Looks like there's a problem with the error path at the end of
st_create_context_priv (line ~506): it calls st_destroy_context_priv
which will now destroy the pipe, which then leads to a double-destroy by
the caller.
Just setting st->pipe = NULL; would be enough.
Nicolai
On 20.01.2017 20:00, Marek Olšák wrote:
From: Marek Olšák <marek.ol...@amd.com>
If radeonsi starts compiling an optimized shader variant for asynchronously
with a GL debug callback set and the application destroys the GL context,
radeonsi crashes when trying to write shader stats into the debug output
of a non-existent context after compilation, because st/mesa was destroyed
before pipe_context.
Firefox with WebGL2 enabled hits this bug.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99456
Cc: 17.0 <mesa-sta...@lists.freedesktop.org>
---
src/mesa/state_tracker/st_context.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/mesa/state_tracker/st_context.c
b/src/mesa/state_tracker/st_context.c
index 0eae971..7a99e82 100644
--- a/src/mesa/state_tracker/st_context.c
+++ b/src/mesa/state_tracker/st_context.c
@@ -307,20 +307,24 @@ st_destroy_context_priv(struct st_context *st)
}
/* free glDrawPixels cache data */
free(st->drawpix_cache.image);
pipe_resource_reference(&st->drawpix_cache.texture, NULL);
/* free glReadPixels cache data */
st_invalidate_readpix_cache(st);
cso_destroy_context(st->cso_context);
+
+ if (st->pipe)
+ st->pipe->destroy(st->pipe);
+
free( st );
}
static struct st_context *
st_create_context_priv( struct gl_context *ctx, struct pipe_context *pipe,
const struct st_config_options *options)
{
struct pipe_screen *screen = pipe->screen;
uint i;
@@ -572,21 +576,20 @@ static void
destroy_tex_sampler_cb(GLuint id, void *data, void *userData)
{
struct gl_texture_object *texObj = (struct gl_texture_object *) data;
struct st_context *st = (struct st_context *) userData;
st_texture_release_sampler_view(st, st_texture_object(texObj));
}
void st_destroy_context( struct st_context *st )
{
- struct pipe_context *pipe = st->pipe;
struct gl_context *ctx = st->ctx;
GLuint i;
_mesa_HashWalk(ctx->Shared->TexObjects, destroy_tex_sampler_cb, st);
st_reference_fragprog(st, &st->fp, NULL);
st_reference_geomprog(st, &st->gp, NULL);
st_reference_vertprog(st, &st->vp, NULL);
st_reference_tesscprog(st, &st->tcp, NULL);
st_reference_tesseprog(st, &st->tep, NULL);
@@ -604,22 +607,20 @@ void st_destroy_context( struct st_context *st )
st_destroy_program_variants(st);
_mesa_free_context_data(ctx);
/* This will free the st_context too, so 'st' must not be accessed
* afterwards. */
st_destroy_context_priv(st);
st = NULL;
- pipe->destroy( pipe );
-
free(ctx);
}
static void
st_emit_string_marker(struct gl_context *ctx, const GLchar *string, GLsizei
len)
{
struct st_context *st = ctx->st;
st->pipe->emit_string_marker(st->pipe, string, len);
}
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
