[Bug 52574] New: crash in memcpy_texture because of NULL dstAddr (gl_texture_image.Data)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jul 27 02:06:43 PDT 2012


https://bugs.freedesktop.org/show_bug.cgi?id=52574

             Bug #: 52574
           Summary: crash in memcpy_texture because of NULL dstAddr
                    (gl_texture_image.Data)
    Classification: Unclassified
           Product: Mesa
           Version: 7.11
          Platform: x86-64 (AMD64)
        OS/Version: FreeBSD
            Status: NEW
          Severity: major
          Priority: medium
         Component: Drivers/DRI/R600
        AssignedTo: dri-devel at lists.freedesktop.org
        ReportedBy: avg at icyb.net.ua


Useful part of stack trace:
(gdb) bt
#0  0x0000000802e452f6 in memcpy () from /lib/libc.so.7
#1  0x0000000817fff011 in memcpy_texture (ctx=0x82c4a8000, dimensions=0,
dstFormat=MESA_FORMAT_ARGB8888_REV, dstAddr=0x0, dstXoffset=0, dstYoffset=0, 
    dstZoffset=0, dstRowStride=4352, dstImageOffsets=0x82b1d78c8,
srcWidth=1056, srcHeight=33, srcDepth=1, srcFormat=32993, srcType=5121, 
    srcAddr=0x83beff000, srcPacking=0x82c4b7690) at main/texstore.c:994
#2  0x00000008180082ca in _mesa_texstore_argb8888 (ctx=0x82c4a8000, dims=2,
baseInternalFormat=6408, dstFormat=MESA_FORMAT_ARGB8888, dstAddr=0x0, 
    dstXoffset=0, dstYoffset=0, dstZoffset=0, dstRowStride=4352,
dstImageOffsets=0x82b1d78c8, srcWidth=1056, srcHeight=33, srcDepth=1, 
    srcFormat=32993, srcType=5121, srcAddr=0x83beff000, srcPacking=0x82c4b7690)
at main/texstore.c:1430
#3  0x00000008180091fb in _mesa_texstore (ctx=<optimized out>, dims=<optimized
out>, baseInternalFormat=<optimized out>, dstFormat=<optimized out>, 
    dstAddr=<optimized out>, dstXoffset=<optimized out>, dstYoffset=0,
dstZoffset=0, dstRowStride=4352, dstImageOffsets=0x82b1d78c8, srcWidth=1056, 
    srcHeight=33, srcDepth=1, srcFormat=32993, srcType=5121,
srcAddr=0x83beff000, srcPacking=0x82c4b7690) at main/texstore.c:4478
#4  0x0000000817f8a4c7 in radeon_store_teximage (ctx=0x82c4a8000, dims=2,
xoffset=0, yoffset=0, zoffset=0, width=1056, height=33, depth=1, 
    imageSize=0, format=32993, type=5121, pixels=0x83beff000,
packing=0x82c4b7690, texObj=0x844c11500, texImage=0x82ba98ec0, compressed=0)
    at radeon_texture.c:749
#5  0x0000000817f8ab1b in radeon_teximage (ctx=0x82c4a8000, dims=2,
target=<optimized out>, level=0, internalFormat=<optimized out>, width=1056, 
    height=33, depth=1, imageSize=0, format=32993, type=5121, pixels=<optimized
out>, packing=0x82c4b7690, texObj=0x844c11500, texImage=0x82ba98ec0, 
    compressed=0) at radeon_texture.c:834
#6  0x0000000817f8b6e7 in radeonTexImage2D (ctx=<optimized out>,
target=<optimized out>, level=<optimized out>, internalFormat=<optimized out>, 
    width=<optimized out>, height=<optimized out>, border=0, format=32993,
type=5121, pixels=0x83beff000, packing=0x82c4b7690, texObj=0x844c11500, 
    texImage=0x82ba98ec0) at radeon_texture.c:867
#7  0x0000000817ffad91 in teximage (ctx=0x82c4a8000, dims=2, target=3553,
level=0, internalFormat=4, width=1056, height=33, depth=1, border=0, 
    format=32993, type=5121, pixels=0x83beff000) at main/teximage.c:2505
#8  0x0000000817ffafc9 in _mesa_TexImage2D (target=3553, level=0,
internalFormat=4, width=1056, height=33, border=0, format=32993, type=5121, 
    pixels=0x83beff000) at main/teximage.c:2559
#9  0x0000000803e46622 in __glXDRIbindTexImage () from
/usr/local/lib/xorg/modules/extensions/libglx.so
#10 0x0000000803e3a7d8 in __glXDisp_BindTexImageEXT () from
/usr/local/lib/xorg/modules/extensions/libglx.so
#11 0x0000000803e3b020 in __glXDisp_VendorPrivate () from
/usr/local/lib/xorg/modules/extensions/libglx.so
#12 0x0000000803e3d22d in __glXDispatch () from
/usr/local/lib/xorg/modules/extensions/libglx.so

