[Bug 91065] Invalid read in intel_tiled_memcpy.c ytiled_to_linear

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Mon Jun 22 22:18:30 PDT 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=91065

            Bug ID: 91065
           Summary: Invalid read in intel_tiled_memcpy.c ytiled_to_linear
           Product: Mesa
           Version: 10.6
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/i965
          Assignee: idr at freedesktop.org
          Reporter: arcppzju+fdbug at gmail.com
        QA Contact: intel-3d-bugs at lists.freedesktop.org

Bug description:

Invalid read in mesa-10.6.0/src/mesa/drivers/dri/i965/intel_tiled_memcpy.c,
intel_readpixels_tiled_memcpy -> tiled_to_linear -> ytiled_to_linear_faster ->
ytiled_to_linear.

See backtrace below for details.


System environment:
-- chipset: Haswell-ULT (i7-4500U)
-- system architecture: x86_64
-- mesa/libdrm version: 10.6.0/2.4.61
-- kernel version: 4.0.5-1-ARCH
-- xf86-video-intel: 2.99.917
-- xserver: 1.17.2
-- linux distribution: ArchLinux
-- machine model: Lenovo Thinkpad X240s (20AKA00DHH)


Reproduce steps:

1. Run ppsspp, play game like "Eiyuu Densetsu: Zero no Kiseki"
2. ppsspp will crash randomly


Additional info:

I tried to find a quick, confident fix but failed (unfamiliar with OpenGL /
Intel). Any help is appreciated.

(gdb) bt
#0  0x00007ffff4476a00 in __memcpy_avx_unaligned () from /usr/lib/libc.so.6
#1  0x00007fffe9190353 in ytiled_to_linear (x0=0, x1=0, x2=128, x3=128, y0=0,
y1=32, 
    dst=0x5fa8400 ..., src=0x7fffe389e000 <error: Cannot access memory at
address 0x7fffe389e000>, dst_pitch=512, swizzle_bit=0, 
    mem_copy=0x7ffff44768a0 <__memcpy_avx_unaligned>) at
intel_tiled_memcpy.c:364
#2  0x00007fffe91909bd in ytiled_to_linear_faster (x0=0, x1=0, x2=128, x3=128,
y0=0, y1=32, 
    dst=0x5fa8400 ..., src=0x7fffe389e000 <error: Cannot access memory at
address 0x7fffe389e000>, dst_pitch=512, swizzle_bit=0, 
    // invalid src 0x7fffe389e000. In fact, 0x7fffe389e000-1 is the last valid
byte.   
    mem_copy=0x7ffff44768a0 <__memcpy_avx_unaligned>) at
intel_tiled_memcpy.c:521
#3  0x00007fffe91910a0 in tiled_to_linear (xt1=0, xt2=512, yt1=0, yt2=64, 
    dst=0x5fa4300 ..., 
    src=0x7fffe389a000 ..., dst_pitch=512, src_pitch=256, has_swizzling=false,
tiling=2, 
    mem_copy=0x7ffff44768a0 <__memcpy_avx_unaligned>) at
intel_tiled_memcpy.c:715
#4  0x00007fffe91892db in intel_readpixels_tiled_memcpy (ctx=0x243bb40,
xoffset=0, yoffset=0, width=128, 
    height=64, format=6408, type=5121, pixels=0x5fa4300, pack=0x2456d00) at
intel_pixel_read.c:199
#5  0x00007fffe9189495 in intelReadPixels (ctx=0x243bb40, x=0, y=0, width=128,
height=64, format=6408, 
    type=5121, pack=0x2456d00, pixels=0x5fa4300) at intel_pixel_read.c:257
#6  0x00007fffe8da5147 in _mesa_ReadnPixelsARB (x=0, y=0, width=128, height=64,
format=6408, type=5121, 
    bufSize=2147483647, pixels=0x5fa4300) at main/readpix.c:1088
#7  0x00007fffe8da5198 in _mesa_ReadPixels (x=0, y=0, width=128, height=64,
format=6408, type=5121, 
    pixels=0x5fa4300) at main/readpix.c:1096
#8  0x0000000000a9cfd9 in FramebufferManager::PackFramebufferSync_
(this=0x3c2e2a0, vfb=0x6722c70, x=0, y=0, 
    w=128, h=64) at ppsspp-git/src/ppsspp/GPU/GLES/Framebuffer.cpp:1691
#9  0x0000000000a9bc4e in FramebufferManager::ReadFramebufferToMemory
(this=0x3c2e2a0, vfb=0x66fcb90, 
    sync=true, x=0, y=0, w=128, h=64)
    at ppsspp-git/src/ppsspp/GPU/GLES/Framebuffer.cpp:1293

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/intel-3d-bugs/attachments/20150623/5770d50b/attachment.html>

More information about the intel-3d-bugs mailing list