I think there is a problem with this patch: (http://marc.theaimsgroup.com/?l=xfree-cvs&m=104493451323441&w=2)
868. Revert the DestroyContext, GarbageCollectDrawables reording in dri_util.c, and instead check if the drawable is known to the DRI client code before calling XF86DRIGetDrawableInfo (Egbert Eich). The patch moves the call to __driGarbageCollectDrawables() in driDestroyContext() (dri_util.c) back before the call to the driver's DestroyContext() callback. However, when the radeon driver calls __driUtilUpdateDrawableInfo() in it's DestroyContext() (when locking the DRM), a double-free can happen on pdp->pClipRects. The problem is that the memory pointed to by pClipRects has already been freed by driDestroyDrawable() (via __driGarbageCollectDrawables()), but 'pdp' in the context of __driUtilUpdateDrawableInfo() is the radeon driver's mirrored copy of the drawable private struct, which still has a pointer to the freed pClipRects. In fact, the drawable private struct itself (pointed to by pdp) has also been freed, but again the mirrored pointer still exists in the radeon driver, so this pointer really shouldn't even be dereferenced. The easiest/quickest fix would be to move __driGarbageCollectDrawables() back to after the driver's DestroyContext() callback as in the original patch in DRI cvs. I think an argument could also be made that the (radeon) driver should NULL out it's mirrored drawable pointer in it's DestroyBuffer() callback, which is called by driDestroyDrawable() just before it destroys/frees the drawable. That would also require adding a check for a NULL drawable to the driver's locking function (probably just returning after the DRM lock ioctl). I'm not sure if there would be any other side effects to that change. Comments? It also looks to me like there could be a memory leak on pBackClipRects in driDestroyDrawable(). It looks like pBackClipRects should be freed there (if non-NULL) along with pClipRects. Is this freed somewhere that I'm missing? -- Leif Delgass http://www.retinalburn.net ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Dri-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/dri-devel