In frame 5 the following inconsistency can be observed:
(gdb) p *(radeonTexObj*)texObj
$12 = {base = {Mutex = 0x8363736a0, RefCount = 3, Name = 10721, Target = 3553,
Sampler = {Name = 0, RefCount = 0, WrapS = 33071, WrapT = 33071, 
      WrapR = 10497, MinFilter = 9728, MagFilter = 9728, BorderColor = {f = {0,
0, 0, 0}, ui = {0, 0, 0, 0}, i = {0, 0, 0, 0}}, MinLod = -1000, 
      MaxLod = 1000, LodBias = 0, MaxAnisotropy = 1, CompareMode = 0,
CompareFunc = 515, CompareFailValue = 0, sRGBDecode = 35401, 
      CubeMapSeamless = 0 '\000', DepthMode = 6409, _CompleteTexture = 0
'\000'}, Priority = 1, BaseLevel = 0, MaxLevel = 1000, _MaxLevel = 10, 
    _MaxLambda = 10, CropRect = {0, 0, 0, 0}, Swizzle = {6403, 6404, 6405,
6406}, _Swizzle = 1672, GenerateMipmap = 0 '\000', _Complete = 1 '\001', 
    _RenderToTexture = 0 '\000', Purgeable = 0 '\000', Image = {{0x82ba98ec0,
0x0 <repeats 14 times>}, {0x0 <repeats 15 times>}, {
        0x0 <repeats 15 times>}, {0x0 <repeats 15 times>}, {0x0 <repeats 15
times>}, {0x0 <repeats 15 times>}}, BufferObject = 0x0, 
    BufferObjectFormat = 0, Palette = {InternalFormat = 0, _BaseFormat = 0,
Size = 0, TableF = 0x0, TableUB = 0x0, RedSize = 0 '\000', 
      GreenSize = 0 '\000', BlueSize = 0 '\000', AlphaSize = 0 '\000',
LuminanceSize = 0 '\000', IntensitySize = 0 '\000'}, DriverData = 0x0}, 
  mt = 0x846d87b00, validated = 0 '\000', minLod = 0, maxLod = 0,
override_offset = 3398523648, image_override = 1 '\001', tile_bits = 0, 
  bo = 0x839e88480, pp_txfilter = 0, pp_txformat = 0, pp_txformat_x = 0,
pp_txsize = 0, pp_txpitch = 0, pp_border_color = 0, pp_cubic_faces = 0, 
  pp_txfilter_1 = 0, SQ_TEX_RESOURCE0 = 553158401, SQ_TEX_RESOURCE1 =
1744830496, SQ_TEX_RESOURCE2 = 0, SQ_TEX_RESOURCE3 = 1088, 
  SQ_TEX_RESOURCE4 = 101335040, SQ_TEX_RESOURCE5 = 0, SQ_TEX_RESOURCE6 =
2147483648, SQ_TEX_RESOURCE7 = 0, SQ_TEX_SAMPLER0 = 12582930, 
  SQ_TEX_SAMPLER1 = 4228841472, SQ_TEX_SAMPLER2 = 2147483648,
TD_PS_SAMPLER0_BORDER_RED = 0, TD_PS_SAMPLER0_BORDER_GREEN = 0, 
  TD_PS_SAMPLER0_BORDER_BLUE = 0, TD_PS_SAMPLER0_BORDER_ALPHA = 0,
border_fallback = 0 '\000'}
(gdb) p *(radeon_texture_image*)texImage
$14 = {base = {InternalFormat = 4, _BaseFormat = 6408, TexFormat =
MESA_FORMAT_ARGB8888, Border = 0, Width = 1056, Height = 33, Depth = 1, 
    Width2 = 1056, Height2 = 33, Depth2 = 1, WidthLog2 = 10, HeightLog2 = 5,
DepthLog2 = 0, MaxLog2 = 10, WidthScale = 1056, HeightScale = 33, 
    DepthScale = 1, IsClientData = 0 '\000', _IsPowerOfTwo = 0 '\000',
TexObject = 0x844c11500, 
    FetchTexelc = 0x81810268f <fetch_texel_float_to_chan>, FetchTexelf =
0x8180fe1d7 <fetch_texel_2d_f_argb8888>, RowStride = 1056, 
    ImageOffsets = 0x82b1d78c8, Data = 0x0, DriverData = 0x0}, mt = 0x0, bo =
0x0, mtlevel = 0, mtface = 0}

As you can see (a) texObj has bo set, but (b) texImage has neither bo nor mt
set.

Because of (a) the Data field is _not_ set in radeon_teximage(), because of (b)
the field is not set in radeon_teximage_map() call made from
radeon_store_teximage.  Thus Data remains NULL.

I am not sure if there is a simple logic error somewhere in radeon_teximage or
radeon_store_teximage, or if the discrepancy between texImage and texObj means
that there is a bug some place else.

I see that the code in git master is quite different, but unfortunately I do
not have an opportunity to test it.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the dri-devel mailing list