Bug 14293

Summary: Crash in delete_framebuffer_cb
Product: DRI Reporter: Johan Bilien <jobi>
Component: DRM/otherAssignee: Default DRI bug account <dri-devel>
Status: VERIFIED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: XOrg git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
test case
none
Makefile
none
patch to avoid deref of null function ptr none

Description Johan Bilien 2008-01-29 07:59:51 UTC 
Using git master from X server, drm, mesa and intel DDX.

I have a client which creates an indirect context and 2 FBOs in that context. When the client exits, the server crashes systematically.

#0  0x00000000 in ?? ()
#1  0xa758632f in delete_framebuffer_cb (id=1, data=0xa7744f20,
    userData=0x84dccf0) at main/context.c:656
#2  0xa75a8294 in _mesa_HashDeleteAll (table=0x84b5480,
    callback=0xa7586316 <delete_framebuffer_cb>, userData=0x84dccf0)
    at main/hash.c:275
#3  0xa7586916 in free_shared_state (ctx=0x84dccf0, ss=0x83b2c48)
    at main/context.c:724
#4  0xa7587733 in _mesa_free_context_data (ctx=0x84dccf0)
    at main/context.c:1261
#5  0xa7587797 in _mesa_destroy_context (ctx=0x84dccf0) at main/context.c:1285
#6  0xa7538b9a in intelDestroyContext (driContextPriv=0x84c1b68)
    at intel_context.c:647
#7  0xa752d785 in driDestroyContext (context=0x83b273c)
    at ../common/dri_util.c:547
#8  0xb7a91073 in __glXDRIcontextDestroy (baseContext=0x83b26e0)
    at glxdri.c:255
#9  0xb7a5abc4 in __glXFreeContext (cx=0x83b26e0) at glxext.c:140
#10 0xb7a5ac17 in ContextGone (cx=0xa7744f20, id=46137345) at glxext.c:98
#11 0x08073407 in FreeClientResources (client=0x83b2928) at resource.c:812
#12 0x080841c5 in CloseDownClient (client=0x83b2928) at dispatch.c:3689
#13 0x0808a401 in Dispatch () at dispatch.c:479
#14 0x080710ed in main (argc=9, argv=0xbfe0eda4, envp=Cannot access memory at address 0x138c
) at main.c:448
Comment 1 Johan Bilien 2008-01-29 08:09:08 UTC 
Created attachment 14011 [details]
test case

Run the test case and exit with Ctrl-C. This results in the server crashing here.
Comment 2 Johan Bilien 2008-01-29 08:09:33 UTC 
Created attachment 14012 [details]
Makefile
Comment 3 Brian Paul 2008-01-29 10:19:33 UTC 
Created attachment 14014 [details] [review]
patch to avoid deref of null function ptr

I think this has been reported before, and is still open.

Can you try the attached patch?
Comment 4 Johan Bilien 2008-01-29 22:43:55 UTC 
Yes the attached patch fixes the crash.
Comment 5 Brian Paul 2008-01-30 07:14:22 UTC 
Fixed in git.
Same as bug 13507.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.