[Mesa-dev] [PATCH] st/mesa: destroy pipe_context before destroying st_context
Nicolai Hähnle
nhaehnle at gmail.com
Mon Jan 23 15:04:33 UTC 2017
Looks like there's a problem with the error path at the end of
st_create_context_priv (line ~506): it calls st_destroy_context_priv
which will now destroy the pipe, which then leads to a double-destroy by
the caller.
Just setting st->pipe = NULL; would be enough.
Nicolai
On 20.01.2017 20:00, Marek Olšák wrote:
> From: Marek Olšák <marek.olsak at amd.com>
>
> If radeonsi starts compiling an optimized shader variant for asynchronously
> with a GL debug callback set and the application destroys the GL context,
> radeonsi crashes when trying to write shader stats into the debug output
> of a non-existent context after compilation, because st/mesa was destroyed
> before pipe_context.
>
> Firefox with WebGL2 enabled hits this bug.
>
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99456
>
> Cc: 17.0 <mesa-stable at lists.freedesktop.org>
> ---
> src/mesa/state_tracker/st_context.c | 7 ++++---
> 1 file changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/src/mesa/state_tracker/st_context.c b/src/mesa/state_tracker/st_context.c
> index 0eae971..7a99e82 100644
> --- a/src/mesa/state_tracker/st_context.c
> +++ b/src/mesa/state_tracker/st_context.c
> @@ -307,20 +307,24 @@ st_destroy_context_priv(struct st_context *st)
> }
>
> /* free glDrawPixels cache data */
> free(st->drawpix_cache.image);
> pipe_resource_reference(&st->drawpix_cache.texture, NULL);
>
> /* free glReadPixels cache data */
> st_invalidate_readpix_cache(st);
>
> cso_destroy_context(st->cso_context);
> +
> + if (st->pipe)
> + st->pipe->destroy(st->pipe);
> +
> free( st );
> }
>
>
> static struct st_context *
> st_create_context_priv( struct gl_context *ctx, struct pipe_context *pipe,
> const struct st_config_options *options)
> {
> struct pipe_screen *screen = pipe->screen;
> uint i;
> @@ -572,21 +576,20 @@ static void
> destroy_tex_sampler_cb(GLuint id, void *data, void *userData)
> {
> struct gl_texture_object *texObj = (struct gl_texture_object *) data;
> struct st_context *st = (struct st_context *) userData;
>
> st_texture_release_sampler_view(st, st_texture_object(texObj));
> }
>
> void st_destroy_context( struct st_context *st )
> {
> - struct pipe_context *pipe = st->pipe;
> struct gl_context *ctx = st->ctx;
> GLuint i;
>
> _mesa_HashWalk(ctx->Shared->TexObjects, destroy_tex_sampler_cb, st);
>
> st_reference_fragprog(st, &st->fp, NULL);
> st_reference_geomprog(st, &st->gp, NULL);
> st_reference_vertprog(st, &st->vp, NULL);
> st_reference_tesscprog(st, &st->tcp, NULL);
> st_reference_tesseprog(st, &st->tep, NULL);
> @@ -604,22 +607,20 @@ void st_destroy_context( struct st_context *st )
>
> st_destroy_program_variants(st);
>
> _mesa_free_context_data(ctx);
>
> /* This will free the st_context too, so 'st' must not be accessed
> * afterwards. */
> st_destroy_context_priv(st);
> st = NULL;
>
> - pipe->destroy( pipe );
> -
> free(ctx);
> }
>
> static void
> st_emit_string_marker(struct gl_context *ctx, const GLchar *string, GLsizei len)
> {
> struct st_context *st = ctx->st;
> st->pipe->emit_string_marker(st->pipe, string, len);
> }
>
>
More information about the mesa-dev
mailing list