From Bugzilla Helper:
User-Agent: Mozilla/4.79C-SGI [en] (X11; I; IRIX 6.5 IP32)
Description of problem:
I have an application that opens a GL context - but then due to a bug - dies.
seeing that the application has closed, attempts to cleanup memory.
In xc/extras/Mesa/src/tnl a memory cache is maintained of the last freed memory.
_tnl_DestroyContext will call _tnl_free_immediate with a pointer to this memory
- which may
be a NULL pointer.
_tnl_free_immediate assumes that the pointer passed to it is valid.
There are two possible fixes - either in tnl_free_immediate - to detect a NULL
pointer or _tnl_DestroyContext.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run a specific program I cannot send - but I will work on a minimal coding
Actual Results: X server crashes on program exit
Expected Results: X server should have continued running
See attached patch
Created attachment 89625 [details]
Patch to prevent dereferencing NULL pointer
Fixed in XFree86 CVS, will be in my next build.
811. Fix a null dereference in Mesa that can cause an X server crash at
client exit (#A.1548, Ezra Peisach).