Bug 250070 - Stack corruption when get XV_FREQ on 64bit arches
Stack corruption when get XV_FREQ on 64bit arches
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: xorg-x11-drv-v4l (Show other bugs)
7
x86_64 Linux
medium Severity high
: ---
: ---
Assigned To: Adam Jackson
Fedora Extras Quality Assurance
: EasyFix, Patch
: 247747 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-30 06:57 EDT by Dmitry Butskoy
Modified: 2007-11-30 17:12 EST (History)
2 users (show)

See Also:
Fixed In Version: 0.1.1-8.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-07 13:18:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
This patch fixes the issue. (934 bytes, patch)
2007-07-30 06:57 EDT, Dmitry Butskoy
no flags Details | Diff

  None (edit)
Description Dmitry Butskoy 2007-07-30 06:57:02 EDT
The applications which work with v4l device throw Xvideo X11 extension (not
directly) uses XV_FREQ attribute to obtain the current v4l tuner frequency.

There is a bug in xorg-x11-drv-v4l, which cause X11 server to crash when XV_FREQ
attribute is asked.

Only 64bit systems are affected.

The problem is that when x11-drv-v4l receive such a request, it ask the hardware
for frequency, using v4l1 ioctl VIDIOCGFREQ. This ioctl has an argument -- a
pointer to "unsigned long". But the actual pointer, passed to the ioctl call, is
(INT32 *).

IOW, the actual pointer points to 4-byte area, whereas ioctl call assumes that
it points to "unsigned long", which on 64bit arches is 8 bytes long...


How to reproduce:

On any 64bit system with TV-tuner capable v4l hardware, with "v4l" driver
included in xorg.conf "Module" sections, just run "xvinfo". The whole X11 server
is crashed then.


This bug was initially found by using xawtv (see bug #247747).


The patch attached fixes the issue. I have a success report from the initial bug
reporter about it.
Comment 1 Dmitry Butskoy 2007-07-30 06:57:02 EDT
Created attachment 160234 [details]
This patch fixes the issue.
Comment 2 Dmitry Butskoy 2007-07-30 07:04:16 EDT
*** Bug 247747 has been marked as a duplicate of this bug. ***
Comment 3 Adam Jackson 2007-08-28 13:20:33 EDT
Fixed in 0.1.1-8.fc8.  Will post an F7 update shortly.
Comment 4 Fedora Update System 2007-08-29 13:26:31 EDT
xorg-x11-drv-v4l-0.1.1-8.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2007-09-07 13:18:35 EDT
xorg-x11-drv-v4l-0.1.1-8.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.