[Mesa-dev] [Bug 101829] read-after-free in st_framebuffer_validate
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Jul 18 14:30:15 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=101829
Bug ID: 101829
Summary: read-after-free in st_framebuffer_validate
Product: Mesa
Version: git
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: medium
Component: Drivers/Gallium/swr
Assignee: mesa-dev at lists.freedesktop.org
Reporter: brad.king at kitware.com
QA Contact: mesa-dev at lists.freedesktop.org
Created attachment 132745
--> https://bugs.freedesktop.org/attachment.cgi?id=132745&action=edit
apitrace of test that crashes
Since commit 147d7fb772 (st/mesa: add a winsys buffers list in st_context,
2017-07-10) one of VTK's tests crashes with Mesa. Here is output from
valgrind's memcheck tool:
Invalid read of size 4
at 0xE986121: st_framebuffer_validate (st_manager.c:180)
by 0xE9876C8: st_api_make_current (st_manager.c:851)
by 0xE600FBA: XMesaMakeCurrent2 (xm_api.c:1307)
by 0xE5FBD01: glXMakeContextCurrent (glx_api.c:1239)
by 0x4034FAF: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
by 0x8D1ECB7: QOpenGLContext::makeCurrent(QSurface*) (in
/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1)
by 0x8751910: QOpenGLWidget::makeCurrent() (in
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
by 0x8751EB7: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
by 0x8752722: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
by 0x93CF876: QObject::~QObject() (in
/usr/lib/x86_64-linux-gnu/libQt5Core.so.5.7.1)
by 0x872D922: QWidget::~QWidget() (in
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
by 0x522767F: QVTKOpenGLWidget::~QVTKOpenGLWidget()
(QVTKOpenGLWidget.cxx:136)
Address 0x295d09b0 is 0 bytes inside a block of size 40 free'd
at 0x4C2CDDB: free (vg_replace_malloc.c:530)
by 0xE602156: xmesa_destroy_st_framebuffer (xm_st.c:324)
by 0xE5FFEC1: xmesa_free_buffer (xm_api.c:601)
by 0xE600E19: XMesaDestroyBuffer (xm_api.c:1241)
by 0xE6013C0: XMesaGarbageCollect (xm_api.c:1447)
by 0xE5FC137: glXDestroyContext (glx_api.c:1426)
by 0x4033200: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
by 0x4033228: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
by 0x8D202CA: QOpenGLContext::destroy() (in
/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1)
by 0x8D205F6: QOpenGLContext::~QOpenGLContext() (in
/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1)
by 0x8D20608: QOpenGLContext::~QOpenGLContext() (in
/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1)
by 0x8722097: QWidgetPrivate::deleteTLSysExtra() (in
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
Block was alloc'd at
at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
by 0xE601FB5: xmesa_create_st_framebuffer (xm_st.c:285)
by 0xE5FFD9E: create_xmesa_buffer (xm_api.c:543)
by 0xE600A67: XMesaCreateWindowBuffer (xm_api.c:1100)
by 0xE5FBBD7: glXMakeContextCurrent (glx_api.c:1200)
by 0xE5FBDE6: glXMakeCurrent (glx_api.c:1273)
by 0x4034517: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
by 0x40328B6: ??? (in
/usr/lib/x86_64-linux-gnu/qt5/plugins/xcbglintegrations/libqxcb-glx-integration.so)
by 0x40F9040: QXcbIntegration::createPlatformOpenGLContext(QOpenGLContext*)
const (in /usr/lib/x86_64-linux-gnu/libQt5XcbQpa.so.5.7.1)
by 0x8D208CC: QOpenGLContext::create() (in
/usr/lib/x86_64-linux-gnu/libQt5Gui.so.5.7.1)
by 0x8750CFD: ??? (in /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
by 0x8751129: QOpenGLWidget::resizeEvent(QResizeEvent*) (in
/usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5.7.1)
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20170718/79cf228c/attachment.html>
More information about the mesa-dev
mailing list