From 0ef781c1ae04451ac4f184187e900f872cad5f94 Mon Sep 17 00:00:00 2001 From: Marcin Slusarz Date: Wed, 20 Jan 2010 23:27:07 +0100 Subject: [PATCH] nv50: fix crash in nv50_pre_pipebuffer_map (nv50_screen->cur_ctx) nv50_pre_pipebuffer_map references screen->cur_ctx which points to freed memory after the context is destroyed. This crash is easily triggerable by progs/xdemos/glxcontexts. --- src/gallium/drivers/nv50/nv50_context.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/gallium/drivers/nv50/nv50_context.c b/src/gallium/drivers/nv50/nv50_context.c index e2198b189da..5c705ccc8f1 100644 --- a/src/gallium/drivers/nv50/nv50_context.c +++ b/src/gallium/drivers/nv50/nv50_context.c @@ -86,6 +86,10 @@ nv50_destroy(struct pipe_context *pipe) so_ref(NULL, &nv50->state.vtxattr); draw_destroy(nv50->draw); + + if (nv50->screen->cur_ctx == nv50) + nv50->screen->cur_ctx = NULL; + FREE(nv50); } -- 2.30.2