GNOME Bugzilla – Bug 754667
Fix memory corruption in Mesa when destroy a CoglOnscreen
Last modified: 2015-09-07 16:31:19 UTC
On Wayland deinit() of an onscreen buffer is going to destroy the associated native window of an EGLSurface. So we should destroy the EGLSurface as well otherwise we might end up confusing the GL driver. We also currently guard against setting a EGL_NO_SURFACE as current EGLSurface, but this shouldn't be a problem if we have a surfaceless context. So we allow surface destruction under that condition. Traces from valgrind : ==7051== Invalid write of size 8 ==7051== at 0x62BFA46: dri2_wl_destroy_surface (platform_wayland.c:260) ==7051== by 0x62BAC3D: dri2_make_current (egl_dri2.c:1123) ==7051== by 0x62B19DB: eglMakeCurrent (eglapi.c:703) ==7051== by 0x584EF00: _cogl_winsys_egl_make_current (cogl-winsys-egl.c:303) ==7051== by 0x584EF84: bind_onscreen_with_context (cogl-winsys-egl.c:710) ==7051== by 0x57F3392: _cogl_framebuffer_gl_bind (cogl-framebuffer-gl.c:296) ==7051== by 0x57F3BBD: _cogl_framebuffer_gl_flush_state (cogl-framebuffer-gl.c:400) ==7051== by 0x583657F: cogl_framebuffer_clear4f (cogl-framebuffer.c:385) ==7051== by 0x50E4FB3: clutter_root_node_pre_draw (clutter-paint-nodes.c:116) ==7051== by 0x50E7B13: _clutter_paint_node_paint (clutter-paint-node.c:955) ==7051== by 0x50E7B2F: _clutter_paint_node_paint (clutter-paint-node.c:966) ==7051== by 0x5099294: clutter_actor_paint_node (clutter-actor.c:3729) ==7051== by 0x5099294: clutter_actor_continue_paint (clutter-actor.c:4018) ==7051== Address 0x179d5300 is 32 bytes inside a block of size 48 free'd ==7051== at 0x4C29E90: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==7051== by 0x584B571: _cogl_winsys_egl_onscreen_deinit (cogl-winsys-egl-wayland.c:554) ==7051== by 0x584F130: _cogl_winsys_onscreen_deinit (cogl-winsys-egl.c:696) ==7051== by 0x5838851: _cogl_onscreen_free (cogl-onscreen.c:169) ==7051== by 0x5838851: _cogl_object_onscreen_indirect_free (cogl-onscreen.c:53) ==7051== by 0x5844EBB: _cogl_set_framebuffers_real (cogl-framebuffer-deprecated.c:136) ==7051== by 0x5844EBB: _cogl_set_framebuffers (cogl-framebuffer-deprecated.c:157) ==7051== by 0x9C70083: _g_closure_invoke_va (gclosure.c:864) ==7051== by 0x9C8A260: g_signal_emit_valist (gsignal.c:3272) ==7051== by 0x9C8A8B1: g_signal_emit (gsignal.c:3419) ==7051== by 0x5098295: clutter_actor_realize_internal (clutter-actor.c:2021) ==7051== by 0x5098295: clutter_actor_realize (clutter-actor.c:1957) ==7051== by 0x4E3C92F: gtk_clutter_embed_ensure_stage_realized (gtk-clutter-embed.c:301) ==7051== by 0x4E3CC53: gtk_clutter_embed_realize (gtk-clutter-embed.c:578) ==7051== by 0x9C70083: _g_closure_invoke_va (gclosure.c:864)
Created attachment 310796 [details] [review] winsys: wayland: destroy eglsurface when destroying associated native window On Wayland deinit() of an onscreen buffer is going to destroy the associated native window of an EGLSurface. So we should destroy the EGLSurface as well otherwise we might end up confusing the GL driver. We also currently guard against setting a EGL_NO_SURFACE as current EGLSurface, but this shouldn't be a problem if we have a surfaceless context. So we allow surface destruction under that condition.
Feel free to add more relevant people, I'm not sure who's the best person to review this.
Review of attachment 310796 [details] [review]: Looks sensible.
Review of attachment 310796 [details] [review]: Pushed to 1.22 branch.