[Bug 22000] New: Gallium + Indexed rendering = Null pointer dereference

wine-bugs at winehq.org wine-bugs at winehq.org
Wed Mar 10 06:39:08 CST 2010 

http://bugs.winehq.org/show_bug.cgi?id=22000

           Summary: Gallium + Indexed rendering = Null pointer dereference
           Product: Wine
           Version: unspecified
          Platform: x86
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: directx-d3d
        AssignedTo: wine-bugs at winehq.org
        ReportedBy: MostAwesomeDude at gmail.com


Created an attachment (id=26727)
 --> (http://bugs.winehq.org/attachment.cgi?id=26727)
Failed device.ok test in d3d9

First off, I *am* upstream (Mesa/Gallium), so assume they've been contacted. :3

Gallium and indexed rendering are not very happy with each other. I get some
fairly solidly reliable segfaults with both a d3d9 DLL test (device.ok) and
Civ4 (Steam version). Hardware is a Radeon R580 (X1900), driver is r300g from
Mesa git.

I'm attaching four logs. The first two are the original test and Civ4 logs; the
second two are the same, but edited to show the juicy bits.

My current guess, based on the Mesa debug info I dumped, is that the indexed
rendering code is slightly baked and maybe trusting the underlying GL driver a
bit too much.

get_arrays_bounds: Handling 2 attrs
attr 0: stride 16 size 12 start (nil) end 0xfffffffc
attr 1: stride 16 size 4 start 0xc end (nil)
buffer range: (nil) 0xfffffffc range -4 max index 4294967295

So right here (from device.ok) we have interleaved userspace VBO, that is being
prepped inside core Mesa. Two delightful things here; the first attr seems way
off-base, it shouldn't dare be giving us bad pointers, and the second attr's
pointers don't even line up! Compare to a sane program (Mesa's drawarrays):

get_arrays_bounds: Handling 2 attrs
attr 0: stride 16 size 12 start 0x8087020 end 0x808705c
attr 1: stride 16 size 4 start 0x808702c end 0x8087060
buffer range: 0x8087020 0x8087060 range 64 max index 3

r300g doesn't really care. The kernel drops the rendering on the floor for a
variety of reasons, not least being the ridiculous max_index.

But then it segfaults, and I have zero idea why. I'd guess it's something to do
with tossing around NULL pointers like candy, but I'm honestly not sure and I
haven't really dug into the DLL code yet.

-- 
Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email
Do not reply to this email, post in Bugzilla using the
above URL to reply.
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the wine-bugs mailing list