[Mesa-dev] [PATCH] st/dri: Fix dangling pointer to a destroyed dri_drawable

Michel Dänzer michel at daenzer.net
Tue Apr 24 09:01:50 UTC 2018 

Please don't top-post.


On 2018-04-24 10:44 AM, Johan Helsing wrote:
> If the call to dri_destroy_buffer is delayed until the next eglMakeCurrent,
> that would also solve the problem (I'm not sure how that would affect other
> things, though).

Looking at the EGL spec, section 3.5.5 "Destroying Rendering Surfaces"
says about eglDestroySurface:

 All resources associated with surface which were allocated by EGL are
 marked for deletion as soon as possible.

And section 3.7.4 "Context Queries" says:

 If a current surface has been marked for deletion as a result of
 calling eglTerminate or eglDestroySurface, the handle returned by
 eglGetCurrentSurface is not valid, and cannot be passed successfully to
 any other EGL function, [...]

And in appendix E.1 "Updates to EGL 1.4":

 Changes in the revision approved on January 20, 2009:

 • Change object destruction behavior such that object handles become
   invalid immediately after an object is deleted, although the
   underlying object may remain valid if it’s current to a context.

It seems clear from this language that the surface isn't supposed to be
actually destroyed as long as it's current to the context. However, I'm
not sure offhand what needs to be done at which level to achieve that.


> ________________________________
> From: Michel Dänzer <michel at daenzer.net>
> Sent: Tuesday, April 24, 2018 10:36:00 AM
> To: Johan Helsing; Marek Olšák
> Cc: Daniel Stone; pekka.paalanen at collabora.co.uk; ML Mesa-dev
> Subject: Re: [Mesa-dev] [PATCH] st/dri: Fix dangling pointer to a destroyed dri_drawable
> 
> On 2018-04-24 09:13 AM, Johan Helsing wrote:
>> Emil: Your alternative patch won't work because dri_make_current is not necessarily called with NULL after a buffer has been destroyed.
>>
>>
>> The problematic sequence is a pattern we use in QtWayland:
>>
>>
>> //create temporary context
>>
>> surface1 = eglCreateWindowSurface() <-- dri_drawable pointer is malloced
>>
>> eglMakeCurrent(surface1) <-- ctx->dPriv is set
>>
>>
>> // ... (Get some information about available GL extensions etc)
>>
>>
>> eglDestroySurface(surface1) <-- pointer is freed, ctx->dPriv is now dangling
> 
> Is this the problem? The memory pointed to by ctx->dPriv shouldn't be
> freed as long as the surface is bound to the current context?
> 
> 
> --
> Earthling Michel Dänzer               |               http://www.amd.com
> Libre software enthusiast             |             Mesa and X developer
> 
> 
> 
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/mesa-dev
> 


-- 
Earthling Michel Dänzer               |               http://www.amd.com
Libre software enthusiast             |             Mesa and X developer

More information about the mesa-dev mailing list