The PDev->surfaces_info array, is allocated/freed when a PDev is enabled/disabled. A surface info is used in FreeDelSurface for releasing the surface drawarea memory in the device RAM. While the surfaces_info array is destroyed when a PDev is disabled, surfaces that correspond to the this PDev may still be referenced by the worker and/or the release ring. Thus, when those are released we will encounter an error. The solution should make surfaces_info global (per device), similarly to the surfaces_used array. However, the primary surface, which is not released in FreeDelSurface, but uses surfaces_info in DeleteDeviceBitmap, should be handled separately, since two primary surfaces of two different PDevs can be alive simultaneously (e.g., DrvAssertMode(disabled) is called for PDev X, and DrvEnableSurface is called fo PDev Y).
Update: The problem is a little different: In DrvGetDirectDrawInfo we map the off-screean surfaces heap to the VRAM. This is done for each pdev. But if DrvAssertMode(false) is called for pdev X, and then pdev Y is enabled, surfaces that are allocated for pdev Y may override the memory of pdev's X surfaces. Operations on pdev's x surfaces are still possible till it is totally disabled (and it can also be enabled using DrvAssetMode(true)). Thus, we may encounter memory corruption.
The bug is related to Bug 29254. If we change the off-screens' memory management, this bug is no longer relevant
surfaces_info is global now
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.