Bug 28656

Summary: [Gallium/Draw][r300g] xscreensaver hack "endgame" crashes
Product: Mesa Reporter: Chris Rankin <rankincj>
Component: Drivers/DRI/r300Assignee: Default DRI bug account <dri-devel>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: git   
Hardware: x86 (IA32)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: Backtrace from endgame crash
Output from valgrind

Description Chris Rankin 2010-06-21 16:54:02 UTC 
Created attachment 36409 [details]
Backtrace from endgame crash

The OpenGL xscreensaver hack "endgame" crashes almost immediately with Gallium from git. I have a Radeon RV350 running with Fedora 13's Xserver and the xorg-ati-drv from git.

The backtrace is attached: it looks like heap corruption.
Comment 1 Chris Rankin 2010-06-21 16:57:01 UTC 
And it looks like I do need to include the "-fps" command line parameter to trigger the crash.
Comment 2 Chris Rankin 2010-06-22 12:24:20 UTC 
Created attachment 36422 [details]
Output from valgrind

This looks like the important part:

==10496== Invalid write of size 8
==10496==    at 0x5005289: ???
==10496==    by 0x4667387: fetch_pipeline_generic (draw_pt_fetch_shade_pipeline.c:188)
==10496==    by 0x4667577: fetch_pipeline_run (draw_pt_fetch_shade_pipeline.c:312)
==10496==    by 0x46692E0: vcache_run_extras (draw_pt_vcache.c:80)
==10496==    by 0x4665EAC: draw_arrays_instanced (draw_pt.c:127)
==10496==    by 0x4666025: draw_arrays (draw_pt.c:310)
==10496==    by 0x4649C20: st_feedback_draw_vbo (st_draw_feedback.c:257)
==10496==    by 0x464430C: st_RasterPos (st_cb_rasterpos.c:254)
==10496==    by 0x4596C37: rasterpos (rastpos.c:63)
==10496==    by 0x4597168: _mesa_RasterPos2f (rastpos.c:76)
==10496==    by 0x80513E5: get_gl_visual (visual-gl.c:65)
==10496==    by 0x8051FD0: make_random_colormap (colors.c:649)
==10496==  Address 0x4d819e0 is not stack'd, malloc'd or (recently) free'd
Comment 3 Marek Olšák 2010-06-22 14:20:57 UTC 
Another bug in Draw.
Comment 4 Chris Rankin 2010-06-26 04:30:08 UTC 
I've just updated to the following revision:

commit 4503bd33dac04bb925780852e49f2ffa501ebc0a
Author: Zack Rusin <zackr@vmware.com>
Date:   Fri Jun 25 20:06:53 2010 -0400

    draw: deleted by mistake

and this bug is no longer present. (I have no idea which commit has actually fixed it though.)

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.