| Summary: | matrixview segfaults because of _tnl_emit_vertices_to_buffer heap corruption | ||
|---|---|---|---|
| Product: | Mesa | Reporter: | Tormod Volden <bugzi11.fdo.tormod> |
| Component: | Drivers/DRI/Savage | Assignee: | Default DRI bug account <dri-devel> |
| Status: | NEW --- | QA Contact: | |
| Severity: | normal | ||
| Priority: | medium | ||
| Version: | 7.11 | ||
| Hardware: | x86 (IA32) | ||
| OS: | Linux (All) | ||
| Whiteboard: | |||
| i915 platform: | i915 features: | ||
| Attachments: | gdb session with backtrace from corruption | ||
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.
Created attachment 54114 [details] gdb session with backtrace from corruption The matrixview screensaver hack from rss-glx (Really Slick Screensavers Port to GLX) segfaults very reproducibly on my savage laptop. The _swrast_context->InvalidateState function pointer gets overwritten and _swrast_InvalidateState segfaults. I have tracked this down to emit_viewport4_bgra4_st2() from src/mesa/tnl/t_vertex_generic.c (see attached gdb session). This happens with or without MESA_NO_CODEGEN=1 but gdb made more sense with it.