https://bugs.freedesktop.org/show_bug.cgi?id=110884
--- Comment #1 from Thiago Macieira <thi...@kde.org> ---
As the backtrace shows, scene=0x0, which shouldn't happen. The scene pointer is
obtained in thread_function(), in:
lp_rast_begin( rast,
lp_scene_dequeue( rast->full_scenes, TRUE ) );
The lp_scene_dequeue function is not expected to return NULL, but does:
struct lp_scene *
lp_scene_dequeue(struct lp_scene_queue *queue, boolean wait)
{
struct scene_packet packet;
enum pipe_error ret;
packet.scene = NULL;
ret = util_ringbuffer_dequeue(queue->ring,
&packet.header,
sizeof packet / 4,
wait );
if (ret != PIPE_OK)
return NULL;
return packet.scene;
}
Possibility 1: there was an error. But if that were the case, we'd expect this
to happen with and without LTO.
Possibility 2: Undefined Behaviour in the code. Note how the assigns
packet.scene = NULL, never passes it to util_ringbuffer_dequeue, then returns
it. It passes packet.header and the size of packet:
struct scene_packet {
struct util_packet header;
struct lp_scene *scene;
};
And expects the callee fill it:
for (i = 0; i < ring_packet->dwords; i++) {
packet[i] = ring->buf[ring->tail];
ring->tail++;
ring->tail &= ring->mask;
}
I'll look at the disassembly to confirm possibility 2.
--
You are receiving this mail because:
You are the assignee for the bug.
You are the QA Contact for the bug._______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
