Bug 29184

Summary: glXSwapBuffers with no GLX context crashes X.
Product: xorg Reporter: Nick Bowler <nbowler>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: major    
Priority: medium CC: max, thierry.vignaud
Version: git   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on:    
Bug Blocks: 27592    
Attachments:
Description Flags
Test case.
none
Prevent NULL context deref in __glXGetDrawable() none

Description Nick Bowler 2010-07-20 16:58:02 UTC
Created attachment 37254 [details]
Test case.

Calling glXSwapBuffers with no active GLX context instantly crashes the X
server.  Test case attached, occurs with all renderers that I could test,
with both direct and indirect rendering.

Using latest git libdrm/xserver/xf86-video-intel/mesa on a T500 laptop with
a GM45.  Also occurs with nouveau on an NV36, so it doesn't look driver specific.

Backtrace:
[172181.018] 0: /usr/bin/X (xorg_backtrace+0x28) [0x4681e8]
[172181.018] 1: /usr/bin/X (0x400000+0x68149) [0x468149]
[172181.018] 2: /lib/libpthread.so.0 (0x7f4068423000+0xf120) [0x7f4068432120]
[172181.018] 3: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x3348e) [0x7f406606448e]
[172181.018] 4: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x3372e) [0x7f406606472e]
[172181.019] 5: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x369b0) [0x7f40660679b0]
[172181.019] 6: /usr/bin/X (0x400000+0x526b9) [0x4526b9]
[172181.019] 7: /usr/bin/X (0x400000+0x2482a) [0x42482a]
[172181.019] 8: /lib/libc.so.6 (__libc_start_main+0xfd) [0x7f40673b7bbd]
[172181.019] 9: /usr/bin/X (0x400000+0x243c9) [0x4243c9]
[172181.019] Segmentation fault at address 0x50
[172181.019] 
Fatal server error:
[172181.019] Caught signal 11 (Segmentation fault). Server aborting
Comment 1 Chris Wilson 2010-07-21 03:07:43 UTC
Created attachment 37259 [details] [review]
Prevent  NULL context deref in __glXGetDrawable() 

I was sure I had submitted this patch much earlier...

Here we go:

1277378103-17960-1-git-send-email-chris@chris-wilson.co.uk on xorg-devel@
Comment 2 Nick Bowler 2010-07-21 06:11:58 UTC
Yup, that fixes it, thanks.
Comment 3 Adam Jackson 2010-08-13 08:16:18 UTC
(In reply to comment #1)
> Created an attachment (id=37259) [details]

Reviewed-by: Adam Jackson <ajax@redhat.com>
Comment 4 Julien Cristau 2010-08-20 09:09:27 UTC
commit 7e581780603d6b15291d032efdeeca77f969e0ba
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu Jun 24 12:24:58 2010 +0100

    glx: Prevent NULL context deref in __glXGetDrawable() (bug 29184)
    
    During a SwapBuffers request, we may end up querying an unknown drawable
    outside of an active context, and so need to report this error prior to
    attempting to dereference the NULL context.
    
    Also fixes:
    
      [Bug 29184] glXSwapBuffers with no GLX context crashes X.
      https://bugs.freedesktop.org/show_bug.cgi?id=29184
    
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Kristian Høgsberg <krh@bitplanet.net>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Signed-off-by: Keith Packard <keithp@keithp.com>
Comment 5 Julien Cristau 2010-11-11 01:41:34 UTC
*** Bug 31537 has been marked as a duplicate of this bug. ***
Comment 6 Michel Dänzer 2011-01-14 00:51:12 UTC
*** Bug 33071 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.