[Mesa-dev] [Bug 73761] New: driCreateContextAttribs uses freed memory on context recreation
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Jan 18 03:42:18 PST 2014
https://bugs.freedesktop.org/show_bug.cgi?id=73761
Priority: medium
Bug ID: 73761
Assignee: mesa-dev at lists.freedesktop.org
Summary: driCreateContextAttribs uses freed memory on context
recreation
Severity: normal
Classification: Unclassified
OS: Linux (All)
Reporter: edwin+mesa at etorok.net
Hardware: x86-64 (AMD64)
Status: NEW
Version: 10.0
Component: Other
Product: Mesa
Created attachment 92327
--> https://bugs.freedesktop.org/attachment.cgi?id=92327&action=edit
bug.c
If I create a debug context, have the window receive some events (for example
mouse movements), then delete the context/window, and recreate them I get a
crash here:
struct gl_context *ctx = context->driverPrivate;
if ((flags & __DRI_CTX_FLAG_FORWARD_COMPATIBLE) != 0)
ctx->Const.ContextFlags |= GL_CONTEXT_FLAG_FORWARD_COMPATIBLE_BIT;
if ((flags & __DRI_CTX_FLAG_DEBUG) != 0) {
ctx->Const.ContextFlags |= GL_CONTEXT_FLAG_DEBUG_BIT;//<--- crash
ctx->Debug.DebugOutput = GL_TRUE;
}
See valgrind output below, and attached testcase. The testcase uses SDL 2.0.1.
$ gcc /tmp/bug.c `sdl2-config --cflags --libs`
$ valgrind ./a.out
==29028== Memcheck, a memory error detector
==29028== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==29028== Using Valgrind-3.9.0 and LibVEX; rerun with -h for copyright info
==29028== Command: ./a.out
==29028==
Move your mouse now to generate some events
==29028== Invalid write of size 1
==29028== at 0x53A8570: driCreateContextAttribs (dri_util.c:446)
==29028== by 0x3067840357: ??? (in
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1.2.0)
==29028== by 0x3067818461: ??? (in
/usr/lib/mesa-diverted/x86_64-linux-gnu/libGL.so.1.2.0)
==29028== by 0x4CFA37D: X11_GL_CreateContext (in
/usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.1.0)
==29028== by 0x4CEF2AF: SDL_GL_CreateContext (in
/usr/lib/x86_64-linux-gnu/libSDL2-2.0.so.0.1.0)
==29028== by 0x400A50: test_window (in
/home/edwin/HDD/me/language/OpenGL/tgls-arcsynthesis/a.out)
==29028== by 0x400ACC: main (in
/home/edwin/HDD/me/language/OpenGL/tgls-arcsynthesis/a.out)
==29028== Address 0x530f701 is 52,753 bytes inside a block of size 65,536
free'd
==29028== at 0x4A0870C: free (vg_replace_malloc.c:468)
==29028== by 0x56FD463: r600_sb::sb_pool::free_all() (sb_valtable.cpp:313)
==29028== by 0x56F6291: r600_sb::shader::~shader() (sb_ir.h:89)
==29028== by 0x56D97DC: r600_sb_bytecode_process (sb_core.cpp:285)
==29028== by 0x56B237E: r600_pipe_shader_create (r600_shader.c:152)
==29028== by 0x56C4F54: r600_shader_select (r600_state_common.c:746)
==29028== by 0x56C510F: r600_create_shader_state (r600_state_common.c:793)
==29028== by 0x55D0AAE: ureg_create_shader (tgsi_ureg.c:1704)
==29028== by 0x55FDE6C: util_make_empty_fragment_shader (tgsi_ureg.h:138)
==29028== by 0x55DE91C: util_blitter_create (u_blitter.c:281)
==29028== by 0x56A3E01: r600_create_context (r600_pipe.c:316)
==29028== by 0x54DE4F1: st_api_create_context (st_manager.c:615)
$ uname -a
Linux debian 3.12.8 #39 SMP PREEMPT Thu Jan 16 10:06:30 EET 2014 x86_64
GNU/Linux
$ glxinfo | grep OpenGL
OpenGL vendor string: X.Org
OpenGL renderer string: Gallium 0.4 on AMD RV730
OpenGL core profile version string: 3.1 (Core Profile) Mesa 10.0.1
OpenGL core profile shading language version string: 1.40
OpenGL core profile context flags: (none)
OpenGL core profile extensions:
OpenGL version string: 3.0 Mesa 10.0.1
OpenGL shading language version string: 1.30
OpenGL context flags: (none)
Note: if at first you can't reproduce it, make sure the window is receiving
some events (I guess its more about memory being allocated than the events
themselves), and try to use my command-line above exactly as is.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20140118/b6c54e07/attachment.html>
More information about the mesa-dev
mailing list