[arch-commits] Commit in libdrm/repos (4 files)
Thomas Bächler
thomas at archlinux.org
Sun Apr 11 20:32:36 UTC 2010
Date: Sunday, April 11, 2010 @ 16:32:35
Author: thomas
Revision: 77295
Update libdrm: Fix a bug where intel drm crashes the X server due to memory corruption
Added:
libdrm/repos/extra-i686/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch
libdrm/repos/extra-x86_64/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch
Modified:
libdrm/repos/extra-i686/PKGBUILD
libdrm/repos/extra-x86_64/PKGBUILD
---------------------------------------------------------------------------------------+
extra-i686/PKGBUILD | 9 +
extra-i686/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch | 55 ++++++++++
extra-x86_64/PKGBUILD | 9 +
extra-x86_64/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch | 55 ++++++++++
4 files changed, 122 insertions(+), 6 deletions(-)
Modified: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2010-04-11 20:17:36 UTC (rev 77294)
+++ extra-i686/PKGBUILD 2010-04-11 20:32:35 UTC (rev 77295)
@@ -3,7 +3,7 @@
pkgname=libdrm
pkgver=2.4.19
-pkgrel=1
+pkgrel=2
pkgdesc="Userspace interface to kernel DRM services"
arch=(i686 x86_64)
license=('custom')
@@ -12,14 +12,17 @@
url="http://dri.freedesktop.org/"
source=(http://dri.freedesktop.org/${pkgname}/${pkgname}-${pkgver}.tar.bz2
no-pthread-stubs.patch
- COPYING)
+ COPYING
+ intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch)
md5sums=('c2699b5d8ebc9e47fb56da15f460107f'
'9b5ec3bbebe86921e2057694c42f65b8'
- 'ba65e71c481b94ef0fb6c23c7f21ffa1')
+ 'ba65e71c481b94ef0fb6c23c7f21ffa1'
+ '2dd7d84d3ebbc23c92b602104fae5df3')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -Np1 -i "${srcdir}/no-pthread-stubs.patch" || return 1
+ patch -p1 -i "${srcdir}/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch" || return 1
libtoolize --force || return 1
aclocal || return 1
autoconf || return 1
Added: extra-i686/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch
===================================================================
--- extra-i686/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch (rev 0)
+++ extra-i686/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch 2010-04-11 20:32:35 UTC (rev 77295)
@@ -0,0 +1,55 @@
+From 3506173ba7e726a9d0a17ec42734a925a885b01e Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris at chris-wilson.co.uk>
+Date: Sun, 11 Apr 2010 17:40:38 +0000
+Subject: intel: Use the correct size when allocating reloc_target_info array
+
+Thomas tracked down this error with kdm and commit b509640:
+
+==4320== Invalid write of size 8
+==4320== at 0x9A97998: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF13827: brw_emit_vertices (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xB256824: vbo_exec_vtx_flush (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB2523BB: vbo_exec_FlushVertices_internal (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB252411: vbo_exec_FlushVertices (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB195A3D: _mesa_PopAttrib (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== Address 0x126a8b80 is 0 bytes after a block of size 16,368 alloc'd
+==4320== at 0x4C23E03: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+==4320== by 0x9A97A64: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF191DB: upload_binding_table_pointers (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xB255EF6: vbo_exec_DrawArrays (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0x8DF67A3: __glXDisp_DrawArrays (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x446293: ??? (in /usr/bin/Xorg)
+
+which is simply due to only allocating space for the pointers and not
+the structs themselves. D'oh.
