Red Hat Bugzilla – Bug 82866
Xserver crashes in Mesa context cleanup handling
Last modified: 2007-04-18 12:50:24 EDT
From Bugzilla Helper: User-Agent: Mozilla/4.79C-SGI [en] (X11; I; IRIX 6.5 IP32) Description of problem: I have an application that opens a GL context - but then due to a bug - dies. The Xserver seeing that the application has closed, attempts to cleanup memory. In xc/extras/Mesa/src/tnl a memory cache is maintained of the last freed memory. _tnl_DestroyContext will call _tnl_free_immediate with a pointer to this memory - which may be a NULL pointer. _tnl_free_immediate assumes that the pointer passed to it is valid. There are two possible fixes - either in tnl_free_immediate - to detect a NULL pointer or _tnl_DestroyContext. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Run a specific program I cannot send - but I will work on a minimal coding example. 2. 3. Actual Results: X server crashes on program exit Expected Results: X server should have continued running Additional info: See attached patch
Created attachment 89625 [details] Patch to prevent dereferencing NULL pointer
Fixed in XFree86 CVS, will be in my next build. 811. Fix a null dereference in Mesa that can cause an X server crash at client exit (#A.1548, Ezra Peisach).