Bugzilla – Bug 709
segfault in _gl_copy_visual_to_context_mode mixing new DRI and old libGL
Last modified: 2005-08-04 18:43:08 UTC
Using an X.Org libGL and r200 from Mesa CVS (2003-05-31) I get a segfault in
_gl_copy_visual_to_context_mode. I'm not at the machine, but iirc the segfault
was in that symbol in the r200 driver, while it was being called from a function
in libGL. Was reproduced by ajax as well.
Drivers need to use the libGL supplied version of _gl_context_modes_create if
the libGL version is higher than the version linked with the driver (i.e., the
libGL API version is higher than the driver knows about). This is because there
may be added fields in the structure. libGL will allocate a structure with the
added fields and initialize them. Since the driver doesn't even know these
fields exist, it will blissfully ignore them.
There seems to be some problem with this, however. My first thought was that
libGL was allocating a structure smaller than what the driver wanted. When the
driver accessed fields beyond what libGL allocated there was memory corruption.
I took a quick glance at the code, and the minimum_size parameter was added to
_gl_context_modes_create to solve just this problem. I'd have to look at the
Xorg code to see what other differences might exist.
I probably won't be able to look at this until Friday (6/4/2004) at the soonest.
If I start working on it, I will assign it to myself. Until then, it's up for
grabs. :) I should be available on #dri-devel if anyone wants to discuss it.
All of the _gl_context_mode_* functions have been removed from the drivers.
That elimintates any chance for this bug to crop up. Closing as fixed.