Bug 74251 - Segfault in st_finalize_texture with Texture Buffer
Summary: Segfault in st_finalize_texture with Texture Buffer
Status: RESOLVED FIXED
Alias: None
Product: Mesa
Classification: Unclassified
Component: Mesa core (show other bugs)
Version: 10.0
Hardware: x86-64 (AMD64) Linux (All)
: medium normal
Assignee: mesa-dev
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-30 23:00 UTC by Ian Milligan
Modified: 2014-02-14 20:47 UTC (History)
0 users

See Also:
i915 platform:
i915 features:

Attachments
Vertex shader using texture buffer. (143 bytes, text/plain)
2014-01-31 01:21 UTC, Ian Milligan 		Details
Failing code. (1.09 KB, text/plain)
2014-01-31 01:22 UTC, Ian Milligan 		Details
View All

Description Ian Milligan 2014-01-30 23:00:05 UTC 
Using a texture buffer in mesa 10.1 causes a segfault at st_finalize_texture (st_cb_texture.c:1488). This only appears to occur if the texture buffer is used by the shader. Additionally, if I never unbind and rebind the texture, there is no segfault but the texture buffer still doesn't seem to work properly.
Comment 1 Ian Milligan 2014-01-30 23:01:09 UTC 
I forgot to add that I am using the r600g driver.
Comment 2 Marek Olšák 2014-01-30 23:05:31 UTC 
Could you please attach the backtrace?
Comment 3 Ian Milligan 2014-01-30 23:08:27 UTC 
Oops, I meant mesa 10.0 of course. Here is the backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff26296f4 in st_finalize_texture (ctx=0x7ffff1324010, pipe=0xf1b2e0, tObj=0xf25d70) at state_tracker/st_cb_texture.c:1488
1488    state_tracker/st_cb_texture.c: No such file or directory.
(gdb) bt
#0  0x00007ffff26296f4 in st_finalize_texture (ctx=0x7ffff1324010, pipe=0xf1b2e0, tObj=0xf25d70) at state_tracker/st_cb_texture.c:1488
#1  0x00007ffff26147aa in finalize_textures (st=0xfc5660) at state_tracker/st_atom_texture.c:420
#2  0x00007ffff260d546 in st_validate_state (st=0xfc5660) at state_tracker/st_atom.c:202
#3  0x00007ffff2619c40 in st_Clear (ctx=0x7ffff1324010, mask=2) at state_tracker/st_cb_clear.c:390
#4  0x00007ffff249901a in _mesa_Clear (mask=16384) at main/clear.c:202
#5  0x000000000040970c in sbXU_info ()
#6  0x00007ffff3dd9010 in ?? ()
#7  0x0000000000000000 in ?? ()
Comment 4 Marek Olšák 2014-01-30 23:46:30 UTC 
Do you have a code sample how to reproduce this?
Comment 5 Ian Milligan 2014-01-30 23:51:03 UTC 
I do but it's not written in C. Let me try to write something which can reproduce this.
Comment 6 Ian Milligan 2014-01-31 01:21:24 UTC 
Created attachment 93095 [details]
Vertex shader using texture buffer.
Comment 7 Ian Milligan 2014-01-31 01:22:10 UTC 
Created attachment 93096 [details]
Failing code.
Comment 8 Ian Milligan 2014-01-31 01:22:41 UTC 
The segfault appears to occur when glClear is called while a vertex shader expecting a texture buffer is loaded, but no texture is bound. This can be reproduced simply by loading the attached vertex shader and calling glClear.
Comment 9 Ian Milligan 2014-02-03 22:33:35 UTC 
It appears that loading a shader which expects a texture buffer causes the first texture unit's target to be set to TEXTURE_BUFFER. When st_validate_state is called without a texture bound to this texture unit, st_validate_texture is called on this texture unit's texture object. However st_validate_texture expects a texture object with target TEXTURE_BUFFER to have defined the field BufferObject, causing the null pointer dereference. Unfortunately, I'm not sure where the fault lies here.
Comment 11 Marek Olšák 2014-02-14 20:47:33 UTC 
Indeed. The fix will be backported to stable branches if it hasn't been backported already. Closing.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.