[Mesa-dev] [PATCH] vbo: fix possible use-after-free segfault after a VAO is deleted
Michel Dänzer
michel at daenzer.net
Tue Apr 23 22:53:22 PDT 2013
On Mit, 2013-04-24 at 02:21 +0200, Marek Olšák wrote:
> This like the fifth attempt to fix the issue.
Hang in there. :) I only have a little spelling fix to offer:
> diff --git a/src/mesa/vbo/vbo_exec.c b/src/mesa/vbo/vbo_exec.c
> index 5827f90..fd3a052 100644
> --- a/src/mesa/vbo/vbo_exec.c
> +++ b/src/mesa/vbo/vbo_exec.c
> @@ -79,10 +79,26 @@ void vbo_exec_destroy( struct gl_context *ctx )
> */
> void vbo_exec_invalidate_state( struct gl_context *ctx, GLuint new_state )
> {
> - struct vbo_exec_context *exec = &vbo_context(ctx)->exec;
> + struct vbo_context *vbo = vbo_context(ctx);
> + struct vbo_exec_context *exec = &vbo->exec;
>
> - if (new_state & (_NEW_PROGRAM|_NEW_ARRAY)) {
> + if (!exec->validating && new_state & (_NEW_PROGRAM|_NEW_ARRAY)) {
> exec->array.recalculate_inputs = GL_TRUE;
> +
> + /* If we ended up here because a VAO was deleted, the _DrawArrays
> + * pointer which pointed to the VAO might be invalid now, so set it
> + * to NULL. This prevents crashes in driver functions like Clear
> + * where driver state validation might occur, but the vbo module is
> + * still in an invalid state.
> + *
> + * Drivers should skip vertex array state validation if _DrawArrays
> + * is NULL. It also has no affect on performance, because attrib
'effect'
> + * bindings will be recalculated anyway.
> + */
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Debian, X and DRI developer
More information about the mesa-dev
mailing list