<div dir="auto"><div> <div class="gmail_extra"> <div class="gmail_quote">On Apr 25, 2017 11:23 AM, "Nicolai Hähnle" <<a href="mailto:nhaehnle@gmail.com">nhaehnle@gmail.com</a>> wrote: <blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">From: Nicolai Hähnle <<a href="mailto:nicolai.haehnle@amd.com">nicolai.haehnle@amd.com</a>> stfb->iface is always non-NULL for an st_framebuffer. These checks were incorrect, relying on out-of-bounds memory access in the surface-less case of EGL_KHR_surfaceless_context. --- src/mesa/state_tracker/st_cb_viewport.c | 4 ++-- src/mesa/state_tracker/st_manager.c | 7 ------- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/src/mesa/state_tracker/st_cb_viewport.c b/src/mesa/state_tracker/st_cb_viewport.c index ff18fd0..2158c55 100644 --- a/src/mesa/state_tracker/st_cb_viewport.c +++ b/src/mesa/state_tracker/st_cb_viewport.c @@ -47,20 +47,20 @@ static void st_viewport(struct gl_context *ctx) /* * Normally we'd want the state tracker manager to mark the drawables * invalid only when needed. This will force the state tracker manager * to revalidate the drawable, rather than just update the context with * the latest cached drawable info. */ stdraw = st_ws_framebuffer(st->ctx->DrawBuffer); stread = st_ws_framebuffer(st->ctx->ReadBuffer); - if (stdraw && stdraw->iface) + if (stdraw) stdraw->iface_stamp = p_atomic_read(&stdraw->iface->stamp) - 1; - if (stread && stread != stdraw && stread->iface) + if (stread && stread != stdraw && stread) </blockquote></div></div></div><div dir="auto"> </div><div dir="auto">Checking stread twice? With that fixed, the series is:</div><div dir="auto"> </div><div dir="auto">Reviewed-by: Marek Olšák <marek@olsak@<a href="http://amd.com">amd.com</a>></div><div dir="auto"> </div><div dir="auto"> </div><div dir="auto"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> stread->iface_stamp = p_atomic_read(&stread->iface->stamp) - 1; } void st_init_viewport_functions(struct dd_function_table *functions) { functions->Viewport = st_viewport; } diff --git a/src/mesa/state_tracker/st_manager.c b/src/mesa/state_tracker/st_manager.c index 2ba7de6..90e4177 100644 --- a/src/mesa/state_tracker/st_manager.c +++ b/src/mesa/state_tracker/st_manager.c @@ -169,24 +169,20 @@ st_context_validate(struct st_context *st, static void st_framebuffer_validate(struct st_framebuffer *stfb, struct st_context *st) { struct pipe_resource *textures[ST_ATTACHMENT_COUNT]; uint width, height; unsigned i; boolean changed = FALSE; int32_t new_stamp; - /* Check for incomplete framebuffers (e.g. EGL_KHR_surfaceless_context) */ - if (!stfb->iface) - return; - new_stamp = p_atomic_read(&stfb->iface->stamp); if (stfb->iface_stamp == new_stamp) return; /* validate the fb */ do { if (!stfb->iface->validate(&st->iface, stfb->iface, stfb->statts, stfb->num_statts, textures)) return; @@ -274,23 +270,20 @@ st_framebuffer_update_attachments(struct st_framebuffer *stfb) * corresponds to a window and is not a user-created FBO. */ static boolean st_framebuffer_add_renderbuffer(struct st_framebuffer *stfb, gl_buffer_index idx) { struct gl_renderbuffer *rb; enum pipe_format format; boolean sw; - if (!stfb->iface) - return FALSE; - assert(_mesa_is_winsys_fbo(&stfb->Base)); /* do not distinguish depth/stencil buffers */ if (idx == BUFFER_STENCIL) idx = BUFFER_DEPTH; switch (idx) { case BUFFER_DEPTH: format = stfb->iface->visual->depth_stencil_format; sw = FALSE; -- 2.9.3 _______________________________________________ mesa-stable mailing list <a href="mailto:mesa-stable@lists.freedesktop.org">mesa-stable@lists.freedesktop.org</a> <a href="https://lists.freedesktop.org/mailman/listinfo/mesa-stable" rel="noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/mesa-stable</a> </blockquote></div> </div></div></div>