[Nouveau] [mesa PATCH] nv50: fix crash in nv50_pre_pipebuffer_map (nv50_screen->cur_ctx)
Marcin Slusarz
marcin.slusarz at gmail.com
Wed Jan 20 14:27:07 PST 2010
nv50_pre_pipebuffer_map references screen->cur_ctx which points
to freed memory after the context is destroyed.
This crash is easily triggerable by progs/xdemos/glxcontexts.
---
src/gallium/drivers/nv50/nv50_context.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/gallium/drivers/nv50/nv50_context.c b/src/gallium/drivers/nv50/nv50_context.c
index d598f0e..952741c 100644
--- a/src/gallium/drivers/nv50/nv50_context.c
+++ b/src/gallium/drivers/nv50/nv50_context.c
@@ -82,6 +82,10 @@ nv50_destroy(struct pipe_context *pipe)
so_ref(NULL, &nv50->state.vtxattr);
draw_destroy(nv50->draw);
+
+ if (nv50->screen->cur_ctx == nv50)
+ nv50->screen->cur_ctx = NULL;
+
FREE(nv50);
}
--
1.6.6
More information about the Nouveau
mailing list