1
0
mirror of https://github.com/mpv-player/mpv synced 2024-12-29 18:42:09 +00:00
mpv/video
Sven Kroeger fc8c1fcfb2 drm_prime: double free bug
This commit fixes a bug where handle for a framebuffer gets double
freed.
It seems to happen that the same prime fd gets two framebuffers.
As the prime fd is the same the resulting prime handle is also the
same.
This means one handle but 2 framebuffers and can lead to the following
chain:

1. The first framebuffer gets deleted the handle gets also freed via
the ioctl.

2. In startup phase not all 4 dumb buffers for overlay drawing
are set up. It can happen that the last dumb buffer gets the
handle we freed above.

3. The second framebuffer gets freed and the handle will be
freed again resulting that the 4's dumb buffer handle is not
backed by a buffer.

4. Drm prime continues to assign handles to its prime fds an
will lead to have this handle which was just freed to
reassign again but to an prime buffer.

5.Now the overlay should be drawn into dumb buffer 4 which
still has the same handle but is backed by the wrong buffer.
This leads to two different behaviors:

- MPV crashes as the drm prime buffers size als calculated
by the decoder output format. The overlay output format
differs and it takes more space. SO the size check
in kernel fails.

- MPV is continuing play. This happens when the decoders
allocates a bigger buffer than needed for the overlay.
For example overlay is Full HD and decoder output is 4k.
This leads to the behavior das the overlay wil be drawn
into the wrong buffer as its a drm prime buffer and results
in a flicker every fourth step.
2020-03-05 18:12:57 +01:00
..
decode Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
filter vf_format: add w, h parameters 2020-02-09 18:23:22 +01:00
out drm_prime: double free bug 2020-03-05 18:12:57 +01:00
csputils.c csputils: fix outdated comment 2019-10-20 16:00:32 +02:00
csputils.h video: add pure gamma TRC curves for 2.0, 2.4 and 2.6. 2019-09-27 13:21:41 +02:00
cuda.c video: cuda: add explicit context creation for copy hwaccels 2019-12-29 14:32:47 -08:00
d3d.c video: remove mp_image_params.hw_flags field 2019-10-17 22:43:14 +02:00
d3d.h
fmt-conversion.c video: drop NV24 alias 2020-02-18 18:03:42 +01:00
fmt-conversion.h
hwdec.c video: cuda: add explicit context creation for copy hwaccels 2019-12-29 14:32:47 -08:00
hwdec.h video: cuda: add explicit context creation for copy hwaccels 2019-12-29 14:32:47 -08:00
image_loader.c screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
image_loader.h
image_writer.c screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
image_writer.h screenshot, vo_image: use global swscale/zimg parameters 2019-10-31 15:44:09 +01:00
img_format.c Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
img_format.h video: drop NV24 alias 2020-02-18 18:03:42 +01:00
mp_image_pool.c mp_image_pool: expose a function for reporting hw download format 2019-10-02 21:07:14 +02:00
mp_image_pool.h mp_image_pool: expose a function for reporting hw download format 2019-10-02 21:07:14 +02:00
mp_image.c Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
mp_image.h video, demux: rip out unused spherical metadata code 2019-10-17 22:49:26 +02:00
sws_utils.c Remove remains of Libav compatibility 2020-02-16 15:14:55 +01:00
sws_utils.h sws_utils, zimg: destroy vo_x11 and vo_drm performance 2019-10-31 16:51:12 +01:00
vaapi.c vaapi: reduce log levels further 2020-01-11 16:35:30 +01:00
vaapi.h vo_gpu: hwdec_vaapi: Suppress format errors when probing 2019-07-08 01:57:02 +02:00
vdpau_functions.inc
vdpau_mixer.c
vdpau_mixer.h
vdpau.c
vdpau.h
zimg.c zimg: fix previous odd sizes commit 2020-02-13 01:26:51 +01:00
zimg.h sws_utils, zimg: destroy vo_x11 and vo_drm performance 2019-10-31 16:51:12 +01:00