[Mesa-dev] [Bug 107295] Access violation on glDrawArrays with count >= 2048

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Fri Jul 20 09:23:06 UTC 2018


--- Comment #2 from Paul <paul at binksoftware.nl> ---
I managed to build a debug version of Mesa3D 10.4.7 (version 18 is a pre-built
binary without debugging information), and this is what I got for a callstack:

>	opengl32.dll!draw_pt_emit_linear() Line 235	C++
        opengl32.dll!emit() Line 324    C++
        opengl32.dll!llvm_pipeline_generic() Line 461   C++
        opengl32.dll!llvm_middle_end_linear_run() Line 523      C++
        opengl32.dll!vsplit_segment_simple_linear() Line 241    C++
        opengl32.dll!vsplit_run_linear() Line 60        C++
        opengl32.dll!draw_pt_arrays() Line 151  C++
        opengl32.dll!draw_vbo() Line 547        C++
        opengl32.dll!llvmpipe_draw_vbo() Line 137       C++
        opengl32.dll!cso_draw_vbo() Line 1420   C++
        opengl32.dll!st_draw_vbo() Line 257     C++
        opengl32.dll!vbo_draw_arrays() Line 649 C++
        opengl32.dll!vbo_exec_DrawArrays() Line 800     C++
        opengl32.dll!glDrawArrays() Line 2005   C++

The code fails when calling:


I tried to duplicate this behavior using a test program with the same shaders
and attribute definition, and it works just fine. Further checking shows that
the test program follows another path inside llvmpipe: it calls pipeline
instead of emit on llvm_pipeline_generic. The piece of code that determines
which method to call is this

      if ((opt & PT_SHADE) && gshader) {
         clipped = draw_pt_post_vs_run( fpme->post_vs, vert_info, prim_info );
      if (clipped) {
         opt |= PT_PIPELINE;

      /* Do we need to run the pipeline? Now will come here if clipped
      if (opt & PT_PIPELINE) {
         pipeline( fpme, vert_info, prim_info ); // works fine
      else {
         emit( fpme->emit, vert_info, prim_info ); // crashes further on

The test program is, therefore, setting PT_PIPELINE while the actual program is
not (what exactly causes clipped to be true or false in terms of the OpenGL
context?). Forcing the code to call emit instead of pipeline by using the
debugger does reproduce the crash. Forcing the actual program to call pipeline
instead of emit does not crash and does show the proper output.

The vertex struct is defined like this:

        struct VertexAttribute
            float position[3]; // offset = 0
            float normal[3]; // offset = 12
            unsigned char selectionColor[4]; // offset = 24
            float values[3]; // offset = 28
            int flags; // offset = 40

sizeof(VertexAttribute) = 44
Total vertices = 3159

For this particular VAO I'm not using selectionColor, but every other member of
the struct is associated with a shader attribute.

Some local values inside draw_pt_emit_linear are:

translate->key.output_stride = 32
translate->key.nr_elements = 2
vert_info->stride = 68
vert_info->count = 101088

I assume the values are associated with the output of the geometry shader.
There I specify a max_vertices of 32, and it produces 2 outputs: position and
color. The 32 would also refer to the number of bytes for the output: position
and color are both vec4. The 68 doesn't make sense, though. I do emit 32
vertices in batches of 4 vertices for a triangle strip primitive.

Is there anything else I may test?

You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20180720/956d792e/attachment.html>

More information about the mesa-dev mailing list