Bug 14293 - Crash in delete_framebuffer_cb
Summary: Crash in delete_framebuffer_cb
Alias: None
Product: DRI
Classification: Unclassified
Component: DRM/other (show other bugs)
Version: XOrg git
Hardware: Other All
: medium normal
Assignee: Default DRI bug account
QA Contact:
Depends on:
Reported: 2008-01-29 07:59 UTC by Johan Bilien
Modified: 2008-01-30 10:00 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

test case (4.16 KB, text/x-csrc)
2008-01-29 08:09 UTC, Johan Bilien
no flags Details
Makefile (117 bytes, text/plain)
2008-01-29 08:09 UTC, Johan Bilien
no flags Details
patch to avoid deref of null function ptr (372 bytes, patch)
2008-01-29 10:19 UTC, Brian Paul
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Johan Bilien 2008-01-29 07:59:51 UTC
Using git master from X server, drm, mesa and intel DDX.

I have a client which creates an indirect context and 2 FBOs in that context. When the client exits, the server crashes systematically.

#0  0x00000000 in ?? ()
#1  0xa758632f in delete_framebuffer_cb (id=1, data=0xa7744f20,
    userData=0x84dccf0) at main/context.c:656
#2  0xa75a8294 in _mesa_HashDeleteAll (table=0x84b5480,
    callback=0xa7586316 <delete_framebuffer_cb>, userData=0x84dccf0)
    at main/hash.c:275
#3  0xa7586916 in free_shared_state (ctx=0x84dccf0, ss=0x83b2c48)
    at main/context.c:724
#4  0xa7587733 in _mesa_free_context_data (ctx=0x84dccf0)
    at main/context.c:1261
#5  0xa7587797 in _mesa_destroy_context (ctx=0x84dccf0) at main/context.c:1285
#6  0xa7538b9a in intelDestroyContext (driContextPriv=0x84c1b68)
    at intel_context.c:647
#7  0xa752d785 in driDestroyContext (context=0x83b273c)
    at ../common/dri_util.c:547
#8  0xb7a91073 in __glXDRIcontextDestroy (baseContext=0x83b26e0)
    at glxdri.c:255
#9  0xb7a5abc4 in __glXFreeContext (cx=0x83b26e0) at glxext.c:140
#10 0xb7a5ac17 in ContextGone (cx=0xa7744f20, id=46137345) at glxext.c:98
#11 0x08073407 in FreeClientResources (client=0x83b2928) at resource.c:812
#12 0x080841c5 in CloseDownClient (client=0x83b2928) at dispatch.c:3689
#13 0x0808a401 in Dispatch () at dispatch.c:479
#14 0x080710ed in main (argc=9, argv=0xbfe0eda4, envp=Cannot access memory at address 0x138c
) at main.c:448
Comment 1 Johan Bilien 2008-01-29 08:09:08 UTC
Created attachment 14011 [details]
test case

Run the test case and exit with Ctrl-C. This results in the server crashing here.
Comment 2 Johan Bilien 2008-01-29 08:09:33 UTC
Created attachment 14012 [details]
Comment 3 Brian Paul 2008-01-29 10:19:33 UTC
Created attachment 14014 [details] [review]
patch to avoid deref of null function ptr

I think this has been reported before, and is still open.

Can you try the attached patch?
Comment 4 Johan Bilien 2008-01-29 22:43:55 UTC
Yes the attached patch fixes the crash.
Comment 5 Brian Paul 2008-01-30 07:14:22 UTC
Fixed in git.
Same as bug 13507.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct.