<html>
<head>
<base href="https://bugs.freedesktop.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup"
href="https://bugs.freedesktop.org/show_bug.cgi?id=75279#c38">Comment # 38</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW --- - XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup"
href="https://bugs.freedesktop.org/show_bug.cgi?id=75279">bug 75279</a>
from <span class="vcard"><a class="email" href="mailto:bjacob@mozilla.com" title="Benoit Jacob <bjacob@mozilla.com>"> <span class="fn">Benoit Jacob</span></a>
</span></b>
<pre>I wasn't clear enough in <a href="show_bug.cgi?id=75279#c34">comment 34</a>, let me explain better :-)
The Mozilla change that exposed this,
<a href="https://bugzilla.mozilla.org/show_bug.cgi?id=860254">https://bugzilla.mozilla.org/show_bug.cgi?id=860254</a>, is exactly about having
memory overwritten immediately on free(). So this is _exactly_ what is
happening here :-)
The reason why the stand-alone glxtest program doesn't hang is that it doesn't
use Mozilla's modified memory allocator that overwrites memory on free(). If
you ran it with this memory allocator, no doubt that it would hang there, as
this loop would keep reading a wrong fence->status.
So what you can hope to reproduce yourself with this glxtest program is not the
hang, it's the valgrind-detected use-after-free, and I really believe that that
is the root cause for the hang when running with Mozilla's memory allocator.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>