On 12/21/2011 07:29 AM, Jose Fonseca wrote:
Looks a sensible thing to do.
I assume no DRI driver will ever want to hook vtable->destroy. If
that may eventually happen, then may be it is useful to add an
assert(vtable->destroy == dri2_destroy_context) when the context is created.
This particular vtable isn't visible to the driver. It is only used by
the application facing part of GLX and the particular protocol back-end
(DRI, DRI2, indirect GLX, etc.) being used. The other thing I had
thought of checking was that vtable pointed to the correct
glx_screen_vtable (look for dri2_screen_vtable in src/glx/dri2_glx.c).
----- Original Message -----
From: Ian Romanick<ian.d.roman...@intel.com>
Each of the DRI, DRI2, and DRISW backends contain code like the
following in their create-context routine:
if (shareList) {
pcp_shared = (struct dri2_context *) shareList;
shared = pcp_shared->driContext;
}
This assumes that the glx_context *shareList is actually the correct
derived type. However, if shareList was created as an
indirect-rendering context, it will not be the expected type. As a
result, shared will contain garbage. This garbage will be passed to
the driver, and the driver will probably segfault. This can be
observed with the following GLX code:
ctx0 = glXCreateContext(dpy, visinfo, NULL, False);
ctx1 = glXCreateContext(dpy, visinfo, ctx0, True);
Create-context is the only case where this occurs. All other cases
where a context is passed to the backend, it is the 'this' pointer
(i.e., we got to the backend by call something from ctx->vtable).
To work around this, check that the shareList->vtable->destroy method
is the same as the destroy method of the expected type. We could
also
check that shareList->vtable matches the vtable or by adding a "tag"
to glx_context to identify the derived type.
NOTE: This is a candidate for the 7.11 branch.
Signed-off-by: Ian Romanick<ian.d.roman...@intel.com>
---
src/glx/dri2_glx.c | 7 +++++++
src/glx/dri_glx.c | 7 +++++++
src/glx/drisw_glx.c | 7 +++++++
3 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/src/glx/dri2_glx.c b/src/glx/dri2_glx.c
index 553869a..f929fdd 100644
--- a/src/glx/dri2_glx.c
+++ b/src/glx/dri2_glx.c
@@ -185,6 +185,13 @@ dri2_create_context(struct glx_screen *base,
__DRIcontext *shared = NULL;
if (shareList) {
+ /* If the shareList context is not a DRI2 context, we cannot
possibly
+ * create a DRI2 context that shares it.
+ */
+ if (shareList->vtable->destroy != dri2_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct dri2_context *) shareList;
shared = pcp_shared->driContext;
}
diff --git a/src/glx/dri_glx.c b/src/glx/dri_glx.c
index 666423a..9365224 100644
--- a/src/glx/dri_glx.c
+++ b/src/glx/dri_glx.c
@@ -587,6 +587,13 @@ dri_create_context(struct glx_screen *base,
return NULL;
if (shareList) {
+ /* If the shareList context is not a DRI context, we cannot
possibly
+ * create a DRI context that shares it.
+ */
+ if (shareList->vtable->destroy != dri_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct dri_context *) shareList;
shared = pcp_shared->driContext;
}
diff --git a/src/glx/drisw_glx.c b/src/glx/drisw_glx.c
index fbc6be2..f988eeb 100644
--- a/src/glx/drisw_glx.c
+++ b/src/glx/drisw_glx.c
@@ -382,6 +382,13 @@ drisw_create_context(struct glx_screen *base,
return NULL;
if (shareList) {
+ /* If the shareList context is not a DRISW context, we cannot
possibly
+ * create a DRISW context that shares it.
+ */
+ if (shareList->vtable->destroy != drisw_destroy_context) {
+ return NULL;
+ }
+
pcp_shared = (struct drisw_context *) shareList;
shared = pcp_shared->driContext;
}
--
1.7.6.4
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
