Crash in driGetConfigAttribIndex()

[David Miller]

From: David Miller <davem at davemloft.net>
Date: Fri, 08 Aug 2008 16:40:42 -0700 (PDT)

> For values that are GLboolean, this function does the wrong thing.
> It's trying to dereference a pointer to a GLboolean as an
> "unsigned int *" which won't work and in fact will get a SIGBUS
> on platforms like sparc that require proper data alignment.
> 
> In my case the X server crashes trying to fetch a
> __DRI_ATTRIB_FLOAT_MODE value here.
> 
> Perhaps these members simply need special handling in the switch
> statement.

There is the same exact issue in the xserver's DRI code,
specifically glx/glxdricommon.c's createModeFromConfig.

Here are two patches I am using which together seem to fix these
problems.

The first is for MESA and the second is for the X server:

----------------------------------------
diff --git a/src/mesa/drivers/dri/common/utils.c b/src/mesa/drivers/dri/common/utils.c
index 7fbe0d8..b15a922 100644
--- a/src/mesa/drivers/dri/common/utils.c
+++ b/src/mesa/drivers/dri/common/utils.c
@@ -836,6 +836,10 @@ driGetConfigAttribIndex(const __DRIconfig *config,
     case __DRI_ATTRIB_SWAP_METHOD:
 	break;
 
+    case __DRI_ATTRIB_FLOAT_MODE:
+	*value = config->modes.floatMode;
+	break;
+
     default:
 	*value = *(unsigned int *)
 	    ((char *) &config->modes + attribMap[index].offset);
----------------------------------------
diff --git a/glx/glxdricommon.c b/glx/glxdricommon.c
index 13725ae..c02ba66 100644
--- a/glx/glxdricommon.c
+++ b/glx/glxdricommon.c
@@ -164,6 +164,9 @@ createModeFromConfig(const __DRIcoreExtension *core,
 	    if (value & __DRI_ATTRIB_TEXTURE_RECTANGLE_BIT)
 		config->config.bindToTextureTargets |= GLX_TEXTURE_RECTANGLE_BIT_EXT;
 	    break;	
+	case __DRI_ATTRIB_FLOAT_MODE:
+	    config->config.floatMode = (value ? GL_TRUE : GL_FALSE);
+	    break;	
 	default:
 	    setScalar(&config->config, attrib, value);
 	    break;
--------------------