From: bugzilla-daemon@freedesktop.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 65968] Massive memory corruption in Planetary Annihilation Alpha
Date: Tue, 14 Feb 2017 17:50:21 +0000 [thread overview]
Message-ID: <bug-65968-502-86uiUmpeFD@http.bugs.freedesktop.org/> (raw)
In-Reply-To: <bug-65968-502@http.bugs.freedesktop.org/>
[-- Attachment #1.1: Type: text/plain, Size: 1354 bytes --]
https://bugs.freedesktop.org/show_bug.cgi?id=65968
Andreas Ringlstetter <andreas.ringlstetter@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |INVALID
--- Comment #12 from Andreas Ringlstetter <andreas.ringlstetter@gmail.com> ---
It's a bug in PA itself, not in Mesa.
The root cause is a race condition on the shared buffer which is used to
transfer the rendered HTML UI from the Coherent host process back to PA.
There is a missing mutex inside PA when the buffer gets reallocated as a result
of a window resize event. Effectively, this results in a use-after-free by the
render thread of the PA process.
The faster the realloc, the lower the chance of this bug occurring.
It's also subject to possibly missing protections against use after free
conditions on previously shared buffers. And also to the memory allocation
strategy, as a reuse of the same memory region without a clear leads to the
most visible effect.
Unfortunately, various Mesa drivers so not wipe the video memory after a buffer
was returned to the global pool!
--
You are receiving this mail because:
You are the assignee for the bug.
[-- Attachment #1.2: Type: text/html, Size: 2919 bytes --]
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
dri-devel mailing list
dri-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dri-devel
prev parent reply other threads:[~2017-02-14 17:50 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-20 12:55 [Bug 65968] New: Massive memory corruption in Planetary Annihilation Alpha bugzilla-daemon
2013-06-20 12:56 ` [Bug 65968] " bugzilla-daemon
2013-06-20 12:56 ` bugzilla-daemon
2013-06-20 12:58 ` bugzilla-daemon
2013-06-20 13:10 ` bugzilla-daemon
2013-06-20 13:57 ` bugzilla-daemon
2013-06-22 11:47 ` bugzilla-daemon
2013-06-22 12:34 ` bugzilla-daemon
2017-02-10 3:04 ` bugzilla-daemon
2017-02-10 3:11 ` bugzilla-daemon
2017-02-10 3:51 ` bugzilla-daemon
2017-02-14 5:21 ` bugzilla-daemon
2017-02-14 12:03 ` bugzilla-daemon
2017-02-14 17:50 ` bugzilla-daemon [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-65968-502-86uiUmpeFD@http.bugs.freedesktop.org/ \
--to=bugzilla-daemon@freedesktop.org \
--cc=dri-devel@lists.freedesktop.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).