[PATCH 9/9] dri2: Fix corner case crash for swaplimit > 1
Michel Dänzer
michel at daenzer.net
Thu Feb 16 01:46:14 PST 2012
On Don, 2012-02-16 at 00:45 +0100, Mario Kleiner wrote:
> If a swaplimit > 1 is set on a server which
> supports the swaplimit api (XOrg 1.12.0+),
> the following can happen:
>
> 1. Client calls glXSwapBuffersMscOML() with a
> swap target > 1 vblank in the future, or a
> client calls glXSwapbuffers() while the swap
> interval is set to > 1 (unusual but possible).
>
> 2. nouveau_dri2_finish_swap() is therefore called
> only at the target vblank, instead of immediately.
>
> 3. Because of the deferred execution of
> nouveu_dri2_finish_swap(), the OpenGL client
> can call x-servers DRI2GetBuffersWithFormat()
> before nouveau_dri2_finish_swap() executes and
> it deletes pixmaps that would be needed by
> nouveau_dri2_finish_swap() --> Segfault --> Crash.
Pixmaps are reference counted, so it should be possible to fix this via
proper reference counting.
--
Earthling Michel Dänzer | http://www.amd.com
Libre software enthusiast | Debian, X and DRI developer
More information about the xorg-devel
mailing list