Mesa (master): glx: Don't create a shared context if the other context isn' t the same kind
Ian Romanick
idr at kemper.freedesktop.org
Mon Dec 19 22:56:28 UTC 2011
Module: Mesa
Branch: master
Commit: c4a8c54c3bb31547cba57702ffea99293afef522
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=c4a8c54c3bb31547cba57702ffea99293afef522
Author: Ian Romanick <ian.d.romanick at intel.com>
Date: Tue Dec 6 12:19:39 2011 -0800
glx: Don't create a shared context if the other context isn't the same kind
Each of the DRI, DRI2, and DRISW backends contain code like the
following in their create-context routine:
if (shareList) {
pcp_shared = (struct dri2_context *) shareList;
shared = pcp_shared->driContext;
}
This assumes that the glx_context *shareList is actually the correct
derived type. However, if shareList was created as an
indirect-rendering context, it will not be the expected type. As a
result, shared will contain garbage. This garbage will be passed to
the driver, and the driver will probably segfault. This can be
observed with the following GLX code:
ctx0 = glXCreateContext(dpy, visinfo, NULL, False);
ctx1 = glXCreateContext(dpy, visinfo, ctx0, True);
Create-context is the only case where this occurs. All other cases
where a context is passed to the backend, it is the 'this' pointer
(i.e., we got to the backend by call something from ctx->vtable).
To work around this, check that the shareList->vtable->destroy method
is the same as the destroy method of the expected type. We could also
check that shareList->vtable matches the vtable or by adding a "tag"
to glx_context to identify the derived type.
NOTE: This is a candidate for the 7.11 branch.
Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
Reviewed-by: Adam Jackson <ajax at redhat.com>
Reviewed-by: Eric Anholt <eric at anholt.net>
---
src/glx/dri2_glx.c | 7 +++++++
src/glx/dri_glx.c | 7 +++++++
src/glx/drisw_glx.c | 7 +++++++
3 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/src/glx/dri2_glx.c b/src/glx/dri2_glx.c
index 553869a..f929fdd 100644
--- a/src/glx/dri2_glx.c
+++ b/src/glx/dri2_glx.c
@@ -185,6 +185,13 @@ dri2_create_context(struct glx_screen *base,
__DRIcontext *shared = NULL;
if (shareList) {
+ /* If the shareList context is not a DRI2 context, we cannot possibly
+ * create a DRI2 context that shares it.
+ */
+ if (shareList->vtable->destroy != dri2_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct dri2_context *) shareList;
shared = pcp_shared->driContext;
}
diff --git a/src/glx/dri_glx.c b/src/glx/dri_glx.c
index 666423a..9365224 100644
--- a/src/glx/dri_glx.c
+++ b/src/glx/dri_glx.c
@@ -587,6 +587,13 @@ dri_create_context(struct glx_screen *base,
return NULL;
if (shareList) {
+ /* If the shareList context is not a DRI context, we cannot possibly
+ * create a DRI context that shares it.
+ */
+ if (shareList->vtable->destroy != dri_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct dri_context *) shareList;
shared = pcp_shared->driContext;
}
diff --git a/src/glx/drisw_glx.c b/src/glx/drisw_glx.c
index f6aeda9..801ac7d 100644
--- a/src/glx/drisw_glx.c
+++ b/src/glx/drisw_glx.c
@@ -383,6 +383,13 @@ drisw_create_context(struct glx_screen *base,
return NULL;
if (shareList) {
+ /* If the shareList context is not a DRISW context, we cannot possibly
+ * create a DRISW context that shares it.
+ */
+ if (shareList->vtable->destroy != drisw_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct drisw_context *) shareList;
shared = pcp_shared->driContext;
}
More information about the mesa-commit
mailing list