From a69907288d59792fd783f2f1756cde03d4a06f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michel=20D=C3=A4nzer?= Date: Mon, 21 Apr 2014 17:47:15 +0900 Subject: [PATCH] glx: If DRI2GetBuffers changes the GL context, call it again MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit By changing the context, it may also invalidate the DRI2 buffer information, so we need to get that again. Fixes crashes due to use-after-free with LIBGL_ALWAYS_INDIRECT=1 glxgears and piglit. Signed-off-by: Michel Dänzer Signed-off-by: Eric Anholt Reviewed-by: Eric Anholt Reviewed-by: Adam Jackson --- glx/glxdri2.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/glx/glxdri2.c b/glx/glxdri2.c index 7b368d2d6..c756bf570 100644 --- a/glx/glxdri2.c +++ b/glx/glxdri2.c @@ -676,6 +676,13 @@ dri2GetBuffers(__DRIdrawable * driDrawable, if (cx != lastGLContext) { lastGLContext = cx; cx->makeCurrent(cx); + + /* If DRI2GetBuffers() changed the GL context, it may also have + * invalidated the DRI2 buffers, so let's get them again + */ + buffers = DRI2GetBuffers(private->base.pDraw, + width, height, attachments, count, out_count); + assert(lastGLContext == cx); } if (*out_count > MAX_DRAWABLE_BUFFERS) { @@ -727,6 +734,14 @@ dri2GetBuffersWithFormat(__DRIdrawable * driDrawable, if (cx != lastGLContext) { lastGLContext = cx; cx->makeCurrent(cx); + + /* If DRI2GetBuffersWithFormat() changed the GL context, it may also have + * invalidated the DRI2 buffers, so let's get them again + */ + buffers = DRI2GetBuffersWithFormat(private->base.pDraw, + width, height, attachments, count, + out_count); + assert(lastGLContext == cx); } if (*out_count > MAX_DRAWABLE_BUFFERS) {