+
+Reported-by: Thomas Bächler <thomas at archlinux.org>
+Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
+---
+diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
+index 8e46e37..a2cf6e6 100644
+--- a/intel/intel_bufmgr_gem.c
++++ b/intel/intel_bufmgr_gem.c
+@@ -470,7 +470,7 @@ drm_intel_setup_reloc_list(drm_intel_bo *bo)
+ bo_gem->relocs = malloc(max_relocs *
+ sizeof(struct drm_i915_gem_relocation_entry));
+ bo_gem->reloc_target_info = malloc(max_relocs *
+- sizeof(drm_intel_reloc_target *));
++ sizeof(drm_intel_reloc_target));
+ if (bo_gem->relocs == NULL || bo_gem->reloc_target_info == NULL) {
+ bo_gem->has_error = 1;
+
+--
+cgit v0.8.3-6-g21f6
Modified: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2010-04-11 20:17:36 UTC (rev 77294)
+++ extra-x86_64/PKGBUILD 2010-04-11 20:32:35 UTC (rev 77295)
@@ -3,7 +3,7 @@
pkgname=libdrm
pkgver=2.4.19
-pkgrel=1
+pkgrel=2
pkgdesc="Userspace interface to kernel DRM services"
arch=(i686 x86_64)
license=('custom')
@@ -12,14 +12,17 @@
url="http://dri.freedesktop.org/"
source=(http://dri.freedesktop.org/${pkgname}/${pkgname}-${pkgver}.tar.bz2
no-pthread-stubs.patch
- COPYING)
+ COPYING
+ intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch)
md5sums=('c2699b5d8ebc9e47fb56da15f460107f'
'9b5ec3bbebe86921e2057694c42f65b8'
- 'ba65e71c481b94ef0fb6c23c7f21ffa1')
+ 'ba65e71c481b94ef0fb6c23c7f21ffa1'
+ '2dd7d84d3ebbc23c92b602104fae5df3')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
patch -Np1 -i "${srcdir}/no-pthread-stubs.patch" || return 1
+ patch -p1 -i "${srcdir}/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch" || return 1
libtoolize --force || return 1
aclocal || return 1
autoconf || return 1
Added: extra-x86_64/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch
===================================================================
--- extra-x86_64/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch (rev 0)
+++ extra-x86_64/intel-use-the-correct-size-when-allocating-reloc_target_info-array.patch 2010-04-11 20:32:35 UTC (rev 77295)
@@ -0,0 +1,55 @@
+From 3506173ba7e726a9d0a17ec42734a925a885b01e Mon Sep 17 00:00:00 2001
+From: Chris Wilson <chris at chris-wilson.co.uk>
+Date: Sun, 11 Apr 2010 17:40:38 +0000
+Subject: intel: Use the correct size when allocating reloc_target_info array
+
+Thomas tracked down this error with kdm and commit b509640:
+
+==4320== Invalid write of size 8
+==4320== at 0x9A97998: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF13827: brw_emit_vertices (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xB256824: vbo_exec_vtx_flush (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB2523BB: vbo_exec_FlushVertices_internal (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB252411: vbo_exec_FlushVertices (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0xB195A3D: _mesa_PopAttrib (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== Address 0x126a8b80 is 0 bytes after a block of size 16,368 alloc'd
+==4320== at 0x4C23E03: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
+==4320== by 0x9A97A64: do_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0x9A97B9C: drm_intel_gem_bo_emit_reloc (in /usr/lib/libdrm_intel.so.1.0.0)
+==4320== by 0xAED3234: intel_batchbuffer_emit_reloc (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF191DB: upload_binding_table_pointers (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF1F14D: brw_upload_state (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xAF12122: brw_draw_prims (in /usr/lib/xorg/modules/dri/i965_dri.so)
+==4320== by 0xB255EF6: vbo_exec_DrawArrays (in /usr/lib/xorg/modules/dri/libdricore.so)
+==4320== by 0x8DF67A3: __glXDisp_DrawArrays (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF0F02: __glXDisp_Render (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x8DF517F: __glXDispatch (in /usr/lib/xorg/modules/extensions/libglx.xorg)
+==4320== by 0x446293: ??? (in /usr/bin/Xorg)
+
+which is simply due to only allocating space for the pointers and not
+the structs themselves. D'oh.
+
+Reported-by: Thomas Bächler <thomas at archlinux.org>
+Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
+---
+diff --git a/intel/intel_bufmgr_gem.c b/intel/intel_bufmgr_gem.c
+index 8e46e37..a2cf6e6 100644
+--- a/intel/intel_bufmgr_gem.c
++++ b/intel/intel_bufmgr_gem.c
+@@ -470,7 +470,7 @@ drm_intel_setup_reloc_list(drm_intel_bo *bo)
+ bo_gem->relocs = malloc(max_relocs *
+ sizeof(struct drm_i915_gem_relocation_entry));
+ bo_gem->reloc_target_info = malloc(max_relocs *
+- sizeof(drm_intel_reloc_target *));
++ sizeof(drm_intel_reloc_target));
+ if (bo_gem->relocs == NULL || bo_gem->reloc_target_info == NULL) {
+ bo_gem->has_error = 1;
+
+--
+cgit v0.8.3-6-g21f6
More information about the arch-commits
mailing list