From mboxrd@z Thu Jan  1 00:00:00 1970
From: bugzilla-daemon@freedesktop.org
Subject: [Bug 43522] New: matrixview segfaults because of
	_tnl_emit_vertices_to_buffer heap corruption
Date: Sun, 04 Dec 2011 21:49:54 +0000
Message-ID: <bug-43522-502@http.bugs.freedesktop.org/>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org>
Received: from annarchy.freedesktop.org (annarchy.freedesktop.org
	[131.252.210.176])
	by gabe.freedesktop.org (Postfix) with ESMTP id 755609E78F
	for <dri-devel@lists.freedesktop.org>;
	Sun,  4 Dec 2011 13:49:55 -0800 (PST)
List-Unsubscribe: <http://lists.freedesktop.org/mailman/options/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=unsubscribe>
List-Archive: <http://lists.freedesktop.org/archives/dri-devel>
List-Post: <mailto:dri-devel@lists.freedesktop.org>
List-Help: <mailto:dri-devel-request@lists.freedesktop.org?subject=help>
List-Subscribe: <http://lists.freedesktop.org/mailman/listinfo/dri-devel>,
	<mailto:dri-devel-request@lists.freedesktop.org?subject=subscribe>
Sender: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org
Errors-To: dri-devel-bounces+sf-dri-devel=m.gmane.org@lists.freedesktop.org
To: dri-devel@lists.freedesktop.org
List-Id: dri-devel@lists.freedesktop.org

https://bugs.freedesktop.org/show_bug.cgi?id=43522

             Bug #: 43522
           Summary: matrixview segfaults because of
                    _tnl_emit_vertices_to_buffer heap corruption
    Classification: Unclassified
           Product: Mesa
           Version: 7.11
          Platform: x86 (IA32)
        OS/Version: Linux (All)
            Status: NEW
          Severity: normal
          Priority: medium
         Component: Drivers/DRI/Savage
        AssignedTo: dri-devel@lists.freedesktop.org
        ReportedBy: bugzi11.fdo.tormod@xoxy.net


Created attachment 54114
  --> https://bugs.freedesktop.org/attachment.cgi?id=54114
gdb session with backtrace from corruption

The matrixview screensaver hack from rss-glx (Really Slick Screensavers Port to
GLX) segfaults very reproducibly on my savage laptop. The
_swrast_context->InvalidateState function pointer gets overwritten and
_swrast_InvalidateState segfaults.

I have tracked this down to emit_viewport4_bgra4_st2() from
src/mesa/tnl/t_vertex_generic.c (see attached gdb session).

This happens with or without MESA_NO_CODEGEN=1 but gdb made more sense with it.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.