bugzilla-daemon at freedesktop.org
2014-Mar-05 20:30 UTC
[Nouveau] [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
https://bugs.freedesktop.org/show_bug.cgi?id=75279
--- Comment #33 from Benoit Jacob <bjacob at mozilla.com> ---
The stack to the free() points to line 203 here, while the stack to where the
free'd data is subsequently used points to line 205 here:
http://cgit.freedesktop.org/mesa/mesa/tree/src/gallium/drivers/nouveau/nouveau_fence.c?id=ce6dd69697ae62d9336bbd4f5808bc4d75cdcc04#n203
if (fence == screen->fence.current)
nouveau_fence_next(screen);
do {
nouveau_fence_update(screen, FALSE); // <--- free here!
if (fence->state == NOUVEAU_FENCE_STATE_SIGNALLED) // <--
use-after-free
return TRUE;
So it seems like nouveau_fence_update (which was apparently inlined) destroys
the fence object... do you need to call nouveau_fence_ref() to keep it alive?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.freedesktop.org/archives/nouveau/attachments/20140305/f1bf7c9b/attachment-0001.html>
Seemingly Similar Threads
- [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
- [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
- [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
- [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
- [Bug 75279] XCloseDisplay() takes one minute around nouveau_dri.so, freezing Firefox startup
Wisdom of the Ancients
