<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - Planetary Anihilation: Titans display content of other processes buffers"
href="https://bugs.freedesktop.org/show_bug.cgi?id=91889#c24">Comment # 24</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - Planetary Anihilation: Titans display content of other processes buffers"
href="https://bugs.freedesktop.org/show_bug.cgi?id=91889">bug 91889</a>
from <span class="vcard"><a class="email" href="mailto:albertwdfreeman@gmail.com" title="Albert Freeman <albertwdfreeman@gmail.com>"> <span class="fn">Albert Freeman</span></a>
</span></b>
<pre>Yep, you are absolutely right, I just walked through every single gl call in
the application (skipping redundant frames and shader compilation). The entire
UI is drawn outside the apitrace capture and just uploaded to TEXTURE0. This
occurs whenever the UI is updated.
So basically the apitraces are useless as far as revealing any further
information goes.
Given the issue apparently only occurs with mesa (and most likely only r600)
and only with --software-ui missing. The UI probably draws with OpenGL calls
outside the scope of apitrace.
Note: This rendering engine sure does some strange things.
Regarding Security:
{
It is not a matter of what specification requires what. Rather a matter of what
people/organisations require a secure platform. Ultimately, if mesa can cause
an issue, someone could hack up an application that directly accesses the
drm/drivers in the kernel...
So the security thing is a kernel problem.
I am not sure if the average X application through X can access the entirety of
graphics memory, but it certainly can access what every application has in its
window at the time of access.
}</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>