[Mesa-dev] [PATCH 1/2] dri/common: clear the loaderPrivate pointer in driDestroyDrawable
Nicolai Hähnle
nhaehnle at gmail.com
Fri Jan 27 10:59:45 UTC 2017
From: Nicolai Hähnle <nicolai.haehnle at amd.com>
This fixes memory corruption in piglit
./bin/glx-visuals-depth/stencil -pixmap -auto
Cc: 17.0 <mesa-stable at lists.freedesktop.org>
---
src/mesa/drivers/dri/common/dri_util.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/mesa/drivers/dri/common/dri_util.c b/src/mesa/drivers/dri/common/dri_util.c
index f92eee9..d18c458 100644
--- a/src/mesa/drivers/dri/common/dri_util.c
+++ b/src/mesa/drivers/dri/common/dri_util.c
@@ -638,20 +638,22 @@ static void dri_put_drawable(__DRIdrawable *pdp)
}
}
static __DRIdrawable *
driCreateNewDrawable(__DRIscreen *screen,
const __DRIconfig *config,
void *data)
{
__DRIdrawable *pdraw;
+ assert(data != NULL);
+
pdraw = malloc(sizeof *pdraw);
if (!pdraw)
return NULL;
pdraw->loaderPrivate = data;
pdraw->driScreenPriv = screen;
pdraw->driContextPriv = NULL;
pdraw->refcount = 0;
pdraw->lastStamp = 0;
@@ -667,20 +669,30 @@ driCreateNewDrawable(__DRIscreen *screen,
}
pdraw->dri2.stamp = pdraw->lastStamp + 1;
return pdraw;
}
static void
driDestroyDrawable(__DRIdrawable *pdp)
{
+ /*
+ * The loader's data structures are going away, even if pdp itself stays
+ * around for the time being because it is currently bound. This happens
+ * when a currently bound GLX pixmap is destroyed.
+ *
+ * Clear out the pointer back into the loader's data structures to avoid
+ * accessing an outdated pointer.
+ */
+ pdp->loaderPrivate = NULL;
+
dri_put_drawable(pdp);
}
static __DRIbuffer *
dri2AllocateBuffer(__DRIscreen *screen,
unsigned int attachment, unsigned int format,
int width, int height)
{
return screen->driver->AllocateBuffer(screen, attachment, format,
width, height);
--
2.7.4
More information about the mesa-dev
mailing list