Bug 32449

Summary: crash in r600_set_vertex_buffers with invalid GL usage flag used in glBufferData
Product: Mesa Reporter: Sean Middleditch <sean>
Component: Drivers/DRI/R600Assignee: Default DRI bug account <dri-devel>
Status: RESOLVED WORKSFORME QA Contact:
Severity: normal    
Priority: medium    
Version: 7.10   
Hardware: x86-64 (AMD64)   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: VBO flag test case
avoid segfault

Description Sean Middleditch 2010-12-16 10:39:03 UTC 
Created attachment 41180 [details]
VBO flag test case

If an invalid usage flag (something other than the GL_STATIC_DRAW, GL_DYNAMIC_DRAW, etc.) is passed to glBufferData, then any Draw calls using that VBO will crash inside the r600 driver.

The error should either be detected during the call to glBufferData or an invalid flag should simply use a sensible default rather than crashing during Draw.

This is on an x86-64 machine (Fedora Rawhide).  I do not know if this happens on other architectures.

Attaching a simple test case (using GLEW and GLUT).  Backtrace from test case is here.  I also don't know if this happens with other DRI drivers, and whether this is a bug in the R600 specifically or something that should be fixed higher up in the common Mesa layers, but since the crash happens in the R600 driver I'm assuming that's the culprit.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff724dd7f in r600_set_vertex_buffers (ctx=0x6154c0, count=1, buffers=0x7fffffffd5c0) at r600_state_common.c:165
165			if (r600_buffer_is_user_buffer(buffers[i].buffer))
#0  0x00007ffff724dd7f in r600_set_vertex_buffers (ctx=0x6154c0, count=1, buffers=0x7fffffffd5c0) at r600_state_common.c:165
#1  0x00007ffff7304b3c in st_draw_vbo (ctx=0xb48d80, arrays=<value optimized out>, prims=0x7fffffffdb60, nr_prims=1, ib=0x0, index_bounds_valid=<value optimized out>, min_index=0, max_index=2)
    at state_tracker/st_draw.c:701
#2  0x00007ffff73012cb in vbo_draw_arrays (ctx=0xb48d80, mode=4, start=0, count=<value optimized out>, numInstances=<value optimized out>) at vbo/vbo_exec_array.c:588
#3  0x0000000000400d85 in display ()
#4  0x00000039f0020f75 in ?? () from /usr/lib64/libglut.so.3
#5  0x00000039f0024ab9 in fgEnumWindows () from /usr/lib64/libglut.so.3
#6  0x00000039f00214da in glutMainLoopEvent () from /usr/lib64/libglut.so.3
#7  0x00000039f0021db5 in glutMainLoop () from /usr/lib64/libglut.so.3
#8  0x0000000000400f00 in main ()
Comment 1 Jerome Glisse 2010-12-17 12:28:48 UTC 
Created attachment 41221 [details] [review]
avoid segfault

Does attached patch fix the issue
Comment 2 Jerome Glisse 2011-03-07 11:00:48 UTC 
Reopen if you still have this issue with lastest mesa

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.