[PATCH 9/9] dri2: Fix corner case crash for swaplimit > 1
Mario Kleiner
mario.kleiner at tuebingen.mpg.de
Sun Feb 19 21:17:27 PST 2012
On 02/16/2012 10:46 AM, Michel Dänzer wrote:
> On Don, 2012-02-16 at 00:45 +0100, Mario Kleiner wrote:
>> If a swaplimit> 1 is set on a server which
>> supports the swaplimit api (XOrg 1.12.0+),
>> the following can happen:
>>
>> 1. Client calls glXSwapBuffersMscOML() with a
>> swap target> 1 vblank in the future, or a
>> client calls glXSwapbuffers() while the swap
>> interval is set to> 1 (unusual but possible).
>>
>> 2. nouveau_dri2_finish_swap() is therefore called
>> only at the target vblank, instead of immediately.
>>
>> 3. Because of the deferred execution of
>> nouveu_dri2_finish_swap(), the OpenGL client
>> can call x-servers DRI2GetBuffersWithFormat()
>> before nouveau_dri2_finish_swap() executes and
>> it deletes pixmaps that would be needed by
>> nouveau_dri2_finish_swap() --> Segfault --> Crash.
>
> Pixmaps are reference counted, so it should be possible to fix this via
> proper reference counting.
>
>
Thanks for the tip. I'll try that.
-mario
More information about the xorg-devel
mailing list