[Mesa-dev] segfault in pstip_bind_sampler_states

Brian Paul brianp at vmware.com
Mon Aug 12 07:29:14 PDT 2013 

On 08/09/2013 01:50 PM, Kevin H. Hobbs wrote:
> On 08/09/2013 01:59 PM, Brian Paul wrote:
>>
>> That's probably not it, given the above.  Can you try setting a
>> breakpoint on pstip_destroy() and see if that's getting called before
>> the segfault?  If so, things are getting freed in the wrong order.
>>
>
> No, it is not called before the segfault.
>
> We do seem to enter pstip_bind_sampler_states many times before the
> segfault. I do not remember this from before I had CFLAGS="-g -O0"...
>
> The last time through :
>
> (gdb) print pstip
> $1 = (struct pstip_stage *) 0xff66331aff66331a
>
> I don't think my actual RAM goes that high.

That looks suspect since the low and high halves of the address are the 
same.


>
> (gdb) print pstip->state
> Cannot access memory at address 0xff66331aff66339a
>
> I should think not...
>
> (gdb) print pipe
> $2 = (struct pipe_context *) 0x13d6ec0
>
> What does pstip_stage_from_pipe do?
>
> (gdb) print pipe->draw
> $3 = (void *) 0x137a090
>
> (gdb) print ((struct draw_context *)(pipe->draw))->pipeline
> $6 = {first = 0xffda006dffdc006e, validate = 0xffd40069ffd9006c,
> flatshade = 0xffe6007affe7007d, clip =
>      0xffe10070ffe30072, cull = 0xffdf006fffe00070, twoside =
> 0xffdd006effde006f, offset =
>      0xffda006dffdc006d, unfilled = 0xffd8006bffd9006c, stipple =
> 0xffd5006affd6006b, aapoint =
>      0xffd00067ffd30069, aaline = 0xff66331aff66331a, pstipple =
> 0xff66331aff66331a, wide_line =
>      0xff66331aff66331a, wide_point = 0xff66331aff66331a, rasterize =
> 0xff66331aff66331a,
>    wide_point_threshold = -3.05987774e+38, wide_line_threshold =
> -3.05987774e+38,
>    wide_point_sprites = 26 '\032', line_stipple = 51 '3', point_sprite =
> 102 'f', verts =
>      0xff66331aff66331a <Address 0xff66331aff66331a out of bounds>,
> vertex_stride = 4284887834,
>    vertex_count = 4284887834}
>
> Which looks like a whole lot of uninitialized..
>

Can you run with valgrind?  That should give us some useful info if 
there's a use-after-free.

Otherwise, if you can send me an executable, I could try it here.

-Brian

More information about the mesa-dev mailing list