFFmpeg::AddData ()
#12 0x0000000000cb283d in CVideoPlayerVideo::Process ()
#13 0x0000000000f517c5 in CThread::Action ()
#14 0x0000000000f51b3a in CThread::GetRelativeUsage ()
#15 0x0000000804d4c7bb in pthread_create () from /lib/libthr.so.3
#16 0x0000000000000000 in ?? ()
Possible fix:
--- src/gallium/drivers/radeon/radeon_vcn_dec.c 2019-01-17 14:26:22.000000000 +0300
+++ src/gallium/drivers/radeon/radeon_vcn_dec.c 2020-04-23 18:19:49.324669000 +0300
@@ -1384,7 +1384,7 @@
msg_fb_it_probs_buf = &dec->msg_fb_it_probs_buffers[dec->cur_buffer];
bs_buf = &dec->bs_buffers[dec->cur_buffer];
- memset(dec->bs_ptr, 0, align(dec->bs_size, 128) - dec->bs_size);
+ memset(dec->bs_ptr, 0, dec->bs_size);
dec->ws->buffer_unmap(bs_buf->res->buf);
map_msg_fb_it_probs_buf(dec);
align(dec->bs_size, 128) - dec->bs_size
for dec->bs_size = 1 will result 127, and this probably will overwrites memory outside allocated region dec->bs_ptr
.
Anyway, using dec->bs_size
as size in memset()
more simple and clean.