[Mesa-stable] [PATCH v2 4/4] dri/common: clear the loaderPrivate pointer in driDestroyDrawable
Marek Olšák
maraeo at gmail.com
Fri Feb 3 15:15:07 UTC 2017
Rb for the series. Posting from phone.
Marek
On Feb 2, 2017 6:20 PM, "Nicolai Hähnle" <nhaehnle at gmail.com> wrote:
> From: Nicolai Hähnle <nicolai.haehnle at amd.com>
>
> The GLX specification says about glXDestroyPixmap:
>
> "The storage for the GLX pixmap will be freed when it is not current
> to any client."
>
> We're not really following this language to the letter: some of the storage
> is freed immediately (in particular, the dri3_drawable, which contains both
> GLXDRIdrawable and loader_dri3_drawable). So we NULL out the pointers to
> that freed storage; the previous patches added the corresponding
> NULL-pointer
> checks.
>
> This fixes memory corruption in piglit
> ./bin/glx-visuals-depth/stencil -pixmap -auto
>
> Cc: 17.0 <mesa-stable at lists.freedesktop.org>
> Reviewed-by: Marek Olšák <marek.olsak at amd.com>
> ---
> src/mesa/drivers/dri/common/dri_util.c | 12 ++++++++++++
> 1 file changed, 12 insertions(+)
>
> diff --git a/src/mesa/drivers/dri/common/dri_util.c
> b/src/mesa/drivers/dri/common/dri_util.c
> index f92eee9..d18c458 100644
> --- a/src/mesa/drivers/dri/common/dri_util.c
> +++ b/src/mesa/drivers/dri/common/dri_util.c
> @@ -638,20 +638,22 @@ static void dri_put_drawable(__DRIdrawable *pdp)
> }
> }
>
> static __DRIdrawable *
> driCreateNewDrawable(__DRIscreen *screen,
> const __DRIconfig *config,
> void *data)
> {
> __DRIdrawable *pdraw;
>
> + assert(data != NULL);
> +
> pdraw = malloc(sizeof *pdraw);
> if (!pdraw)
> return NULL;
>
> pdraw->loaderPrivate = data;
>
> pdraw->driScreenPriv = screen;
> pdraw->driContextPriv = NULL;
> pdraw->refcount = 0;
> pdraw->lastStamp = 0;
> @@ -667,20 +669,30 @@ driCreateNewDrawable(__DRIscreen *screen,
> }
>
> pdraw->dri2.stamp = pdraw->lastStamp + 1;
>
> return pdraw;
> }
>
> static void
> driDestroyDrawable(__DRIdrawable *pdp)
> {
> + /*
> + * The loader's data structures are going away, even if pdp itself
> stays
> + * around for the time being because it is currently bound. This
> happens
> + * when a currently bound GLX pixmap is destroyed.
> + *
> + * Clear out the pointer back into the loader's data structures to
> avoid
> + * accessing an outdated pointer.
> + */
> + pdp->loaderPrivate = NULL;
> +
> dri_put_drawable(pdp);
> }
>
> static __DRIbuffer *
> dri2AllocateBuffer(__DRIscreen *screen,
> unsigned int attachment, unsigned int format,
> int width, int height)
> {
> return screen->driver->AllocateBuffer(screen, attachment, format,
> width, height);
> --
> 2.9.3
>
> _______________________________________________
> mesa-stable mailing list
> mesa-stable at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-stable
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-stable/attachments/20170203/b9fb9966/attachment.html>
More information about the mesa-stable
mailing list