Ubuntu
xserver-xorg-video-intel package

  1. Bug #354688
  2. Comment #11

Comment 11 for bug 354688

Revision history for this message
In , Albert Damen (albrt) wrote :

The problem is in xxv-intel, src/i830_video.c
In I830PutImage:
    if (pPriv->buf == NULL) {
        pPriv->buf = drm_intel_bo_alloc(pI830->bufmgr,
                                        "xv buffer", alloc_size, 4096);
        if (pPriv->buf == NULL)
            return BadAlloc;
        if (!pPriv->textured && drm_intel_bo_pin(pPriv->buf, 4096) != 0) {
            drm_intel_bo_unreference(pPriv->buf);
            xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
                       "Failed to pin xv buffer\n");
            return BadAlloc;
        }
    }

The first time totem is run, pPriv->buf is NULL, a buffer is allocated and, given the failed to pin error message, pPriv->buf is now not NULL. drm_intel_bo_unreference frees the buffer, but does not set pPriv->buf back to NULL.
Therefore, next time totem is run, -intel will think we have a valid xv buffer and crash.

Attached patch solves the problem and makes totem return the BadAlloc error message every time. X no longer crashes.