On 2019-01-13 5:55 p.m., John David Anglin wrote: > On 2019-01-13 2:52 p.m., John David Anglin wrote: >> Looks to me to be a NULL pointer check issue in mesa: >> >> static inline struct wl_drm_buffer * >> wayland_drm_buffer_get(struct wl_drm *drm, struct wl_resource *resource) >> { >> if (resource == NULL) >> return NULL; >> >> if (wl_resource_instance_of(resource, &wl_buffer_interface, >> &drm->buffer_interface)) >> return wl_resource_get_user_data(resource); >> else >> return NULL; >> } >> >> (gdb) disass $pc-32-16,$pc+16 >> Dump of assembler code from 0xec46dd14 to 0xec46dd54: >> 0xec46dd14 <dri2_query_wayland_buffer_wl+0>: stw rp,-14(sp) >> 0xec46dd18 <dri2_query_wayland_buffer_wl+4>: ldo 80(sp),sp >> 0xec46dd1c <dri2_query_wayland_buffer_wl+8>: ldw -b4(sp),ret0 >> 0xec46dd20 <dri2_query_wayland_buffer_wl+12>: stw r5,-74(sp) >> 0xec46dd24 <dri2_query_wayland_buffer_wl+16>: copy r23,r5 >> 0xec46dd28 <dri2_query_wayland_buffer_wl+20>: stw r4,-70(sp) >> 0xec46dd2c <dri2_query_wayland_buffer_wl+24>: stw r3,-6c(sp) >> 0xec46dd30 <dri2_query_wayland_buffer_wl+28>: stw r19,-20(sp) >> 0xec46dd34 <dri2_query_wayland_buffer_wl+32>: stw ret0,-78(sp) >> 0xec46dd38 <dri2_query_wayland_buffer_wl+36>: ldw 58(r25),ret0 >> 0xec46dd3c <dri2_query_wayland_buffer_wl+40>: ldo c0(ret0),ret0 >> 0xec46dd40 <dri2_query_wayland_buffer_wl+44>: movb,= >> r24,r3,0xec46dd94 <dri2_query_wayland_buffer_wl+128> >> => 0xec46dd44 <dri2_query_wayland_buffer_wl+48>: ldw 0(ret0),ret0 >> 0xec46dd48 <dri2_query_wayland_buffer_wl+52>: addil L%800,r19,r1 >> 0xec46dd4c <dri2_query_wayland_buffer_wl+56>: copy r19,r4 >> 0xec46dd50 <dri2_query_wayland_buffer_wl+60>: ldw 200(r1),r25 >> >> The NULL pointer check has bee4n optimized away. The bug is in this mesa code:
dri2_query_wayland_buffer_wl(_EGLDriver *drv, _EGLDisplay *disp, struct wl_resource *buffer_resource, EGLint attribute, EGLint *value) { struct dri2_egl_display *dri2_dpy = dri2_egl_display(disp); struct wl_drm_buffer *buffer; const struct wl_drm_components_descriptor *format; if (!dri2_dpy) return EGL_FALSE; buffer = wayland_drm_buffer_get(dri2_dpy->wl_server_drm, buffer_resource); if (!buffer) return EGL_FALSE; The segmentation fault occurs because dri2_dpy is NULL. The sequence point in argument evaluation requires evaluation of dri2_dpy->wl_server_drm before the resource NULL pointer check in wayland_drm_buffer_get. With this fixed, qtwayland-opensource-src build is successful: https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src&arch=hppa&ver=5.11.3-2&stamp=1547696629&raw=0 Regards, Dave Anglin -- John David Anglin dave.ang...@bell.net