[Bug 32449] New: crash in r600_set_vertex_buffers with invalid GL usage flag used in glBufferData

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu Dec 16 10:39:03 PST 2010 

https://bugs.freedesktop.org/show_bug.cgi?id=32449

           Summary: crash in r600_set_vertex_buffers with invalid GL usage
                    flag used in glBufferData
           Product: Mesa
           Version: 7.10
          Platform: x86-64 (AMD64)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/R600
        AssignedTo: dri-devel at lists.freedesktop.org
        ReportedBy: sean at middleditch.us


Created an attachment (id=41180)
 --> (https://bugs.freedesktop.org/attachment.cgi?id=41180)
VBO flag test case

If an invalid usage flag (something other than the GL_STATIC_DRAW,
GL_DYNAMIC_DRAW, etc.) is passed to glBufferData, then any Draw calls using
that VBO will crash inside the r600 driver.

The error should either be detected during the call to glBufferData or an
invalid flag should simply use a sensible default rather than crashing during
Draw.

This is on an x86-64 machine (Fedora Rawhide).  I do not know if this happens
on other architectures.

Attaching a simple test case (using GLEW and GLUT).  Backtrace from test case
is here.  I also don't know if this happens with other DRI drivers, and whether
this is a bug in the R600 specifically or something that should be fixed higher
up in the common Mesa layers, but since the crash happens in the R600 driver
I'm assuming that's the culprit.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff724dd7f in r600_set_vertex_buffers (ctx=0x6154c0, count=1,
buffers=0x7fffffffd5c0) at r600_state_common.c:165
165            if (r600_buffer_is_user_buffer(buffers[i].buffer))
#0  0x00007ffff724dd7f in r600_set_vertex_buffers (ctx=0x6154c0, count=1,
buffers=0x7fffffffd5c0) at r600_state_common.c:165
#1  0x00007ffff7304b3c in st_draw_vbo (ctx=0xb48d80, arrays=<value optimized
out>, prims=0x7fffffffdb60, nr_prims=1, ib=0x0, index_bounds_valid=<value
optimized out>, min_index=0, max_index=2)
    at state_tracker/st_draw.c:701
#2  0x00007ffff73012cb in vbo_draw_arrays (ctx=0xb48d80, mode=4, start=0,
count=<value optimized out>, numInstances=<value optimized out>) at
vbo/vbo_exec_array.c:588
#3  0x0000000000400d85 in display ()
#4  0x00000039f0020f75 in ?? () from /usr/lib64/libglut.so.3
#5  0x00000039f0024ab9 in fgEnumWindows () from /usr/lib64/libglut.so.3
#6  0x00000039f00214da in glutMainLoopEvent () from /usr/lib64/libglut.so.3
#7  0x00000039f0021db5 in glutMainLoop () from /usr/lib64/libglut.so.3
#8  0x0000000000400f00 in main ()

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the dri-devel mailing list