projects / mesa.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 902bbda) | patch
nv50: reset TFB bufctx when we no longer hold a reference to the buffers
authorIlia Mirkin <imirkin@alum.mit.edu>
Sat, 19 Mar 2016 15:43:37 +0000 (11:43 -0400)
committerIlia Mirkin <imirkin@alum.mit.edu>
Sat, 19 Mar 2016 17:09:49 +0000 (13:09 -0400)
commitd1b85dbffa0eec2b44bb2a9f339a2617a39730da
treec28234809506f7dbac3452a7922ce78ffa409e2dtree
parent902bbda81b31bacb2a8c60ca6a8ba8ca34ae73d3commit | diff
nv50: reset TFB bufctx when we no longer hold a reference to the buffers

This fix is analogous to commit ff085d014.

This fixes some use-after-free situations in dEQP when an xfb state is
removed, and then a clear is triggered, which only does a partial
validation. It would attempt to read the no-longer-valid buffers,
resulting in crashes.

Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu>
Reviewed-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Cc: "11.1 11.2" <mesa-stable@lists.freedesktop.org>
src/gallium/drivers/nouveau/nv50/nv50_shader_state.c diff | blob | history
src/gallium/drivers/nouveau/nv50/nv50_state.c diff | blob | history