fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-05 20:28:04 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

st/mesa: destroy pipe_context before destroying st_context (v2)

Browse source 
If radeonsi starts compiling an optimized shader variant asynchronously
with a GL debug callback set and the application destroys the GL context,
radeonsi crashes when trying to write shader stats into the debug output
of a non-existent context after compilation, because st/mesa was destroyed
before pipe_context.

Firefox with WebGL2 enabled hits this bug.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99456

v2: protect against a double destroy in st_create_context_priv and callers.

Cc: 17.0 <mesa-stable@lists.freedesktop.org>
Reviewed-by: Nicolai Hähnle <nicolai.haehnle@amd.com>
This commit is contained in:
Marek Olšák 2017-01-20 02:26:42 +01:00
parent dd65f0efc9
commit d9ef549238
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/mesa/state_tracker/st_context.c
View file

@ -278,7 +278,7 @@ void st_invalidate_state(struct gl_context * ctx, GLbitfield new_state)
static void
st_destroy_context_priv(struct st_context *st)
st_destroy_context_priv(struct st_context *st, bool destroy_pipe)
{
uint shader, i;
@ -314,6 +314,10 @@ st_destroy_context_priv(struct st_context *st)
st_invalidate_readpix_cache(st);
cso_destroy_context(st->cso_context);
if (st->pipe && destroy_pipe)
st->pipe->destroy(st->pipe);
free( st );
}
@ -503,7 +507,7 @@ st_create_context_priv( struct gl_context *ctx, struct pipe_context *pipe,
/* This can happen when a core profile was requested, but the driver
* does not support some features of GL 3.1 or later.
*/
st_destroy_context_priv(st);
st_destroy_context_priv(st, false);
return NULL;
}
@ -579,7 +583,6 @@ destroy_tex_sampler_cb(GLuint id, void *data, void *userData)
void st_destroy_context( struct st_context *st )
{
struct pipe_context *pipe = st->pipe;
struct gl_context *ctx = st->ctx;
GLuint i;
@ -608,11 +611,9 @@ void st_destroy_context( struct st_context *st )
/* This will free the st_context too, so 'st' must not be accessed
* afterwards. */
st_destroy_context_priv(st);
st_destroy_context_priv(st, true);
st = NULL;
pipe->destroy( pipe );
free(ctx);
}