[Mesa-dev] [PATCH] mesa: fix double-freeing of dispatch tables inside glBegin/End.
Brian Paul
brianp at vmware.com
Thu May 15 15:11:28 PDT 2014
We allocate dispatch tables for BeginEnd and OutsideBeginEnd. But
when we destroy the context we were freeing the BeginEnd and Exec
tables. If Exec==BeginEnd we did a double-free. This would happen
if the context was destroyed while inside a glBegin/End pair. Now
free the BeginEnd and OutsideBeginEnd pointers.
Cc: "10.1", "10.2" <mesa-stable at lists.freedesktop.org>
---
src/mesa/main/context.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/mesa/main/context.c b/src/mesa/main/context.c
index 860ae86..8eb426d 100644
--- a/src/mesa/main/context.c
+++ b/src/mesa/main/context.c
@@ -1141,7 +1141,7 @@ _mesa_initialize_context(struct gl_context *ctx,
fail:
_mesa_reference_shared_state(ctx, &ctx->Shared, NULL);
free(ctx->BeginEnd);
- free(ctx->Exec);
+ free(ctx->OutsideBeginEnd);
free(ctx->Save);
return GL_FALSE;
}
@@ -1242,7 +1242,7 @@ _mesa_free_context_data( struct gl_context *ctx )
/* free dispatch tables */
free(ctx->BeginEnd);
- free(ctx->Exec);
+ free(ctx->OutsideBeginEnd);
free(ctx->Save);
/* Shared context state (display lists, textures, etc) */
--
1.7.10.4
More information about the mesa-dev
mailing list