Bug 14293 - Crash in delete_framebuffer_cb
Summary: Crash in delete_framebuffer_cb
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/other (show other bugs)
Version: XOrg git
Hardware: Other All
: medium normal
Assignee: Default DRI bug account
QA Contact:
Depends on:
Reported: 2008-01-29 07:59 UTC by Johan Bilien
Modified: 2008-01-30 10:00 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

test case (4.16 KB, text/x-csrc)
2008-01-29 08:09 UTC, Johan Bilien
no flags Details
Makefile (117 bytes, text/plain)
2008-01-29 08:09 UTC, Johan Bilien
no flags Details
patch to avoid deref of null function ptr (372 bytes, patch)
2008-01-29 10:19 UTC, Brian Paul
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Johan Bilien 2008-01-29 07:59:51 UTC
Using git master from X server, drm, mesa and intel DDX.

I have a client which creates an indirect context and 2 FBOs in that context. When the client exits, the server crashes systematically.

#0  0x00000000 in ?? ()
#1  0xa758632f in delete_framebuffer_cb (id=1, data=0xa7744f20,
    userData=0x84dccf0) at main/context.c:656
#2  0xa75a8294 in _mesa_HashDeleteAll (table=0x84b5480,
    callback=0xa7586316 <delete_framebuffer_cb>, userData=0x84dccf0)
    at main/hash.c:275
#3  0xa7586916 in free_shared_state (ctx=0x84dccf0, ss=0x83b2c48)
    at main/context.c:724
#4  0xa7587733 in _mesa_free_context_data (ctx=0x84dccf0)
    at main/context.c:1261
#5  0xa7587797 in _mesa_destroy_context (ctx=0x84dccf0) at main/context.c:1285
#6  0xa7538b9a in intelDestroyContext (driContextPriv=0x84c1b68)
    at intel_context.c:647
#7  0xa752d785 in driDestroyContext (context=0x83b273c)
    at ../common/dri_util.c:547
#8  0xb7a91073 in __glXDRIcontextDestroy (baseContext=0x83b26e0)
    at glxdri.c:255
#9  0xb7a5abc4 in __glXFreeContext (cx=0x83b26e0) at glxext.c:140
#10 0xb7a5ac17 in ContextGone (cx=0xa7744f20, id=46137345) at glxext.c:98
#11 0x08073407 in FreeClientResources (client=0x83b2928) at resource.c:812
#12 0x080841c5 in CloseDownClient (client=0x83b2928) at dispatch.c:3689
#13 0x0808a401 in Dispatch () at dispatch.c:479
#14 0x080710ed in main (argc=9, argv=0xbfe0eda4, envp=Cannot access memory at address 0x138c
) at main.c:448
Comment 1 Johan Bilien 2008-01-29 08:09:08 UTC
Created attachment 14011 [details]
test case

Run the test case and exit with Ctrl-C. This results in the server crashing here.
Comment 2 Johan Bilien 2008-01-29 08:09:33 UTC
Created attachment 14012 [details]
Comment 3 Brian Paul 2008-01-29 10:19:33 UTC
Created attachment 14014 [details] [review]
patch to avoid deref of null function ptr

I think this has been reported before, and is still open.

Can you try the attached patch?
Comment 4 Johan Bilien 2008-01-29 22:43:55 UTC
Yes the attached patch fixes the crash.
Comment 5 Brian Paul 2008-01-30 07:14:22 UTC
Fixed in git.
Same as bug 13507.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.