On 2019-01-13 5:55 p.m., John David Anglin wrote:
> On 2019-01-13 2:52 p.m., John David Anglin wrote:
>> Looks to me to be a NULL pointer check issue in mesa:
>>
>> static inline struct wl_drm_buffer *
>> wayland_drm_buffer_get(struct wl_drm *drm, struct wl_resource *resource)
>> {
>> if (resource == NULL)
>> return NULL;
>>
>> if (wl_resource_instance_of(resource, &wl_buffer_interface,
>> &drm->buffer_interface))
>> return wl_resource_get_user_data(resource);
>> else
>> return NULL;
>> }
>>
>> (gdb) disass $pc-32-16,$pc+16
>> Dump of assembler code from 0xec46dd14 to 0xec46dd54:
>> 0xec46dd14 <dri2_query_wayland_buffer_wl+0>: stw rp,-14(sp)
>> 0xec46dd18 <dri2_query_wayland_buffer_wl+4>: ldo 80(sp),sp
>> 0xec46dd1c <dri2_query_wayland_buffer_wl+8>: ldw -b4(sp),ret0
>> 0xec46dd20 <dri2_query_wayland_buffer_wl+12>: stw r5,-74(sp)
>> 0xec46dd24 <dri2_query_wayland_buffer_wl+16>: copy r23,r5
>> 0xec46dd28 <dri2_query_wayland_buffer_wl+20>: stw r4,-70(sp)
>> 0xec46dd2c <dri2_query_wayland_buffer_wl+24>: stw r3,-6c(sp)
>> 0xec46dd30 <dri2_query_wayland_buffer_wl+28>: stw r19,-20(sp)
>> 0xec46dd34 <dri2_query_wayland_buffer_wl+32>: stw ret0,-78(sp)
>> 0xec46dd38 <dri2_query_wayland_buffer_wl+36>: ldw 58(r25),ret0
>> 0xec46dd3c <dri2_query_wayland_buffer_wl+40>: ldo c0(ret0),ret0
>> 0xec46dd40 <dri2_query_wayland_buffer_wl+44>: movb,=
>> r24,r3,0xec46dd94 <dri2_query_wayland_buffer_wl+128>
>> => 0xec46dd44 <dri2_query_wayland_buffer_wl+48>: ldw 0(ret0),ret0
>> 0xec46dd48 <dri2_query_wayland_buffer_wl+52>: addil L%800,r19,r1
>> 0xec46dd4c <dri2_query_wayland_buffer_wl+56>: copy r19,r4
>> 0xec46dd50 <dri2_query_wayland_buffer_wl+60>: ldw 200(r1),r25
>>
>> The NULL pointer check has bee4n optimized away.
The bug is in this mesa code:
dri2_query_wayland_buffer_wl(_EGLDriver *drv, _EGLDisplay *disp,
struct wl_resource *buffer_resource,
EGLint attribute, EGLint *value)
{
struct dri2_egl_display *dri2_dpy = dri2_egl_display(disp);
struct wl_drm_buffer *buffer;
const struct wl_drm_components_descriptor *format;
if (!dri2_dpy)
return EGL_FALSE;
buffer = wayland_drm_buffer_get(dri2_dpy->wl_server_drm,
buffer_resource);
if (!buffer)
return EGL_FALSE;
The segmentation fault occurs because dri2_dpy is NULL. The sequence
point in argument
evaluation requires evaluation of dri2_dpy->wl_server_drm before the
resource NULL pointer
check in wayland_drm_buffer_get.
With this fixed, qtwayland-opensource-src build is successful:
https://buildd.debian.org/status/fetch.php?pkg=qtwayland-opensource-src&arch=hppa&ver=5.11.3-2&stamp=1547696629&raw=0
Regards,
Dave Anglin
--
John David Anglin dave.ang...@bell.net
