Bug 82866 - Xserver crashes in Mesa context cleanup handling
Summary: Xserver crashes in Mesa context cleanup handling
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: XFree86
Version: 1.0
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2003-01-27 22:53 UTC by Ezra Peisach
Modified: 2007-04-18 16:50 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2003-01-31 07:54:42 UTC

Attachments (Terms of Use)
Patch to prevent dereferencing NULL pointer (455 bytes, patch)
2003-01-27 22:55 UTC, Ezra Peisach
no flags Details | Diff

Description Ezra Peisach 2003-01-27 22:53:57 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.79C-SGI [en] (X11; I; IRIX 6.5 IP32)

Description of problem:
I have an application that opens a GL context - but then due to a bug - dies.
The Xserver 
seeing that the application has closed, attempts to cleanup memory. 

In xc/extras/Mesa/src/tnl a memory cache is maintained of the last freed memory.
_tnl_DestroyContext will call _tnl_free_immediate with a pointer to this memory
- which may
be a NULL pointer.

_tnl_free_immediate assumes that the pointer passed to it is valid.

There are two possible fixes - either  in tnl_free_immediate - to detect a NULL
pointer or _tnl_DestroyContext.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Run a specific program I cannot send - but I will work on a minimal coding

Actual Results:  X server crashes on program exit

Expected Results:  X server should have continued running

Additional info:

See attached patch

Comment 1 Ezra Peisach 2003-01-27 22:55:26 UTC
Created attachment 89625 [details]
Patch to prevent dereferencing NULL pointer

Comment 2 Mike A. Harris 2003-01-31 07:54:42 UTC
Fixed in XFree86 CVS, will be in my next build.

 811. Fix a null dereference in Mesa that can cause an X server crash at
      client exit (#A.1548, Ezra Peisach).

Note You need to log in before you can comment on or make changes to this bug.