Created attachment 20860 [details] [review] Prevent double unref of glxdrawable Valgrind found this use-after-free (unref of already unrefed reference): ==11424== Invalid read of size 4 ==11424== at 0x49B59BB: __glXUnrefDrawable (glxutil.c:54) ==11424== by 0x49B168E: __glXContextDestroy (glxcmds.c:149) ==11424== by 0x49BF731: __glXDRIcontextDestroy (glxdri2.c:156) ==11424== by 0x49B3DB8: __glXFreeContext (glxext.c:160) ==11424== by 0x49B3E0A: ContextGone (glxext.c:109) ==11424== by 0x806B231: FreeResourceByType (resource.c:597) ==11424== by 0x49AFFA7: __glXDisp_DestroyContext (glxcmds.c:336) ==11424== by 0x49B419F: __glXDispatch (glxext.c:523) ==11424== by 0x808483E: Dispatch (dispatch.c:437) ==11424== by 0x806926C: main (main.c:383) ==11424== Address 0x467dad4 is 28 bytes inside a block of size 160 free'd ==11424== at 0x4023E9A: free (vg_replace_malloc.c:323) ==11424== by 0x812D571: Xfree (utils.c:1165) ==11424== by 0x49BF6F0: __glXDRIdrawableDestroy (glxdri2.c:110) ==11424== by 0x49B59E9: __glXUnrefDrawable (glxutil.c:58) ==11424== by 0x49B167F: __glXContextDestroy (glxcmds.c:147) ==11424== by 0x49BF731: __glXDRIcontextDestroy (glxdri2.c:156) ==11424== by 0x49B3DB8: __glXFreeContext (glxext.c:160) ==11424== by 0x49B3E0A: ContextGone (glxext.c:109) ==11424== by 0x806B231: FreeResourceByType (resource.c:597) ==11424== by 0x49AFFA7: __glXDisp_DestroyContext (glxcmds.c:336) ==11424== by 0x49B419F: __glXDispatch (glxext.c:523) ==11424== by 0x808483E: Dispatch (dispatch.c:437) The attached patch fixes this by NULLing the unrefed variables. The context itself seems to be handled correctly.
commit 29b3b88dc744f4919c6709747ddb7baac47486c5 Author: Pierre Willenbrock <pierre@pirsoft.de> Date: Fri Jan 30 21:16:48 2009 -0800 Prevent double unref of glxdrawables Found by valgrind. Bug #18917.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.