Bug 86531

Summary: The server crashes if the client sends X_GLXMakeCurrent for a direct context
Product: xorg Reporter: Neil Roberts <nroberts>
Component: Server/Ext/GLXAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium CC: nroberts
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Example to demonstrate the problem
none
glx: Add implementation of __GLXContext->loseCurrent for direct ctxts none

Description Neil Roberts 2014-11-21 17:32:38 UTC 
When the client creates a direct context the server internally creates a __GLXcontext which has function pointers for various operations on the context. However it only fills in the destroy member so if one of the other functions gets called the server will crash. This happens if the application sends X_GLXMakeCurrent because it will try to call loseCurrent when the context becomes no longer current. There may also be ways of triggering the other function pointers.

This was discovered in the discussion for bug 54080.
Comment 1 Neil Roberts 2014-11-21 17:33:46 UTC 
Created attachment 109809 [details]
Example to demonstrate the problem
Comment 2 Neil Roberts 2014-11-21 17:35:27 UTC 
Created attachment 109810 [details] [review]
glx: Add implementation of __GLXContext->loseCurrent for direct ctxts

This adds a dummy implementation for the loseCurrent function in
__GLXContext for direct contexts which just returns GL_TRUE. Without
this then the X server can crash if receives a MakeCurrent message for
a direct context because it will attempt to call loseCurrent when
cleaning up the client in the callback for ClientStateGone.
Comment 3 Adam Jackson 2014-12-01 21:11:13 UTC 
lgtm, forwarded to the devel list
Comment 4 Adam Jackson 2014-12-10 15:17:10 UTC 
commit c1455f76c6b1aa4ecaacb2221a687244285aa44b
Author: Neil Roberts <neil@linux.intel.com>
Date:   Mon Dec 1 16:06:17 2014 -0500

    glx: Add implementation of __GLXContext->loseCurrent for direct ctxts

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.