Menu
▾
▴
[Bug 10071] New: Invalid read in emit_vec16 r300_maos.c. Related probably to artifact.
|
From: <bug...@fr...> - 2007-02-23 09:46:42
|
http://bugs.freedesktop.org/show_bug.cgi?id=3D10071 Summary: Invalid read in emit_vec16 r300_maos.c. Related probably to artifact. Product: DRI Version: XOrg CVS Platform: Other OS/Version: All Status: NEW Severity: normal Priority: medium Component: libGL AssignedTo: dri...@li... ReportedBy: pap...@cs... Valgrind reports the following error: =3D=3D8649=3D=3D Invalid read of size 4 =3D=3D8649=3D=3D =C2=A0 =C2=A0at 0x4BA0ED9: r300EmitArrays (r300_maos.c:172) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4B9648A: r300_run_vb_render (r300_render= .c:341) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4B96E8E: r300_run_tcl_render (r300_rende= r.c:540) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C128A0: _tnl_run_pipeline (t_pipeline.c= :159) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C9E8D8: _tnl_draw_prims (t_draw.c:400) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C97F42: vbo_exec_vtx_flush (vbo_exec_dr= aw.c:215) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C93885: vbo_exec_wrap_buffers (vbo_exec= _api.c:75) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C93D85: vbo_exec_vtx_wrap (vbo_exec_api= .c:109) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C97289: vbo_Vertex3fv (vbo_attrib_tmp.h= :61) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4837BE1: glVertex3fv (glapitemp.h:770) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x42C32CE: osgParticle::Particle::render(o= sg::Vec3f const&, osg::Vec3f const&, osg::Vec3f const&, float) const (in /usr/lib/libosgParticle.so) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x42C9633: osgParticle::ParticleSystem::single_pass_render(osg::State&, osg::Matrixd const&) const (in /usr/lib/libosgParticle.so) =3D=3D8649=3D=3D =C2=A0Address 0x4DADB00 is 0 bytes after a block of size 6= 5,536 alloc'd =3D=3D8649=3D=3D =C2=A0 =C2=A0at 0x40227F4: memalign (vg_replace_malloc.c:4= 48) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4022844: posix_memalign (vg_replace_mall= oc.c:549) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4BD5269: _mesa_align_malloc (imports.c:1= 13) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C94329: vbo_exec_vtx_init (vbo_exec_api= .c:638) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C935DC: vbo_exec_init (vbo_exec.c:52) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4C934D0: _vbo_CreateContext (vbo_context= .c:223) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4B8CAA5: r300CreateContext (r300_context= .c:297) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4B84D9C: radeonCreateContext (radeon_scr= een.c:920) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x4B815A9: driCreateNewContext (dri_util.c= :830) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x480A64E: CreateContext (glxcmds.c:353) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x480A984: glXCreateContext (glxcmds.c:430) =3D=3D8649=3D=3D =C2=A0 =C2=A0by 0x48924DD: Producer::RenderSurface::_init(= ) (in /usr/lib/libProducer.so) It seems that somehow in emit_vec16 in r300_maos, data has less allocated memory from what count thinks, by one, so we read out of the data bounds. for (i =3D 0; i < count; i++) { =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0out[0] =3D *(int *)data;=C2= =A0=C2=A0// Valgrind warns here =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0out[1] =3D *(int *)(data + = 4);// Valgrind warns and here =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0out[2] =3D *(int *)(data + = 8);// Valgrind warns and here =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0out[3] =3D *(int *)(data + = 12);// Valgrind warns and here =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0out +=3D 4; =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0data +=3D stride; } This happens when using a simple model which is not rendered correctly in blender and OSG. The black line should not exist. Toggling light seems to remove the black l= ine. --=20 Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=3Demail ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. |