Sakur wrote: > Denis Oliver Kropp wrote: >> Sakur schrieb: >> >>> Denis Oliver Kropp wrote: >>> >>>> Sakur schrieb: >>>> >>>> >>>>> Hi All: >>>>> I've built DirectFB on FC5 running on PS3. Now there's no problem to >>>>> direct DFB app to X11 or SDL output. But the crash was immediately >>>>> occurred if set back to FBDev output,even invoking simple "dfbinfo". >>>>> Here's the error log (I added some simple log marked as red): >>>>> >>>>> ..... >>>>> >>>>> (-) [Main Thread 0.790] (13349) Core/Input: >>>>> init_devices( 0x10017388 ) >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'WM97xx Touchscreen >>>>> Driver'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'SonyPI Jogdial Driver'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'PenMount 9509'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'MuTouch'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'Serial Mouse Driver'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> probing 'PS/2 Mouse Driver'... >>>>> (-) [Main Thread 0.790] (13349) >>>>> Core/Input: -> 1 available device(s) provided >>>>> by 'PS/2 Mouse Driver'. >>>>> (*) open number:0,/dev/input/mice input mouse >>>>> (*) mouse: PS2_IMPS2 >>>>> (-) [PS/2 Input 0.840] (13353) Direct/Signals: Blocking all >>>>> signals from now on! >>>>> (*) Start read mouse data >>>>> (*) Direct/Thread: Running 'PS/2 Input' (INPUT, 13353)... >>>>> (-) [Main Thread 0.840] (13349) >>>>> Core/Input: make_id( 0x01 ) >>>>> (*) DirectFB/Input: IMPS/2 Mouse 1.0 (directfb.org) >>>>> (-) [Main Thread 0.840] (13349) >>>>> Core/Input: input_add_device( 0x1001e9d0 ) >>>>> (-) [Main Thread 0.840] (13349) >>>>> Core/Input: -> probing 'LIRC Driver'... >>>>> (-) [Main Thread 0.840] (13349) >>>>> Core/Input: -> probing 'Linux Input Driver'... >>>>> (*) Linux Input: Driver_get_available Enter >>>>> (*) get input device info >>>>> (*) get_device_info call >>>>> (*) get_device_info enter >>>>> (*) Get device:Dell Dell USB Mouse >>>>> (*) test_bit evbit >>>>> (*) touchpad:0 >>>>> (*) get_device_info leave >>>>> (!) [13349: 0.840] --> Caught signal 11 (at (nil), invalid address) <-- >>>>> (-) [13349: -STACK- ] >>>>> #0 0x0f69bbd0 in signal_handler () from >>>>> /usr/local/lib/libdirect-1.0.so.0 [0xf68e000] >>>>> #1 0x0f1bdce0 in driver_get_available () from >>>>> /usr/local/lib/directfb-1.0-0/inputdrivers/libdirectfb_linux_input.so >>>>> [0xf1b9000] >>>>> >>>>> >>>> get_device_info( fd, &info ); >>>> >>>> ioctl( fd, EVIOCGRAB, 0 ); >>>> close( fd ); >>>> >>>> if (!dfb_config->linux_input_ir_only || >>>> (info.desc.type & DIDTF_REMOTE)) >>>> device_nums[num_devices++] = i; >>>> >>>> It could only be that dfb_config is NULL. That is when >>>> dfb_config_init() was not called (by DirectFBInit()). >>>> >>>> But DirectFBCreate() checks that. >>>> >>>> >>>> >>> Hi,Denis: >>> I've traced at the crashed point. The crash happened when >>> "get_device_info" function returned. Seemed the return address was >>> invalid.Even I put a log right after get_device_info call. No any >>> output got shown after "get_device_info". >>> Also,I removed some maybe unsupported CFLAGS to build. The crash >>> still occurred at the same point. I believe PS3Linux gcc will generate >>> 32-bit mode objects (Actually just similar as gcc for PowerPC).So what >>> might be the cause? >>> >> >> unsigned int num_keys = 0; >> unsigned int num_ext_keys = 0; >> unsigned int num_buttons = 0; >> unsigned int num_rels = 0; >> unsigned int num_abs = 0; >> >> unsigned long evbit[NBITS(EV_MAX)]; >> unsigned long keybit[NBITS(KEY_MAX)]; >> unsigned long relbit[NBITS(REL_MAX)]; >> unsigned long absbit[NBITS(ABS_MAX)]; >> >> >> I thought it could be that the stack limit is too low, but >> these local variables would occupy only about 100 bytes. >> >> > Hi: > Sorry, I ignored another key point which I confirmed causing the crash > after further investigation. > > > *ioctl(fd,EVIOCGBIT(0,EV_MAX),evbit) > > The return value for this call is "31" == EMLINK. > > > * Hi, I got the crash reason : ioctl( fd, EVIOCGBIT(0, EV_MAX), evbit ) ==> the second arg for EVIOCGBIT macro is bad here,which should be "sizeof(evbit)". This might cause memory overflow (the returned "31" bytes copied into actual 4 bytes array). But I am confused why the issue is not detected on i386. Anyway, Thanks for all
Cheers Sakur
_______________________________________________ directfb-dev mailing list [email protected] http://mail.directfb.org/cgi-bin/mailman/listinfo/directfb-dev
