From c4a8c54c3bb31547cba57702ffea99293afef522 Mon Sep 17 00:00:00 2001 From: Ian Romanick Date: Tue, 6 Dec 2011 12:19:39 -0800 Subject: [PATCH] glx: Don't create a shared context if the other context isn't the same kind Each of the DRI, DRI2, and DRISW backends contain code like the following in their create-context routine: if (shareList) { pcp_shared = (struct dri2_context *) shareList; shared = pcp_shared->driContext; } This assumes that the glx_context *shareList is actually the correct derived type. However, if shareList was created as an indirect-rendering context, it will not be the expected type. As a result, shared will contain garbage. This garbage will be passed to the driver, and the driver will probably segfault. This can be observed with the following GLX code: ctx0 = glXCreateContext(dpy, visinfo, NULL, False); ctx1 = glXCreateContext(dpy, visinfo, ctx0, True); Create-context is the only case where this occurs. All other cases where a context is passed to the backend, it is the 'this' pointer (i.e., we got to the backend by call something from ctx->vtable). To work around this, check that the shareList->vtable->destroy method is the same as the destroy method of the expected type. We could also check that shareList->vtable matches the vtable or by adding a "tag" to glx_context to identify the derived type. NOTE: This is a candidate for the 7.11 branch. Signed-off-by: Ian Romanick Reviewed-by: Adam Jackson Reviewed-by: Eric Anholt --- src/glx/dri2_glx.c | 7 +++++++ src/glx/dri_glx.c | 7 +++++++ src/glx/drisw_glx.c | 7 +++++++ 3 files changed, 21 insertions(+) diff --git a/src/glx/dri2_glx.c b/src/glx/dri2_glx.c index 553869a53f9..f929fddcf65 100644 --- a/src/glx/dri2_glx.c +++ b/src/glx/dri2_glx.c @@ -185,6 +185,13 @@ dri2_create_context(struct glx_screen *base, __DRIcontext *shared = NULL; if (shareList) { + /* If the shareList context is not a DRI2 context, we cannot possibly + * create a DRI2 context that shares it. + */ + if (shareList->vtable->destroy != dri2_destroy_context) { + return NULL; + } + pcp_shared = (struct dri2_context *) shareList; shared = pcp_shared->driContext; } diff --git a/src/glx/dri_glx.c b/src/glx/dri_glx.c index 666423a7b15..9365224a696 100644 --- a/src/glx/dri_glx.c +++ b/src/glx/dri_glx.c @@ -587,6 +587,13 @@ dri_create_context(struct glx_screen *base, return NULL; if (shareList) { + /* If the shareList context is not a DRI context, we cannot possibly + * create a DRI context that shares it. + */ + if (shareList->vtable->destroy != dri_destroy_context) { + return NULL; + } + pcp_shared = (struct dri_context *) shareList; shared = pcp_shared->driContext; } diff --git a/src/glx/drisw_glx.c b/src/glx/drisw_glx.c index f6aeda90abb..801ac7d470b 100644 --- a/src/glx/drisw_glx.c +++ b/src/glx/drisw_glx.c @@ -383,6 +383,13 @@ drisw_create_context(struct glx_screen *base, return NULL; if (shareList) { + /* If the shareList context is not a DRISW context, we cannot possibly + * create a DRISW context that shares it. + */ + if (shareList->vtable->destroy != drisw_destroy_context) { + return NULL; + } + pcp_shared = (struct drisw_context *) shareList; shared = pcp_shared->driContext; } -- 2.30.2