[Mesa3d-dev] [Bug 15834] New: Current Amira version 4.1. 1 causes X to crash in _tnl_InvalidateState

Mon, 05 May 2008 08:00:47 -0700 

http://bugs.freedesktop.org/show_bug.cgi?id=15834

           Summary: Current Amira version 4.1.1 causes X to crash in
                    _tnl_InvalidateState
           Product: Mesa
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: high
         Component: Mesa core
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


When running Amira under current git version of X and current git version of
mesa, dri and so on, Amira crashes the whole session. 


(gdb)
Program received signal SIGSEGV, Segmentation fault.
0xaf814ea2 in _tnl_InvalidateState (ctx=0x9074e98, new_state=525315) at
tnl/t_context.c:140
140        if (ctx->Fog.Enabled ||

(gdb) bt
#0  0xaf814ea2 in _tnl_InvalidateState (ctx=0x9074e98, new_state=525315) at
tnl/t_context.c:140
#1  0xaf767ef0 in intelInvalidateState (ctx=0x9074e98, new_state=525315) at
intel_context.c:340
#2  0xaf7da923 in _mesa_update_state_locked (ctx=0x9074e98) at
main/state.c:1253
#3  0xaf7dac2a in _mesa_update_state (ctx=0x9074e98) at main/state.c:1264
#4  0xaf80aeb8 in vbo_exec_Begin (mode=4) at vbo/vbo_exec_api.c:509
#5  0xb7b66315 in __glXDisp_Begin (pc=0x93bd7e4 "\004") at
indirect_dispatch.c:156
#6  0xb7b495ee in __glXDisp_Render (cl=0x86205a4, pc=0x93bd7e0 "\b") at
glxcmds.c:1788
#7  0xb7b4d966 in __glXDispatch (client=0x86204e0) at glxext.c:492
#8  0x0808abfc in Dispatch () at dispatch.c:451
#9  0x080716ea in main (argc=8, argv=0xbfa4a9b4, envp=0x909f870) at main.c:433

This is the location within _tnl_InvalidateState

140        if (ctx->Fog.Enabled ||
141            ((ctx->FragmentProgram._Active || ctx->FragmentProgram._Current)
&&
142             (ctx->FragmentProgram._Current->FogOption != GL_NONE ||
143              (ctx->FragmentProgram._Current->Base.InputsRead &
FRAG_BIT_FOGC))))
144           RENDERINPUTS_SET( tnl->render_inputs_bitset, _TNL_ATTRIB_FOG );


The problem is here, that for whatever reason, ctx->FragmentProgram._Active
happens to be nonzero, whereas ctx->FragmentProgram._Current actually is zero.
Therefore dereferencing ctx->FragmentProgam._Current will signal.

Fix would be simple. Change that "||" to "&&".

(BTW: Wouldn't you like to change the "CVS" tag to "git" in this form?)


-- 
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Mesa3d-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mesa3d-dev

Reply via email to