17440 – Segfault in _mesa_reference_buffer_object

Bug 17440 - Segfault in _mesa_reference_buffer_object

Summary: Segfault in _mesa_reference_buffer_object

Status:	RESOLVED FIXED

Alias:	None

Product:	Mesa
Classification:	Unclassified
Component:	Mesa core (show other bugs)
Version:	git
Hardware:	Other All

Importance:	medium normal
Assignee:	mesa-dev
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-09-04 23:43 UTC by Guillaume Melquiond
Modified:	2009-08-24 12:30 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments

Description Guillaume Melquiond 2008-09-04 23:43:56 UTC

I'm experiencing a lot of segfaults with recent mesa trunk, which were not there one month ago. This is on i945 hardware. Only mesa is git, the server and drm are purposely old ones: server 1.4.2 with intel driver 2.3.2, and kernel 2.6.26.

This is a trace I caught with valgrind:

Conditional jump or move depends on uninitialised value(s)
   at 0x7C5E6FF: _mesa_reference_buffer_object (bufferobj.c:187)
   by 0x7D7D686: _mesa_PushClientAttrib (attrib.c:1334)
   by 0x50BF322: glutBitmapCharacter (in /usr/lib/libglut.so.3.8.0)
   by 0x402319: printstring (terrain.c:215)
   by 0x402E8B: drawscene (terrain.c:407)
   by 0x50C5B12: glutMainLoop (in /usr/lib/libglut.so.3.8.0)
   by 0x402536: main (terrain.c:653)

Conditional jump or move depends on uninitialised value(s)
   at 0x7C5E704: _mesa_reference_buffer_object (bufferobj.c:190)
   by 0x7D7D686: _mesa_PushClientAttrib (attrib.c:1334)
   by 0x50BF322: glutBitmapCharacter (in /usr/lib/libglut.so.3.8.0)
   by 0x402319: printstring (terrain.c:215)
   by 0x402E8B: drawscene (terrain.c:407)
   by 0x50C5B12: glutMainLoop (in /usr/lib/libglut.so.3.8.0)
   by 0x402536: main (terrain.c:653)

Use of uninitialised value of size 8
   at 0x7C5E706: _mesa_reference_buffer_object (bufferobj.c:197)
   by 0x7D7D686: _mesa_PushClientAttrib (attrib.c:1334)
   by 0x50BF322: glutBitmapCharacter (in /usr/lib/libglut.so.3.8.0)
   by 0x402319: printstring (terrain.c:215)
   by 0x402E8B: drawscene (terrain.c:407)
   by 0x50C5B12: glutMainLoop (in /usr/lib/libglut.so.3.8.0)
   by 0x402536: main (terrain.c:653)

Invalid read of size 4
   at 0x7C5E706: _mesa_reference_buffer_object (bufferobj.c:197)
   by 0x7D7D686: _mesa_PushClientAttrib (attrib.c:1334)
   by 0x50BF322: glutBitmapCharacter (in /usr/lib/libglut.so.3.8.0)
   by 0x402319: printstring (terrain.c:215)
   by 0x402E8B: drawscene (terrain.c:407)
   by 0x50C5B12: glutMainLoop (in /usr/lib/libglut.so.3.8.0)
   by 0x402536: main (terrain.c:653)
 Address 0x10d is not stack'd, malloc'd or (recently) free'd

Process terminating with default action of signal 11 (SIGSEGV)
 Access not within mapped region at address 0x10D
   at 0x7C5E706: _mesa_reference_buffer_object (bufferobj.c:197)
   by 0x7D7D686: _mesa_PushClientAttrib (attrib.c:1334)
   by 0x50BF322: glutBitmapCharacter (in /usr/lib/libglut.so.3.8.0)
   by 0x402319: printstring (terrain.c:215)
   by 0x402E8B: drawscene (terrain.c:407)
   by 0x50C5B12: glutMainLoop (in /usr/lib/libglut.so.3.8.0)
   by 0x402536: main (terrain.c:653)

I intend to take an in-depth look in the next few days. But since almost half of the application runs are crashing, I thought I would mention it as soon as possible.

Comment 1 Brian Paul 2008-09-05 07:03:35 UTC

I'm about to check in a fix for the memory error in _mesa_reference_buffer_object() (it's a malloc/calloc issue elsewhere).

Comment 2 Adam Jackson 2009-08-24 12:30:50 UTC

Mass version move, cvs -> git

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.