Hi,
I think, it's problem in XAWTV, because I've got the same error if I
had only one TV tuner in my PC. I've solved the problem that I reduced
number of items in channel list. If I have in the list only 10
channels, then any of the four XAWTV didn't crashed. It's very
strange. It looks like the pop-up menu with the channel list write to
the memory of the graphics card somewhere out of the memory. What do
you think about it?
Jiri
Sami Farin wrote:
>On Sat, Mar 11, 2006 at 11:08:25AM +0100, Bodo Eggert wrote:
>> Duncan Sands <[email protected]> wrote:
>>
>> >> The bttv driver/chip seems to cause random memory corruption
sometimes,
>> >> processes will just start dying...
>> >
>> > There is a known buffer overflow in the bttv driver (when using
>> > grabdisplay). The fix is waiting on an audit of the rest of the
>> > bttv (and similar) code, since it looks like the same mistake
>> > occurs in several places.
>>
>> Can you give me a hint on where exactly to shoot at? I'n still
hoping it's
>> not my VIA board giving me trouble (corrupting the first four bytes of a
>> semi-random page).
>
>check out this email to LKML
>
>it might not be the Final Fix, but xawtv hasn't crashed on me yet
>
>From: Duncan Sands <[email protected]>
>Subject: [PATCH] bttv: correct bttv_risc_packed buffer size
>Date: Wed, 25 Jan 2006 11:24:27 +0100
>Cc: Linux Kernel list <[email protected]>
>MIME-Version: 1.0
>Content-Type: Multipart/Mixed;
> boundary="Boundary-00=_cH11D22lqYSaiQl"
>Message-Id: <[email protected]>
>
>
>This patch fixes the strange crashes I was seeing after using
>my bttv card to watch television. They were caused by a
>buffer overflow in bttv_risc_packed.
>
>The instruction buffer size calculation contains two errors:
>(a) a non-zero padding value can push the start of the next bpl
>section to just before a page border, leading to more scanline
>splits and thus additional instructions.
>(b) the first DMA region can be smaller than one page, so there can
>be a scanline split even if bpl*lines is smaller than PAGE_SIZE.
>
>For example, consider the case where offset is 0, bpl is 2, padding
>is 4094, lines is smaller than 2048, the first DMA region has size 1
>and all others have size PAGE_SIZE, assumed to equal 4096. Then
>all bpl regions cross page borders and the number of instructions
>written is 2*lines+2, rather than lines+2 (the current estimate).
>With this patch the number of instructions for this example is
>estimated to be 2*lines+3.
>
>Also, the BUG_ON that was supposed to catch buffer overflows contained
>a thinko causing it fire only if the buffer was overrun by a factor of
>16 or more.
>
>I didn't check whether similar mistakes exist elsewhere in the bttv
>code.
>
>Signed-off-by: Duncan Sands <[email protected]>
>
>PS: I'm sending the patch as an attachment because for some reason my
>mailer crashes if I try to insert it into the email.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]