[Mesa-dev] [PATCH 4/4] glx: Undo memory allocation checking damage.

Ian Romanick idr at freedesktop.org
Tue Jun 28 01:00:43 UTC 2016 

On 06/23/2016 11:15 AM, Matt Turner wrote:
> This partially reverts commit d41f5396f3cb619729021390c273f838d92f11fb.
> 
> That untested commit broke the tex-skipped-unit piglit test and the
> arbvparray Mesa demo when run with indirect GLX.
> 
> state->array_state is used during initialization, so its assignment cannot be
> moved to the end of the function.
> 
> The backtrace looked like:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff77c7a5c in __glXGetActiveTextureUnit (state=0x6270e0) at indirect_vertex_array.c:1952
> 1952           return state->array_state->active_texture_unit;
> (gdb) bt
> 0  0x00007ffff77c7a5c in __glXGetActiveTextureUnit (state=0x6270e0) at indirect_vertex_array.c:1952
> 1  0x00007ffff77cbf62 in get_client_data (gc=0x626f50, cap=34018, data=0x7fffffffd7a0) at single2.c:159
> 2  0x00007ffff77cce51 in __indirect_glGetIntegerv (val=34018, i=0x7fffffffd830) at single2.c:498
> 3  0x00007ffff77c4340 in __glXInitVertexArrayState (gc=0x626f50) at indirect_vertex_array.c:193
> ---
>  src/glx/indirect_vertex_array.c | 6 +-----
>  1 file changed, 1 insertion(+), 5 deletions(-)
> 
> diff --git a/src/glx/indirect_vertex_array.c b/src/glx/indirect_vertex_array.c
> index 0374093..a707343 100644
> --- a/src/glx/indirect_vertex_array.c
> +++ b/src/glx/indirect_vertex_array.c
> @@ -151,6 +151,7 @@ __glXInitVertexArrayState(struct glx_context * gc)
>  
>  
>     arrays = calloc(1, sizeof(struct array_state_vector));
> +   state->array_state = arrays;
>  

Later this function will free arrays when there is a different error.
Shouldn't that place also NULL out state->array_state to prevent double
frees or other problems?

>     if (arrays == NULL) {
>        __glXSetError(gc, GL_OUT_OF_MEMORY);
> @@ -299,11 +300,6 @@ __glXInitVertexArrayState(struct glx_context * gc)
>        __glXSetError(gc, GL_OUT_OF_MEMORY);
>        return;
>     }
> -
> -   /* Everything went ok so we put vertex array state in place
> -    * in context.
> -    */
> -   state->array_state = arrays;
>  }
>  
>  
>

More information about the mesa-dev mailing list