When running Amira under current git version of X and current git version of mesa, dri and so on, Amira crashes the whole session. (gdb) Program received signal SIGSEGV, Segmentation fault. 0xaf814ea2 in _tnl_InvalidateState (ctx=0x9074e98, new_state=525315) at tnl/t_context.c:140 140 if (ctx->Fog.Enabled || (gdb) bt #0 0xaf814ea2 in _tnl_InvalidateState (ctx=0x9074e98, new_state=525315) at tnl/t_context.c:140 #1 0xaf767ef0 in intelInvalidateState (ctx=0x9074e98, new_state=525315) at intel_context.c:340 #2 0xaf7da923 in _mesa_update_state_locked (ctx=0x9074e98) at main/state.c:1253 #3 0xaf7dac2a in _mesa_update_state (ctx=0x9074e98) at main/state.c:1264 #4 0xaf80aeb8 in vbo_exec_Begin (mode=4) at vbo/vbo_exec_api.c:509 #5 0xb7b66315 in __glXDisp_Begin (pc=0x93bd7e4 "\004") at indirect_dispatch.c:156 #6 0xb7b495ee in __glXDisp_Render (cl=0x86205a4, pc=0x93bd7e0 "\b") at glxcmds.c:1788 #7 0xb7b4d966 in __glXDispatch (client=0x86204e0) at glxext.c:492 #8 0x0808abfc in Dispatch () at dispatch.c:451 #9 0x080716ea in main (argc=8, argv=0xbfa4a9b4, envp=0x909f870) at main.c:433 This is the location within _tnl_InvalidateState 140 if (ctx->Fog.Enabled || 141 ((ctx->FragmentProgram._Active || ctx->FragmentProgram._Current) && 142 (ctx->FragmentProgram._Current->FogOption != GL_NONE || 143 (ctx->FragmentProgram._Current->Base.InputsRead & FRAG_BIT_FOGC)))) 144 RENDERINPUTS_SET( tnl->render_inputs_bitset, _TNL_ATTRIB_FOG ); The problem is here, that for whatever reason, ctx->FragmentProgram._Active happens to be nonzero, whereas ctx->FragmentProgram._Current actually is zero. Therefore dereferencing ctx->FragmentProgam._Current will signal. Fix would be simple. Change that "||" to "&&". (BTW: Wouldn't you like to change the "CVS" tag to "git" in this form?)
Created attachment 16411 [details] gdb log with backtrace and structure dumps This excerpt is perhaps already enough to illuminate the scene: (gdb) sele 2 (gdb) print ctx->Fog $3 = {Enabled = 0 '\0', Color = {0, 0, 0, 0}, Density = 1, Start = 0, End = 1, Index = 0, Mode = 2048, ColorSumEnabled = 0 '\0', FogCoordinateSource = 33874, _Scale = 1} (gdb) print ctx->FragmentProgram $4 = {Enabled = 0 '\0', _Enabled = 0 '\0', _Active = 1 '\001', Current = 0x9088bc8, _Current = 0x0, Parameters = {{0, 0, 0, 0} <repeats 128 times>}, _MaintainTexEnvProgram = 0 '\0', _UseTexEnvProgram = 1 '\001', _TexEnvProgram = 0x0, Callback = 0, CallbackData = 0x0, CallbackEnabled = 0 '\0', CurrentPosition = 0} I may add, that after I locally fixed this, amira again crashed the system, this time within drm kernel module, saying: [drm:drm_bo_expire_fence] *ERROR* Detected GPU lockup or fence driver was taken down. Evicting buffer. [drm:drm_bo_leave_list] *ERROR* A DRM_BO_NO_EVICT buffer present at cleanup. Removing flag and evicting. I don't currently have also a backtrace for that bug araound, since this was obtained while looking for the cause of another a bug located within latest xf86-video-intel driver. I will retry it after that getting fixed. Let me add, that the source for all this may really be a header inconsistency, which I myself can't fix, since Amira is closed source. But even that presumably beeing the case, running a buggy program or a program which was compiled for another minor X revision shouldn't crash the whole system.
A similar backtrace has been caught by Vincent Bernat with Mesa 7.1.1 when running Blender: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497096
*** Bug 17237 has been marked as a duplicate of this bug. ***
Created attachment 18980 [details] [review] patch to fix segfault Can you try the attached patch?
I've committed my patch for Mesa 7.2. Would still appreciate confirmation from an Amira user that this is fixed now.
Feedback timeout, and the fix was committed. commit 58dce864e659da3d1f9761154e622a45e420c229 Author: Brian Paul <brian.paul@tungstengraphics.com> Date: Thu Sep 18 15:29:57 2008 -0600 mesa: fix null ptr deref bug in _tnl_InvalidateState(), bug 15834
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.