[Bug 79317] New: xorg crashes due to assert() when a large "image" is created

Tue May 27 07:33:44 PDT 2014

https://bugs.freedesktop.org/show_bug.cgi?id=79317

          Priority: medium
            Bug ID: 79317
          Assignee: spice-bugs at lists.freedesktop.org
           Summary: xorg crashes due to assert() when a large "image" is
                    created
          Severity: normal
    Classification: Unclassified
                OS: All
          Reporter: freedesktop-bugzilla at dm.cobite.com
          Hardware: Other
            Status: NEW
           Version: unspecified
         Component: xorg qxl
           Product: Spice

Created attachment 99951
  --> https://bugs.freedesktop.org/attachment.cgi?id=99951&action=edit
avoid assert() crash by dynamically adjusting image chunk size

The maximum number of "commands" that can be queued at once is fixed at compile
time at MAX_RELOCS. However, during the creation of an image object in
qxl_image_create(), the image is split into commands of maximum size 512*512.
For a large dual-head system, it is easy to create an image for which the
number of chunks will result in an overflow of MAX_RELOCS number of "commands".

Identify this scenario and dynamically increase the chunk size to avoid the
overflow, and the resulting assert() which crashes Xorg.

Note: the debugging statement is currently enabled in this patch.

This is almost certainly the cause of:

https://bugzilla.redhat.com/show_bug.cgi?id=1013840
http://retrace.fedoraproject.org/faf/problems/1528867/
http://retrace.fedoraproject.org/faf/reports/345040/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/spice-bugs/attachments/20140527/b5354b2e/attachment.html>