[Mesa3d-dev] Bug in dri_util.c ?

Sun, 09 Nov 2008 23:15:46 -0800 

Hello,

I found an uninitialized memory in mesa dri that leads to a segfault, yet I do 
not know how or if to file a bugreport.

I tried to play AlienArena2008 (v7.20) and it segfaulted. By running it in gdb 
I noticed the segfault happens in driReportDamage, dri_util.c:438 of Mesa 7.2. 
. There is a line "(*psp->damage->reportDamage)(...);" which makes a call to a 
function pointer. By looking at the variables, I noticed that "psp->damage" has 
nonsense-values. 
psp->damage is neither zero nor pointing to valid memory (debuger tells me 
*psp->damage: memory not accessable). It looks like uninitialized memory and 
obviously leads to the segfault.
AFAICS the relevant structure is created in function driCreateNewScreen() (in 
dri_util.c:833). Memory is allocated there and then part of the structure is 
initialzed, but psp->damage is obviously not initialized.

I patched that part of the driver so that the whole structure is initialized 
with zeros (before any other inits). After building and installing mesa again, 
the segfault in Mesa is gone and I could play AlienArena.


So, is this a bug in mesa or am I just using an invalid configuration (e.g. old 
xserver) ?

System configuration: 
- debian etch
- lspci|grep Display
  06:00.1 Display controller: ATI Technologies Inc RV370 [Radeon X300SE]
- dpkg -l xserver-xorg
  xserver-xorg   7.1.0-19
- self-compiled drm from current git
- self-compiled mesa 7.2

If it is a bug, is my fix the correct solution ? Or is sth else responsible for 
initing the memory or not using the uninited memory ? Or is my solution 
acceptable as a workaround at least ?

Bye,
Wolfgang


--- Mesa-7.2/src/mesa/drivers/dri/common/dri_util.c     2008-08-25 
16:46:43.000000000 +0200
+++ Mesa-7.2-fixed/src/mesa/drivers/dri/common/dri_util.c  2008-11-09 
01:21:03.000000000 +0100
@@ -847,6 +847,7 @@
     if (!psp)
        return NULL;
 
+    memset(psp,0,sizeof(*psp));
     setupLoaderExtensions(psp, extensions);
 
     /*


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Mesa3d-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mesa3d-dev

Reply via email to