Bug 709 - segfault in _gl_copy_visual_to_context_mode mixing new DRI and old libGL
segfault in _gl_copy_visual_to_context_mode mixing new DRI and old libGL
Product: DRI
Classification: Unclassified
Component: General
DRI git
x86 (IA32) All
: high normal
Assigned To: Default DRI bug account
Depends on:
  Show dependency treegraph
Reported: 2004-06-02 08:46 UTC by Eric Anholt
Modified: 2005-08-04 18:43 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Note You need to log in before you can comment on or make changes to this bug.
Description Eric Anholt 2004-06-02 08:46:07 UTC
Using an X.Org libGL and r200 from Mesa CVS (2003-05-31) I get a segfault in
_gl_copy_visual_to_context_mode.  I'm not at the machine, but iirc the segfault
was in that symbol in the r200 driver, while it was being called from a function
in libGL.  Was reproduced by ajax as well.
Comment 1 Ian Romanick 2004-06-02 08:57:20 UTC
Drivers need to use the libGL supplied version of _gl_context_modes_create if
the libGL version is higher than the version linked with the driver (i.e., the
libGL API version is higher than the driver knows about).  This is because there
may be added fields in the structure.  libGL will allocate a structure with the
added fields and initialize them.  Since the driver doesn't even know these
fields exist, it will blissfully ignore them.

There seems to be some problem with this, however.  My first thought was that
libGL was allocating a structure smaller than what the driver wanted.  When the
driver accessed fields beyond what libGL allocated there was memory corruption.
 I took a quick glance at the code, and the minimum_size parameter was added to
_gl_context_modes_create to solve just this problem.  I'd have to look at the
Xorg code to see what other differences might exist.

I probably won't be able to look at this until Friday (6/4/2004) at the soonest.
 If I start working on it, I will assign it to myself.  Until then, it's up for
grabs. :)  I should be available on #dri-devel if anyone wants to discuss it.
Comment 2 Ian Romanick 2005-08-06 04:43:08 UTC
All of the _gl_context_mode_* functions have been removed from the drivers. 
That elimintates any chance for this bug to crop up.  Closing as fixed.