Ubuntu
libva package

vainfo crashed with SIGSEGV in va_TraceEnd()

Bug #1325873 reported by Laurent Bonnaud on 2014-06-03

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	libva (Debian)	Fix Released	Unknown	debbugs #750429
	libva (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Here is the problem:

$ vainfo
libva info: VA-API version 0.35.0
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib/x86_64-linux-gnu/dri/i965_drv_video.so
libva info: Found init function __vaDriverInit_0_35
libva info: va_openDriver() returns 0
vainfo: VA-API version: 0.35 (libva 1.3.0)
vainfo: Driver version: Intel i965 driver - 1.3.0
vainfo: Supported profile and entrypoints
      VAProfileMPEG2Simple : VAEntrypointVLD
      VAProfileMPEG2Main : VAEntrypointVLD
      VAProfileH264ConstrainedBaseline: VAEntrypointVLD
      VAProfileH264ConstrainedBaseline: VAEntrypointEncSlice
      VAProfileH264Main : VAEntrypointVLD
      VAProfileH264Main : VAEntrypointEncSlice
      VAProfileH264High : VAEntrypointVLD
      VAProfileH264High : VAEntrypointEncSlice
      VAProfileVC1Simple : VAEntrypointVLD
      VAProfileVC1Main : VAEntrypointVLD
      VAProfileVC1Advanced : VAEntrypointVLD
      VAProfileNone : VAEntrypointVideoProc
Segmentation fault (core dumped)

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: vainfo 1.3.0-2
ProcVersionSignature: Ubuntu 3.13.0-29.52-generic 3.13.11.2
Uname: Linux 3.13.0-29-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: KDE
Date: Tue Jun 3 11:03:32 2014
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/vainfo
ProcCmdline: vainfo
SegvAnalysis:
Segfault happened at: 0x7f7ec3e484a2 <va_TraceEnd+18>: mov (%rbx),%rdi
PC (0x7f7ec3e484a2) ok
source "(%rbx)" (0x7575757575757575) not located in a known VMA region (needed readable region)!
destination "%rdi" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: libva
StacktraceTop:
va_TraceEnd (dpy=dpy@entry=0x1d4f2f0) at va_trace.c:238
vaTerminate (dpy=dpy@entry=0x1d4f2f0) at va.c:523
main (argc=<optimized out>, argv=<optimized out>) at vainfo.c:149
Title: vainfo crashed with SIGSEGV in va_TraceEnd()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm autopilot cdrom dip fuse libvirtd lpadmin plugdev sambashare staff sudo

Tags:

Related branches

lp:debian/libva

lp:ubuntu/utopic/libva

Revision history for this message

Laurent Bonnaud (laurent-bonnaud) wrote on 2014-06-03:

Dependencies.txt Edit (435 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (1.0 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (338 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (11.1 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (848 bytes, text/plain; charset="utf-8")
Registers.txt Edit (760 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (924 bytes, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (972 bytes, text/plain; charset="utf-8")

information type:

Private → Public

Revision history for this message

Apport retracing service (apport) wrote on 2014-06-03:

StacktraceTop:
va_TraceEnd (dpy=dpy@entry=0x1d4f2f0) at va_trace.c:238
vaTerminate (dpy=dpy@entry=0x1d4f2f0) at va.c:523
main (argc=<optimized out>, argv=<optimized out>) at vainfo.c:149

Revision history for this message

Apport retracing service (apport) wrote on 2014-06-03: Stacktrace.txt

Stacktrace.txt Edit (924 bytes, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2014-06-03: StacktraceSource.txt

StacktraceSource.txt Edit (1.1 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2014-06-03: ThreadStacktrace.txt

ThreadStacktrace.txt Edit (972 bytes, text/plain)

Changed in libva (Ubuntu):
importance:	Undecided → Medium
tags:	removed: need-amd64-retrace

Revision history for this message

Sebastian Ramacher (s-ramacher) wrote on 2014-06-03:

Thanks, I don't see the segfault but valgrind warns about the line. I'll take this upstream.

Revision history for this message

Laurent Bonnaud (laurent-bonnaud) wrote on 2014-06-03:

Thanks !

You perhaps need the following environment variables to reproduce the crash:

MALLOC_CHECK_=3
MALLOC_PERTURB_=117

Bug Watch Updater (bug-watch-updater) on 2014-06-03

Changed in libva (Debian):
status:	Unknown → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-06-05:

This bug was fixed in the package libva - 1.3.1-3

---------------
libva (1.3.1-3) unstable; urgency=medium

* debian/use-after-free.patch: Fix use after free error in vaTerminate
(upstream patch). (Closes: #750429) (LP: #1325873)

-- Sebastian Ramacher <email address hidden> Tue, 03 Jun 2014 22:43:21 +0200

Changed in libva (Ubuntu):
status:	New → Fix Released

Bug Watch Updater (bug-watch-updater) on 2014-06-05

Changed in libva (Debian):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #750429
[done important upstream] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibva package

vainfo crashed with SIGSEGV in va_TraceEnd()

Bug Description

Related branches

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
libva package