From ef6b6658f91bd5871739bdb71a08042f26abe389 Mon Sep 17 00:00:00 2001
From: Brian Paul <brianp@vmware.com>
Date: Thu, 15 May 2014 15:49:14 -0600
Subject: [PATCH] mesa: fix double-freeing of dispatch tables inside
 glBegin/End.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

We allocate dispatch tables for BeginEnd and OutsideBeginEnd.  But
when we destroy the context we were freeing the BeginEnd and Exec
tables.  If Exec==BeginEnd we did a double-free.  This would happen
if the context was destroyed while inside a glBegin/End pair.  Now
free the BeginEnd and OutsideBeginEnd pointers.

Cc: "10.1", "10.2" <mesa-stable@lists.freedesktop.org>
Reviewed-by: Michel Dänzer <michel.daenzer@amd.com>
---
 src/mesa/main/context.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mesa/main/context.c b/src/mesa/main/context.c
index 860ae860531..8eb426d5904 100644
--- a/src/mesa/main/context.c
+++ b/src/mesa/main/context.c
@@ -1141,7 +1141,7 @@ _mesa_initialize_context(struct gl_context *ctx,
 fail:
    _mesa_reference_shared_state(ctx, &ctx->Shared, NULL);
    free(ctx->BeginEnd);
-   free(ctx->Exec);
+   free(ctx->OutsideBeginEnd);
    free(ctx->Save);
    return GL_FALSE;
 }
@@ -1242,7 +1242,7 @@ _mesa_free_context_data( struct gl_context *ctx )
 
    /* free dispatch tables */
    free(ctx->BeginEnd);
-   free(ctx->Exec);
+   free(ctx->OutsideBeginEnd);
    free(ctx->Save);
 
    /* Shared context state (display lists, textures, etc) */
-- 
2.30.2