[Wayland-bugs] [Bug 105507] Crash when destroying a newly resized EGLsurface with wayland egl (dri2)

Wed Mar 14 14:54:23 UTC 2018

https://bugs.freedesktop.org/show_bug.cgi?id=105507

            Bug ID: 105507
           Summary: Crash when destroying a newly resized EGLsurface with
                    wayland egl (dri2)
           Product: Mesa
           Version: 17.3
          Hardware: x86-64 (AMD64)
                OS: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: EGL/Wayland
          Assignee: wayland-bugs at lists.freedesktop.org
          Reporter: johan.helsing at qt.io
        QA Contact: mesa-dev at lists.freedesktop.org

In dri2_wl_surface_release_buffers, a wl_buffer is not destroyed if it's
locked. Afterwards it's set to null regardless
(dri2_surf->color_buffers[i].wl_buffer = NULL;)

Normally, this is fine, since the buffer will be released by the
wl_buffer_release event when the compositor is done with it. But if the
EGLSurface is destroyed first, then the event queue for the surface (and for
the wl_buffer) is destroyed, and the wl_release event then causes a crash
because we try to use a destroyed event queue.

One solution would be to maintain a separate list of buffers we tried to
destroy, but couldn't because they were locked. And make sure they are
destroyed in dri2_wl_destroy_surface.

This might not be a problem users frequently run into, but it's causing many
unit tests in Qt to be flaky, and we probably have to blacklist them until this
is fixed (https://bugreports.qt.io/browse/QTBUG-66848)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/wayland-bugs/attachments/20180314/a0f3317c/attachment.html>