Bug 29184 - glXSwapBuffers with no GLX context crashes X.
Summary: glXSwapBuffers with no GLX context crashes X.
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: Server/General (show other bugs)
Version: git
Hardware: Other All
: medium major
Assignee: Xorg Project Team
QA Contact: Xorg Project Team
URL:
Whiteboard:
Keywords:
: 31537 33071 (view as bug list)
Depends on:
Blocks: xserver-1.9
  Show dependency treegraph
 
Reported: 2010-07-20 16:58 UTC by Nick Bowler
Modified: 2011-01-14 00:51 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:


Attachments
Test case. (744 bytes, text/plain)
2010-07-20 16:58 UTC, Nick Bowler
no flags Details
Prevent NULL context deref in __glXGetDrawable() (1.41 KB, patch)
2010-07-21 03:07 UTC, Chris Wilson
no flags Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Bowler 2010-07-20 16:58:02 UTC
Created attachment 37254 [details]
Test case.

Calling glXSwapBuffers with no active GLX context instantly crashes the X
server.  Test case attached, occurs with all renderers that I could test,
with both direct and indirect rendering.

Using latest git libdrm/xserver/xf86-video-intel/mesa on a T500 laptop with
a GM45.  Also occurs with nouveau on an NV36, so it doesn't look driver specific.

Backtrace:
[172181.018] 0: /usr/bin/X (xorg_backtrace+0x28) [0x4681e8]
[172181.018] 1: /usr/bin/X (0x400000+0x68149) [0x468149]
[172181.018] 2: /lib/libpthread.so.0 (0x7f4068423000+0xf120) [0x7f4068432120]
[172181.018] 3: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x3348e) [0x7f406606448e]
[172181.018] 4: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x3372e) [0x7f406606472e]
[172181.019] 5: /usr/lib/xorg/modules/extensions/libglx.so (0x7f4066031000+0x369b0) [0x7f40660679b0]
[172181.019] 6: /usr/bin/X (0x400000+0x526b9) [0x4526b9]
[172181.019] 7: /usr/bin/X (0x400000+0x2482a) [0x42482a]
[172181.019] 8: /lib/libc.so.6 (__libc_start_main+0xfd) [0x7f40673b7bbd]
[172181.019] 9: /usr/bin/X (0x400000+0x243c9) [0x4243c9]
[172181.019] Segmentation fault at address 0x50
[172181.019] 
Fatal server error:
[172181.019] Caught signal 11 (Segmentation fault). Server aborting
Comment 1 Chris Wilson 2010-07-21 03:07:43 UTC
Created attachment 37259 [details] [review]
Prevent  NULL context deref in __glXGetDrawable() 

I was sure I had submitted this patch much earlier...

Here we go:

1277378103-17960-1-git-send-email-chris@chris-wilson.co.uk on xorg-devel@
Comment 2 Nick Bowler 2010-07-21 06:11:58 UTC
Yup, that fixes it, thanks.
Comment 3 Adam Jackson 2010-08-13 08:16:18 UTC
(In reply to comment #1)
> Created an attachment (id=37259) [details]

Reviewed-by: Adam Jackson <ajax@redhat.com>
Comment 4 Julien Cristau 2010-08-20 09:09:27 UTC
commit 7e581780603d6b15291d032efdeeca77f969e0ba
Author: Chris Wilson <chris@chris-wilson.co.uk>
Date:   Thu Jun 24 12:24:58 2010 +0100

    glx: Prevent NULL context deref in __glXGetDrawable() (bug 29184)
    
    During a SwapBuffers request, we may end up querying an unknown drawable
    outside of an active context, and so need to report this error prior to
    attempting to dereference the NULL context.
    
    Also fixes:
    
      [Bug 29184] glXSwapBuffers with no GLX context crashes X.
      https://bugs.freedesktop.org/show_bug.cgi?id=29184
    
    Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
    Cc: Kristian Høgsberg <krh@bitplanet.net>
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Signed-off-by: Keith Packard <keithp@keithp.com>
Comment 5 Julien Cristau 2010-11-11 01:41:34 UTC
*** Bug 31537 has been marked as a duplicate of this bug. ***
Comment 6 Michel Dänzer 2011-01-14 00:51:12 UTC
*** Bug 33071 has been marked as a duplicate of this bug. ***


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.