Hi,While investigating problems due to the display lists not sharing with Windows GDI, I found that if the display list stack ever reaches MAX_LIST_NESTING then when it decrements in the index, ctx->ListState.CallDepth it clears the Callstack entry for the incremented value. This is one greater than what corresponds to where the Callstack entry was set at the start of the routine with a post_fix increment. This probably does not normally have any effect, (as the only consequence would be leaving one of the Callstack entries set). However when the maximum count is reached this overreaches the list, clearing the next entry in the structure which happens to be the CallDepth itself, setting this to zero. When the stack then unrolls further it decrements this zero value, and sets random memory to zero.
I have attached a simple patch which changes the decrement from postfix to prefix, which is the complement of the postfix increment at the start of the routine.
Again, this is versus a 7.0.1 source base. Shane.
diff -r -x '*.o' -x '*.dll' Mesa-7.0.1/src/mesa/main/dlist.c Mesa-7.0.1-dlistCorrupt/src/mesa/main/dlist.c 6632c6632 < ctx->ListState.CallStack[ctx->ListState.CallDepth--] = NULL; --- > ctx->ListState.CallStack[--ctx->ListState.CallDepth] = NULL;
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ Mesa3d-dev mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mesa3d-dev
