mesa: fix crash in st/mesa after deleting a VAO
This happens when glGetMultisamplefv (or any other non-draw function) is called, which doesn't invoke the VBO module to update _DrawArrays and the pointer is invalid at that point. However st/mesa still dereferences it to setup vertex buffers ==> crash. Reviewed-by: Brian Paul <brianp@vmware.com>
This commit is contained in:
Marek Olšák
@@ -427,6 +427,21 @@ bind_vertex_array(struct gl_context *ctx, GLuint id, GLboolean genRequired)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ctx->Array.DrawMethod == DRAW_ARRAYS) {
|
||||||
|
/* The _DrawArrays pointer is pointing at the VAO being unbound and
|
||||||
|
* that VAO may be in the process of being deleted. If it's not going
|
||||||
|
* to be deleted, this will have no effect, because the pointer needs
|
||||||
|
* to be updated by the VBO module anyway.
|
||||||
|
*
|
||||||
|
* Before the VBO module can update the pointer, we have to set it
|
||||||
|
* to NULL for drivers not to set up arrays which are not bound,
|
||||||
|
* or to prevent a crash if the VAO being unbound is going to be
|
||||||
|
* deleted.
|
||||||
|
*/
|
||||||
|
ctx->Array._DrawArrays = NULL;
|
||||||
|
ctx->Array.DrawMethod = DRAW_NONE;
|
||||||
|
}
|
||||||
|
|
||||||
ctx->NewState |= _NEW_ARRAY;
|
ctx->NewState |= _NEW_ARRAY;
|
||||||
_mesa_reference_vao(ctx, &ctx->Array.VAO, newObj);
|
_mesa_reference_vao(ctx, &ctx->Array.VAO, newObj);
|
||||||
|
|
||||||
|
|||||||
@@ -1640,6 +1640,17 @@ struct gl_vertex_array_object
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/** Used to signal when transitioning from one kind of drawing method
|
||||||
|
* to another.
|
||||||
|
*/
|
||||||
|
typedef enum {
|
||||||
|
DRAW_NONE, /**< Initial value only */
|
||||||
|
DRAW_BEGIN_END,
|
||||||
|
DRAW_DISPLAY_LIST,
|
||||||
|
DRAW_ARRAYS
|
||||||
|
} gl_draw_method;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Vertex array state
|
* Vertex array state
|
||||||
*/
|
*/
|
||||||
@@ -1679,6 +1690,9 @@ struct gl_array_attrib
|
|||||||
* The array pointer is set up only by the VBO module.
|
* The array pointer is set up only by the VBO module.
|
||||||
*/
|
*/
|
||||||
const struct gl_client_array **_DrawArrays; /**< 0..VERT_ATTRIB_MAX-1 */
|
const struct gl_client_array **_DrawArrays; /**< 0..VERT_ATTRIB_MAX-1 */
|
||||||
|
|
||||||
|
/** One of the DRAW_xxx flags, not consumed by drivers */
|
||||||
|
gl_draw_method DrawMethod;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -57,18 +57,6 @@
|
|||||||
#include "vbo_save.h"
|
#include "vbo_save.h"
|
||||||
|
|
||||||
|
|
||||||
/** Used to signal when transitioning from one kind of drawing method
|
|
||||||
* to another.
|
|
||||||
*/
|
|
||||||
enum draw_method
|
|
||||||
{
|
|
||||||
DRAW_NONE, /**< Initial value only */
|
|
||||||
DRAW_BEGIN_END,
|
|
||||||
DRAW_DISPLAY_LIST,
|
|
||||||
DRAW_ARRAYS
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
struct vbo_context {
|
struct vbo_context {
|
||||||
struct gl_client_array currval[VBO_ATTRIB_MAX];
|
struct gl_client_array currval[VBO_ATTRIB_MAX];
|
||||||
|
|
||||||
@@ -83,8 +71,6 @@ struct vbo_context {
|
|||||||
* is responsible for initiating any fallback actions required:
|
* is responsible for initiating any fallback actions required:
|
||||||
*/
|
*/
|
||||||
vbo_draw_func draw_prims;
|
vbo_draw_func draw_prims;
|
||||||
|
|
||||||
enum draw_method last_draw_method;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -122,11 +108,11 @@ get_program_mode( struct gl_context *ctx )
|
|||||||
* that arrays may be changing.
|
* that arrays may be changing.
|
||||||
*/
|
*/
|
||||||
static inline void
|
static inline void
|
||||||
vbo_draw_method(struct vbo_context *vbo, enum draw_method method)
|
vbo_draw_method(struct vbo_context *vbo, gl_draw_method method)
|
||||||
{
|
{
|
||||||
if (vbo->last_draw_method != method) {
|
struct gl_context *ctx = vbo->exec.ctx;
|
||||||
struct gl_context *ctx = vbo->exec.ctx;
|
|
||||||
|
|
||||||
|
if (ctx->Array.DrawMethod != method) {
|
||||||
switch (method) {
|
switch (method) {
|
||||||
case DRAW_ARRAYS:
|
case DRAW_ARRAYS:
|
||||||
ctx->Array._DrawArrays = vbo->exec.array.inputs;
|
ctx->Array._DrawArrays = vbo->exec.array.inputs;
|
||||||
@@ -142,7 +128,7 @@ vbo_draw_method(struct vbo_context *vbo, enum draw_method method)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ctx->NewDriverState |= ctx->DriverFlags.NewArray;
|
ctx->NewDriverState |= ctx->DriverFlags.NewArray;
|
||||||
vbo->last_draw_method = method;
|
ctx->Array.DrawMethod = method;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -82,21 +82,6 @@ void vbo_exec_invalidate_state( struct gl_context *ctx, GLuint new_state )
|
|||||||
|
|
||||||
if (!exec->validating && new_state & (_NEW_PROGRAM|_NEW_ARRAY)) {
|
if (!exec->validating && new_state & (_NEW_PROGRAM|_NEW_ARRAY)) {
|
||||||
exec->array.recalculate_inputs = GL_TRUE;
|
exec->array.recalculate_inputs = GL_TRUE;
|
||||||
|
|
||||||
/* If we ended up here because a VAO was deleted, the _DrawArrays
|
|
||||||
* pointer which pointed to the VAO might be invalid now, so set it
|
|
||||||
* to NULL. This prevents crashes in driver functions like Clear
|
|
||||||
* where driver state validation might occur, but the vbo module is
|
|
||||||
* still in an invalid state.
|
|
||||||
*
|
|
||||||
* Drivers should skip vertex array state validation if _DrawArrays
|
|
||||||
* is NULL. It also has no effect on performance, because attrib
|
|
||||||
* bindings will be recalculated anyway.
|
|
||||||
*/
|
|
||||||
if (vbo->last_draw_method == DRAW_ARRAYS) {
|
|
||||||
ctx->Array._DrawArrays = NULL;
|
|
||||||
vbo->last_draw_method = DRAW_NONE;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (new_state & _NEW_EVAL)
|
if (new_state & _NEW_EVAL)
|
||||||
|
|||||||
Reference in New Issue
Block a user