Bug 10109

Summary:	Invalid reads from intersect_rect in radeon_state.c of r300 driver.
Product:	Mesa	Reporter:	Papadakos Panagiotis <papadako>
Component:	Drivers/DRI/r300	Assignee:	Default DRI bug account <dri-devel>
Status:	RESOLVED FIXED	QA Contact:
Severity:	normal
Priority:	medium
Version:	git
Hardware:	All
OS:	All
Whiteboard:
i915 platform:		i915 features:
Attachments:	Proposed patch

Description Papadakos Panagiotis 2007-02-27 02:13:37 UTC

Checking with valgrind I got some invalid reads. The message was like the
following:

==6988== Invalid read of size 4
==6988==    at 0x4B3C7FD: intersect_rect (radeon_state.c:61)
==6988==    by 0x4B3C9DA: radeonRecalcScissorRects (radeon_state.c:108)
==6988==    by 0x4B3CAEC: radeonUpdateScissor (radeon_state.c:131)
==6988==    by 0x4B3CD04: radeonEnable (radeon_state.c:205)
==6988==    by 0x4B4B1C1: r300Enable (r300_state.c:542)
==6988==    by 0x4D13827: _mesa_set_enable (enable.c:956)
==6988==    by 0x4D138A6: _mesa_Enable (enable.c:971)
==6988==    by 0x4769879: glEnable (glapitemp.h:1160)

==6988==    by 0x4613A5F:osgUtil::RenderStage::drawImplementation
(osg::RenderInfo&,osgUtil::RenderLeaf*&) (in /usr/lib/libosgUtil.so)
==6988==    by 0x4607658: osgUtil::RenderBin::draw(osg::RenderInfo&,
osgUtil::RenderLeaf*&) (in /usr/lib/libosgUtil.so)
==6988==    by 0x46133BC: osgUtil::RenderStage::drawInner(osg::RenderInfo&,
osgUtil::RenderLeaf*&, bool&) (in /usr/lib/libosgUtil.so)
==6988==    by 0x4612E6C: osgUtil::RenderStage::draw(osg::RenderInfo&,
osgUtil::RenderLeaf*&) (in /usr/lib/libosgUtil.so) ==6988==  Address
0x4AF585C is 4 bytes inside a block of size 8 free'd
==6988==    at 0x402303F: free (vg_replace_malloc.c:233)
==6988==    by 0x4BAF503: _mesa_free (imports.c:93)
==6988==    by 0x4B2FF84: __driUtilUpdateDrawableInfo (dri_util.c:430)
==6988==    by 0x4B2FD46: DoBindContext (dri_util.c:339)
==6988==    by 0x4B2FF00: driBindContext (dri_util.c:383)
==6988==    by 0x4735921: BindContextWrapper (glxext.c:1620)
==6988==    by 0x4735A53: MakeContextCurrent (glxext.c:1674)
==6988==    by 0x4735D7C: glXMakeCurrent (glxext.c:1796)
==6988==    by 0x47D8BB3: Producer::RenderSurface::makeCurrent(bool) (in
/usr/lib/libProducer.so)
==6988==    by 0x47DEEC6:Producer::Camera::_frame(bool) (in /usr/lib/libProducer.so)
==6988==   by 0x47DF75F: Producer::Camera::frame(bool) (in /usr/lib/libProducer.so)
==6988==    by 0x47E2589: Producer::CameraGroup::_singleThreadedFrame()
(in /usr/lib/libProducer.so)

Comment 1 Papadakos Panagiotis 2007-02-27 02:14:26 UTC

Created attachment 8874 [details]
Proposed patch

Probably this should also be changed for other drivers

Comment 2 Papadakos Panagiotis 2007-03-09 05:51:45 UTC

Fixed by commit http://gitweb.freedesktop.org/?p=mesa/mesa.git;a=commit;h=4d9901a1cab8e0d55b1b2309cf3ffec235e53149

Comment 3 Adam Jackson 2009-08-24 12:26:00 UTC

Mass version move, cvs -> git

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.