|Summary:||segfault in _gl_copy_visual_to_context_mode mixing new DRI and old libGL|
|Product:||DRI||Reporter:||Eric Anholt <eta>|
|Component:||General||Assignee:||Default DRI bug account <dri-devel>|
|Status:||RESOLVED FIXED||QA Contact:|
|i915 platform:||i915 features:|
Description Eric Anholt 2004-06-02 08:46:07 UTC
Using an X.Org libGL and r200 from Mesa CVS (2003-05-31) I get a segfault in _gl_copy_visual_to_context_mode. I'm not at the machine, but iirc the segfault was in that symbol in the r200 driver, while it was being called from a function in libGL. Was reproduced by ajax as well.
Comment 1 Ian Romanick 2004-06-02 08:57:20 UTC
Drivers need to use the libGL supplied version of _gl_context_modes_create if the libGL version is higher than the version linked with the driver (i.e., the libGL API version is higher than the driver knows about). This is because there may be added fields in the structure. libGL will allocate a structure with the added fields and initialize them. Since the driver doesn't even know these fields exist, it will blissfully ignore them. There seems to be some problem with this, however. My first thought was that libGL was allocating a structure smaller than what the driver wanted. When the driver accessed fields beyond what libGL allocated there was memory corruption. I took a quick glance at the code, and the minimum_size parameter was added to _gl_context_modes_create to solve just this problem. I'd have to look at the Xorg code to see what other differences might exist. I probably won't be able to look at this until Friday (6/4/2004) at the soonest. If I start working on it, I will assign it to myself. Until then, it's up for grabs. :) I should be available on #dri-devel if anyone wants to discuss it.
Comment 2 Ian Romanick 2005-08-06 04:43:08 UTC
All of the _gl_context_mode_* functions have been removed from the drivers. That elimintates any chance for this bug to crop up. Closing as fixed.