[Mesa-dev] [PATCH] mesa: fix double-freeing of dispatch tables inside glBegin/End.
Michel Dänzer
michel at daenzer.net
Thu May 15 18:37:32 PDT 2014
On 16.05.2014 07:11, Brian Paul wrote:
> We allocate dispatch tables for BeginEnd and OutsideBeginEnd. But
> when we destroy the context we were freeing the BeginEnd and Exec
> tables. If Exec==BeginEnd we did a double-free. This would happen
> if the context was destroyed while inside a glBegin/End pair. Now
> free the BeginEnd and OutsideBeginEnd pointers.
>
> Cc: "10.1", "10.2" <mesa-stable at lists.freedesktop.org>
> ---
> src/mesa/main/context.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/mesa/main/context.c b/src/mesa/main/context.c
> index 860ae86..8eb426d 100644
> --- a/src/mesa/main/context.c
> +++ b/src/mesa/main/context.c
> @@ -1141,7 +1141,7 @@ _mesa_initialize_context(struct gl_context *ctx,
> fail:
> _mesa_reference_shared_state(ctx, &ctx->Shared, NULL);
> free(ctx->BeginEnd);
> - free(ctx->Exec);
> + free(ctx->OutsideBeginEnd);
> free(ctx->Save);
> return GL_FALSE;
> }
> @@ -1242,7 +1242,7 @@ _mesa_free_context_data( struct gl_context *ctx )
>
> /* free dispatch tables */
> free(ctx->BeginEnd);
> - free(ctx->Exec);
> + free(ctx->OutsideBeginEnd);
> free(ctx->Save);
>
> /* Shared context state (display lists, textures, etc) */
>
Reviewed-by: Michel Dänzer <michel.daenzer at amd.com>
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Mesa and X developer
More information about the mesa-dev
mailing list