When the client creates a direct context the server internally creates a __GLXcontext which has function pointers for various operations on the context. However it only fills in the destroy member so if one of the other functions gets called the server will crash. This happens if the application sends X_GLXMakeCurrent because it will try to call loseCurrent when the context becomes no longer current. There may also be ways of triggering the other function pointers. This was discovered in the discussion for bug 54080.
Created attachment 109809 [details] Example to demonstrate the problem
Created attachment 109810 [details] [review] glx: Add implementation of __GLXContext->loseCurrent for direct ctxts This adds a dummy implementation for the loseCurrent function in __GLXContext for direct contexts which just returns GL_TRUE. Without this then the X server can crash if receives a MakeCurrent message for a direct context because it will attempt to call loseCurrent when cleaning up the client in the callback for ClientStateGone.
lgtm, forwarded to the devel list
commit c1455f76c6b1aa4ecaacb2221a687244285aa44b Author: Neil Roberts <neil@linux.intel.com> Date: Mon Dec 1 16:06:17 2014 -0500 glx: Add implementation of __GLXContext->loseCurrent for direct ctxts
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.