reauktion/daedalus-v4l2
2
0
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a43296c1ed992271aef7256c1cabeb42639e163e
daedalus-v4l2/daemon
T
History
claude-noether a43296c1ed daemon: bounds-check pack_* functions against CAPTURE plane size 
The three NV12/P010 pack functions (pack_nv12_single_to_plane,
pack_nv12_to_planes, pack_p010_to_plane) wrote into the V4L2
client's CAPTURE dmabuf without checking that the mapped size
covers the frame libavcodec just decoded.

Crash scenario: YouTube DASH stepping resolution mid-stream
(e.g. 480p -> 720p when bandwidth improves) — libva is supposed
to handle the V4L2_EVENT_SOURCE_CHANGE with STREAMOFF / S_FMT /
REQBUFS, but in practice a stale CAPTURE request with the old
buffer size sometimes slips through carrying the new (larger)
frame.  The chroma-interleave inner loop walks past the mapping
boundary and the daemon takes SIGSEGV mid-frame, which in turn
leaves V4L2 clients hanging in vb2_core_dqbuf — see the followup
ticket on the D-state symptom.

Fix: compute required = y_size + uv_size against planes->size[N]
BEFORE any write.  On mismatch, log_warn with both sizes and the
frame dimensions, and return -EOVERFLOW.

The caller (process_decode_request loop) already handles a
negative pack return with a log_warn and proceeds without
aborting the decode — the kernel still gets the response with
metadata-only and the V4L2 client sees a frame whose pixels are
stale but whose buffer-done event fires normally.  The next
SOURCE_CHANGE the client processes resyncs the buffer size.

All three pack paths get the same bounds-check; the comment on
pack_nv12_single is the canonical explanation, the other two
reference it.

Verified: builds clean against trixie aarch64; no behavioural
change on the happy path (the bounds check is a single size
compare; on a correctly-sized CAPTURE buffer it's a 1-cycle pass).

Closes daedalus-v4l2 task #145 (daemon SEGV in pack_nv12_single
on resolution change).
2026-05-23 15:31:50 +02:00
..
src
daemon: bounds-check pack_* functions against CAPTURE plane size
2026-05-23 15:31:50 +02:00
CMakeLists.txt
daemon: link daedalus-fourier + log substrate availability at startup
2026-05-21 18:00:46 +02:00
README.md
Initial scaffold: daedalus-v4l2 sibling repo
2026-05-18 14:54:56 +00:00

README.md

daemon/ — daedalus-v4l2 userspace decoder daemon

Userspace daemon that:

  1. Connects to the kernel module's chardev
  2. Receives bitstream + V4L2 control blobs
  3. Parses bitstream via dlopen'd FFmpeg
  4. Dispatches per-block work via daedalus_dispatch_* from sibling daedalus-fourier
  5. Returns decoded frames to kernel

Status

Scaffold only. Phase 8.3 not yet started.

Build dependencies (planned)

  • libdaedalus_core.a from sibling daedalus-fourier (static link)
  • FFmpeg dev headers (for AVPacket/AVCodec interface types) + runtime FFmpeg .so (loaded via dlopen)
  • libv4l2 (for V4L2 control struct definitions)
  • pthread

Build (when implemented)

mkdir build && cd build
cmake .. -DDAEDALUS_FOURIER_DIR=/path/to/daedalus-fourier
make

Layout (planned)

  • CMakeLists.txt
  • src/main.c — event loop, chardev connection
  • src/parser.c — FFmpeg dlopen wrapper + per-codec dispatch
  • src/decode_vp9.c, src/decode_av1.c, src/decode_h264.c — per-codec block walkers
  • src/frame_io.c — frame allocation, return to kernel

License

BSD-2-Clause (matches daedalus-fourier sibling).

Phase 8.3 starting point

A standalone program that:

  1. Opens a .ivf or .mp4
  2. Pulls codec packets via dlopen'd avformat
  3. Calls dlopen'd avcodec to parse (without decoding)
  4. Walks the block-level metadata
  5. Validates output structure

No kernel involvement yet — just confirm the parse path works.

Reference in New Issue View Git Blame Copy Permalink