[Mesa-dev] [PATCH] mesa: Increment the list pointer while freeing instruction data
Ian Romanick
idr at freedesktop.org
Tue Jan 21 17:30:55 PST 2014
From: Ian Romanick <ian.d.romanick at intel.com>
Since the list pointer was never incremented when a OPCODE_PIXEL_MAP
opcode was encountered, the data for the instruction would get freed
over and over and over... resulting in a crash.
Fixes gl-1.0-beginend-coverage.
Signed-off-by: Ian Romanick <ian.d.romanick at intel.com>
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=72214
Cc: Brian Paul <brianp at vmware.com>
Cc: Lu Ha <huax.lu at intel.com>
---
src/mesa/main/dlist.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/mesa/main/dlist.c b/src/mesa/main/dlist.c
index cb40ff4..08943c9 100644
--- a/src/mesa/main/dlist.c
+++ b/src/mesa/main/dlist.c
@@ -767,6 +767,7 @@ _mesa_delete_list(struct gl_context *ctx, struct gl_display_list *dlist)
break;
case OPCODE_PIXEL_MAP:
free(get_pointer(&n[3]));
+ n += InstSize[n[0].opcode];
break;
case OPCODE_CONTINUE:
--
1.8.1.4
More information about the mesa-dev
mailing list