Red Hat Bugzilla – Bug 250070
Stack corruption when get XV_FREQ on 64bit arches
Last modified: 2007-11-30 17:12:11 EST
The applications which work with v4l device throw Xvideo X11 extension (not
directly) uses XV_FREQ attribute to obtain the current v4l tuner frequency.
There is a bug in xorg-x11-drv-v4l, which cause X11 server to crash when XV_FREQ
attribute is asked.
Only 64bit systems are affected.
The problem is that when x11-drv-v4l receive such a request, it ask the hardware
for frequency, using v4l1 ioctl VIDIOCGFREQ. This ioctl has an argument -- a
pointer to "unsigned long". But the actual pointer, passed to the ioctl call, is
IOW, the actual pointer points to 4-byte area, whereas ioctl call assumes that
it points to "unsigned long", which on 64bit arches is 8 bytes long...
How to reproduce:
On any 64bit system with TV-tuner capable v4l hardware, with "v4l" driver
included in xorg.conf "Module" sections, just run "xvinfo". The whole X11 server
is crashed then.
This bug was initially found by using xawtv (see bug #247747).
The patch attached fixes the issue. I have a success report from the initial bug
reporter about it.
Created attachment 160234 [details]
This patch fixes the issue.
*** Bug 247747 has been marked as a duplicate of this bug. ***
Fixed in 0.1.1-8.fc8. Will post an F7 update shortly.
xorg-x11-drv-v4l-0.1.1-8.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report.
xorg-x11-drv-v4l-0.1.1-8.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.