<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - Crash in eglCreateImageKHR with huge texture size"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=93667">93667</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>Crash in eglCreateImageKHR with huge texture size
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86-64 (AMD64)
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Linux (All)
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>EGL
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>mesa-dev@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>fabian@ritter-vogt.de
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>mesa-dev@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I couldn't select 11.1 as version, so I used "unspecified".

Originally reported as bug in KWin: <a href="https://bugs.kde.org/show_bug.cgi?id=357754">https://bugs.kde.org/show_bug.cgi?id=357754</a>

"I accidentially set QT_DEVICE_PIXEL_RATIO=100 when opening a Qt application
that uses OpenGL and kwin_x11 crashes repoducably with the following backtrace
until I kill the application:

#5  <signal handler called>
#6  dri2_create_image_khr_pixmap (ctx=<optimized out>, attr_list=<optimized
out>, buffer=<optimized out>, disp=0x363b480) at
drivers/dri2/platform_x11.c:1051
#7  dri2_x11_create_image_khr (drv=<optimized out>, disp=0x363b480,
ctx=<optimized out>, target=<optimized out>, buffer=<optimized out>,
attr_list=<optimized out>) at drivers/dri2/platform_x11.c:1074
#8  0x00007fcc598c6279 in eglCreateImageKHR (dpy=0x363b480, ctx=0x0,
target=12464, buffer=0x7657a89, attr_list=0x7ffdd25b8db0) at main/eglapi.c:1331
#9  0x00007fcc6738fada in KWin::AbstractEglTexture::loadTexture
(this=0x4d8c670, pix=124091017, size=...) at
/usr/src/debug/kwin-5.5.2/abstract_egl_backend.cpp:312"

xcb_dri2_get_buffers_reply in dri2_create_image_khr_pixmap
(egl/drivers/dri2/platform_x11.c:1000) returns NULL,
but this is not detected and xcb_dri2_get_buffers_buffers (buffers_reply)
returns 0x20.
This passes the check against NULL and it crashes when accessing
buffers_reply->width in :1052.
I found multiple places where xcb_dri2_get_buffers_reply is used this way,
AFAICS they're all affected.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>