<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - Memory corruption (crash) in draw/draw_pt_fetch_shade_pipeline_llvm.c:435"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=72926">72926</a>
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>mesa-dev@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Memory corruption (crash) in draw/draw_pt_fetch_shade_pipeline_llvm.c:435
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Classification</th>
          <td>Unclassified
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>lekensteyn@gmail.com
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Drivers/X11
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Created <span class=""><a href="attachment.cgi?id=91053" name="attach_91053" title="gdb bt full">attachment 91053</a> <a href="attachment.cgi?id=91053&action=edit" title="gdb bt full">[details]</a></span>
gdb bt full

After upgrading Mesa 9.2.4 to 10.0.1, my Java program using JOGL crashes with a
memory corruption error.

The attached GDB log was generated with Mesa
a3ae5dc7dd5c2f8893f86a920247e690e550ebd4 ("draw: make sure that the stages
setup outputs"), built with --enable-debug.

I enforce software rendering because that gives me in an order of magnitude
better fps than i965 (glReadPixel is slow.):

    LIBGL_ALWAYS_SOFTWARE=1 java -cp ... RobotRace

With some versions of my program (new member variable, no other side-effects),
it immediately crashes. For other versions, it crashes after modifying the
center point in gl.glLookAt(). Let me know if you need more details (source,
etc.).

Bisection leads to:
a3ae5dc7dd5c2f8893f86a920247e690e550ebd4 is the first bad commit
commit a3ae5dc7dd5c2f8893f86a920247e690e550ebd4
Author: Zack Rusin <<a href="mailto:zackr@vmware.com">zackr@vmware.com</a>>
Date:   Fri Aug 9 10:11:31 2013 -0400

    draw: make sure that the stages setup outputs

    Calling the prepare outputs cleans up the slot assignments
    for outputs, unfortunately aapoint and aaline didn't have
    code to reset their slots after the initial setup, this
    was messing up our slot assignments. The unfilled stage
    was just missing the initial assignment of the face slot.
    This fixes all of the reported piglit failures.

    Signed-off-by: Zack Rusin <<a href="mailto:zackr@vmware.com">zackr@vmware.com</a>>
    Reviewed-by: Roland Scheidegger <<a href="mailto:sroland@vmware.com">sroland@vmware.com</a>>

:040000 040000 fb87dfd2039663da7ff0fa6f12a5b0668fecee7f
fc98438608d4df5bd64ff651bf9098aaabc5a262 M      src

LLVM: 3.3
Mesa: 10.0.1 (gdb from a3ae5dc7dd5c2f8893f86a920247e690e550ebd4)
JOGL: 2.1-b1135-20131101
Linux: v3.13-rc2-208-g8ecffd7
Xorg: 1.14.5
OpenJDK: 7.u45_2.4.3</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>