Mesa (master): mesa: Increment the list pointer while freeing instruction data
Ian Romanick
idr at kemper.freedesktop.org
Fri Jan 24 21:43:21 UTC 2014
Module: Mesa
Branch: master
Commit: c11d76c51a29ed4fe02a8c46ba9fd64083f155ed
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=c11d76c51a29ed4fe02a8c46ba9fd64083f155ed
Author: Ian Romanick <ian.d.romanick at intel.com>
Date: Tue Jan 21 16:52:42 2014 -0800
mesa: Increment the list pointer while freeing instruction data
Since the list pointer was never incremented when a OPCODE_PIXEL_MAP
opcode was encountered, the data for the instruction would get freed
over and over and over... resulting in a crash.
Fixes gl-1.0-beginend-coverage.
Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72214
Reviewed-by: Brian Paul <brianp at vmware.com>
Cc: Lu Ha <huax.lu at intel.com>
---
src/mesa/main/dlist.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/mesa/main/dlist.c b/src/mesa/main/dlist.c
index cb40ff4..08943c9 100644
--- a/src/mesa/main/dlist.c
+++ b/src/mesa/main/dlist.c
@@ -767,6 +767,7 @@ _mesa_delete_list(struct gl_context *ctx, struct gl_display_list *dlist)
break;
case OPCODE_PIXEL_MAP:
free(get_pointer(&n[3]));
+ n += InstSize[n[0].opcode];
break;
case OPCODE_CONTINUE:
More information about the mesa-commit
mailing list