[Openchrome-devel] VIAFreeRec - double free / 0x1106, 0x7122 with HDMI

Ruslan N. Marchenko me
Mon Sep 3 19:30:41 PDT 2012 

Hi there,
being recent owner of Zbox Nano VD01 (VIA_VX900,   0x1106, 0x7122) want to report couple of findings.
1. the box comes with DisplayPort + HDMI which I believe is VIA_DEVICE_LCD | VIA_DEVICE_TV - hence

diff --git a/src/via_id.c b/src/via_id.c
index a9de60b..e803c5c 100644
--- a/src/via_id.c
+++ b/src/via_id.c
@@ -250,7 +250,7 @@ static struct ViaCardIdStruct ViaCardId[] = {
     /*** VX900 ***/
     {"Simmtronics SIMM-PC VX900i",            VIA_VX900,   0x1019, 0x3126, VIA_DEVICE_CRT},
     {"Foxconn L740",                          VIA_VX900,   0x105B, 0x0CFD, VIA_DEVICE_LCD | VIA_DEVICE_CRT},
-    {"HP T5550 Thin Client",                  VIA_VX900,   0x1106, 0x7122, VIA_DEVICE_CRT},
+    {"HP T5550 Thin Client",                  VIA_VX900,   0x1106, 0x7122, VIA_DEVICE_CRT | VIA_DEVICE_LCD | VIA_DEVICE_TV},
     {"ASRock PV530",                          VIA_VX900,   0x1849, 0x7122, VIA_DEVICE_CRT},
 
     /* keep this */

2. When there're no modelines and Xorg tries to release resources it crashes with double free or corruption error in FreeRec. With these changes

diff --git a/src/via_driver.c b/src/via_driver.c
index d9e940f..2492861 100644
--- a/src/via_driver.c
+++ b/src/via_driver.c
@@ -429,8 +429,11 @@ VIAFreeRec(ScrnInfoPtr pScrn)
 
     if (((VIARec *) (pScrn->driverPrivate))->pBIOSInfo->TVI2CDev)
         xf86DestroyI2CDevRec((((VIARec *) (pScrn->driverPrivate))->pBIOSInfo->TVI2CDev), TRUE);
-    free(((VIARec *) (pScrn->driverPrivate))->pBIOSInfo);
+    DEBUG(xf86DrvMsg(pScrn->scrnIndex, X_INFO, "VIAFreeRec: FreeBIOSInfo\n"));
+    if (((VIARec *) (pScrn->driverPrivate))->pBIOSInfo && ((VIARec *) (pScrn->driverPrivate))->pBIOSInfo != pBIOSInfo)
+        free(((VIARec *) (pScrn->driverPrivate))->pBIOSInfo);
 
+    DEBUG(xf86DrvMsg(pScrn->scrnIndex, X_INFO, "VIAFreeRec: VIAUnmapMem\n"));
     VIAUnmapMem(pScrn);
 
     free(pScrn->driverPrivate);

it passes up to last DEBUG line. Although still backtraces:
(II) CHROME(0): VIAFreeRec: VIAUnmapMem
(II) CHROME(0): VIAUnmapMem
(EE) 
(EE) Backtrace:
(EE) 0: Xorg (xorg_backtrace+0x36) [0x7f7355cc18c6]
(EE) 1: Xorg (0x7f7355b19000+0x1ac6f9) [0x7f7355cc56f9]
(EE) 2: /lib/x86_64-linux-gnu/libpthread.so.0 (0x7f7354e3f000+0xfcb0) [0x7f7354e4ecb0]
(EE) 3: /usr/lib/xorg/modules/libvgahw.so (0x7f73526ef000+0x17b0) [0x7f73526f07b0]
(EE) 4: /usr/lib/xorg/modules/drivers/openchrome_drv.so (0x7f73528f7000+0x254dd) [0x7f735291c4dd]
(EE) 5: /usr/lib/xorg/modules/drivers/openchrome_drv.so (0x7f73528f7000+0x21e51) [0x7f7352918e51]

Sorry, haven't found yet how to add symbols to _drv.so --enable-debug didn't help.

Just thought it could be useful.

Regards,
Ruslan
-- 
Looking forward to reading Yours.
     Ruslan N. Marchenko

More information about the Openchrome-devel mailing list