Created attachment 24546 [details] [review] Patch to initialise psp->waitX/waitGL to NULL correctly Unlike the equivalent function in dri_glx.c, driCreateScreen in src/glx/x11/drisw_glx.c doesn't initialise psp->waitX/waitGL. Most of the time, these seem to just happen to be 0 anyway, but sometimes they're not, and in this case calling glXWaitX crashes the application. I'm using Mesa 7.4, which isn't in the list of versions for some reason. I'm also using Gentoo, with xorg-server 1.5.3, and was seeing the crash when starting mythfrontend from MythTV 0.21.something. No steps to reproduce, sorry - given the nature of the bug they probably wouldn't work on other systems anyway. Fortunately it should be fairly easy to spot in the code (just compare dri_glx.c and drisw_glx.c).
*** Bug 21131 has been marked as a duplicate of this bug. ***
(In reply to comment #0) > I'm using Mesa 7.4, which isn't in the list of versions for some reason. I'm > also using Gentoo, with xorg-server 1.5.3, and was seeing the crash when > starting mythfrontend from MythTV 0.21.something. I saw the same problem in a system based on Linux From Scratch. In my case the problem was reproducible 100% of the time with Mesa 7.4 and 7.4.1. The patch, however, fixed the problem. Even though I am a "me too" player in this project, may I recommend the patch be added to the next release (7.4.2 and/or 7.5)?
the bug exists in mesa 7.4.2, 7.5, 7.6 and the git checkout on May 14, here is the debug info from valgrind, and the crash can be reproduced by the gears.cc program which is an example file of gtkglextmm. ----------------------------------------------------------------------------------------- ==3503== ERROR SUMMARY: 3 errors from 2 contexts (suppressed: 275 from 5) ==3503== ==3503== 1 errors in context 1 of 2: ==3503== Conditional jump or move depends on uninitialised value(s) ==3503== at 0x5F8BF98: glXWaitGL (glxcmds.c:620) ==3503== by 0x5AD6730: _gdk_gl_context_destroy (gdkglcontext-x11.c:95) ==3503== by 0x5ABA8B1: gdk_gl_context_destroy (gdkglcontext.c:118) ==3503== by 0x5243BC1: gtk_gl_widget_unrealize (gtkglwidget.c:149) ==3503== by 0x9CB211C: g_closure_invoke (gclosure.c:767) ==3503== by 0x9CC5C2A: signal_emit_unlocked_R (gsignal.c:3247) ==3503== by 0x9CC7021: g_signal_emit_valist (gsignal.c:2980) ==3503== by 0x9CC74F2: g_signal_emit (gsignal.c:3037) ==3503== by 0x792ED61: gtk_widget_unrealize (in /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== by 0x7934ABC: gtk_widget_unparent (in /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== by 0x783C257: (within /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== by 0x9CB211C: g_closure_invoke (gclosure.c:767) ==3503== Uninitialised value was created by a heap allocation ==3503== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==3503== by 0x5FACEFD: driCreateScreen (drisw_glx.c:362) ==3503== by 0x5F8DDEE: __glXInitialize (glxext.c:622) ==3503== by 0x5F8918C: GetGLXPrivScreenConfig (glxcmds.c:183) ==3503== by 0x5F8A00E: glXChooseVisual (glxcmds.c:1304) ==3503== by 0x5AD60CB: gdk_gl_config_new_common (gdkglconfig-x11.c:519) ==3503== by 0x5ABA1EE: gdk_gl_config_new_rgb (gdkglconfig.c:193) ==3503== by 0x5ABA316: gdk_gl_config_new_by_mode_common (gdkglconfig.c:210) ==3503== by 0x503A75A: Gdk::GL::Config::create(Gdk::GL::ConfigMode) (in /usr/lib/libgdkglextmm-x11-1.2.so.0.0.0) ==3503== by 0x4149FB: SurfaceView::SurfaceView(bool) (SurfaceView.cc:81) ==3503== by 0x415171: MechanicalSystemUi::MechanicalSystemUi() (Ui.cc:19) ==3503== by 0x40E1D0: main (main.cc:66) ==3503== ==3503== 2 errors in context 2 of 2: ==3503== Conditional jump or move depends on uninitialised value(s) ==3503== at 0x5F8BE57: glXWaitX (glxcmds.c:659) ==3503== by 0x9CB211C: g_closure_invoke (gclosure.c:767) ==3503== by 0x9CC5C2A: signal_emit_unlocked_R (gsignal.c:3247) ==3503== by 0x9CC7021: g_signal_emit_valist (gsignal.c:2980) ==3503== by 0x9CC74F2: g_signal_emit (gsignal.c:3037) ==3503== by 0x792D269: gtk_widget_size_allocate (in /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== by 0x783F157: (within /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== by 0x9CB206E: g_closure_invoke (gclosure.c:767) ==3503== by 0x9CC5512: signal_emit_unlocked_R (gsignal.c:3177) ==3503== by 0x9CC7021: g_signal_emit_valist (gsignal.c:2980) ==3503== by 0x9CC74F2: g_signal_emit (gsignal.c:3037) ==3503== by 0x792D269: gtk_widget_size_allocate (in /usr/lib/libgtk-x11-2.0.so.0.1600.1) ==3503== Uninitialised value was created by a heap allocation ==3503== at 0x4C2391E: malloc (vg_replace_malloc.c:207) ==3503== by 0x5FACEFD: driCreateScreen (drisw_glx.c:362) ==3503== by 0x5F8DDEE: __glXInitialize (glxext.c:622) ==3503== by 0x5F8918C: GetGLXPrivScreenConfig (glxcmds.c:183) ==3503== by 0x5F8A00E: glXChooseVisual (glxcmds.c:1304) ==3503== by 0x5AD60CB: gdk_gl_config_new_common (gdkglconfig-x11.c:519) ==3503== by 0x5ABA1EE: gdk_gl_config_new_rgb (gdkglconfig.c:193) ==3503== by 0x5ABA316: gdk_gl_config_new_by_mode_common (gdkglconfig.c:210) ==3503== by 0x503A75A: Gdk::GL::Config::create(Gdk::GL::ConfigMode) (in /usr/lib/libgdkglextmm-x11-1.2.so.0.0.0) ==3503== by 0x4149FB: SurfaceView::SurfaceView(bool) (SurfaceView.cc:81) ==3503== by 0x415171: MechanicalSystemUi::MechanicalSystemUi() (Ui.cc:19) ==3503== by 0x40E1D0: main (main.cc:66)
Fix pushed to the 7.5 and 7.4 branches, thanks.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.