[Mesa-dev] [Bug 110884] can't start GDM when building mesa master branch with LTO
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 10 22:52:24 UTC 2019
https://bugs.freedesktop.org/show_bug.cgi?id=110884
--- Comment #1 from Thiago Macieira <thiago at kde.org> ---
As the backtrace shows, scene=0x0, which shouldn't happen. The scene pointer is
obtained in thread_function(), in:
lp_rast_begin( rast,
lp_scene_dequeue( rast->full_scenes, TRUE ) );
The lp_scene_dequeue function is not expected to return NULL, but does:
struct lp_scene *
lp_scene_dequeue(struct lp_scene_queue *queue, boolean wait)
{
struct scene_packet packet;
enum pipe_error ret;
packet.scene = NULL;
ret = util_ringbuffer_dequeue(queue->ring,
&packet.header,
sizeof packet / 4,
wait );
if (ret != PIPE_OK)
return NULL;
return packet.scene;
}
Possibility 1: there was an error. But if that were the case, we'd expect this
to happen with and without LTO.
Possibility 2: Undefined Behaviour in the code. Note how the assigns
packet.scene = NULL, never passes it to util_ringbuffer_dequeue, then returns
it. It passes packet.header and the size of packet:
struct scene_packet {
struct util_packet header;
struct lp_scene *scene;
};
And expects the callee fill it:
for (i = 0; i < ring_packet->dwords; i++) {
packet[i] = ring->buf[ring->tail];
ring->tail++;
ring->tail &= ring->mask;
}
I'll look at the disassembly to confirm possibility 2.
--
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20190610/c1a18479/attachment.html>
More information about the mesa-dev
mailing list