On Tue, Apr 24, 2018 at 3:13 AM, Johan Helsing <johan.hels...@qt.io> wrote:
> Emil: Your alternative patch won't work because dri_make_current is not > necessarily called with NULL after a buffer has been destroyed. > > > The problematic sequence is a pattern we use in QtWayland: > > > //create temporary context > > surface1 = eglCreateWindowSurface() <-- dri_drawable pointer is malloced > > eglMakeCurrent(surface1) <-- ctx->dPriv is set > > > // ... (Get some information about available GL extensions etc) > > > eglDestroySurface(surface1) <-- pointer is freed, ctx->dPriv is now > dangling > > surface2 = eglCreateWindowSurface() <-- Creating a new surface. Sometimes > it's address will be the same as the free'd pointer. > > eglMakeCurrent(surface2) <-- In dri_make_current, ctx->dPriv == > driReadPriv may return true because the pointers may be equal > > => The drawable info is not updated. Width and height for the > drawable is not set from the wl_egl_window on the first frame. > > > Marek: How exactly does it crash? Are you sure firefox didn't previously > access free'd memory through the dangling pointer and that it was just > exposed now that the pointer is NULL? > ctx was a dangling pointer, which means ctx had been destroyed, and reading ctx->dPriv crashed. Marek
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
