nv50_pre_pipebuffer_map references screen->cur_ctx which points
to freed memory after the context is destroyed.
This crash is easily triggerable by progs/xdemos/glxcontexts.
---
src/gallium/drivers/nv50/nv50_context.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/gallium/drivers/nv50/nv50_context.c
b/src/gallium/drivers/nv50/nv50_context.c
index d598f0e..952741c 100644
--- a/src/gallium/drivers/nv50/nv50_context.c
+++ b/src/gallium/drivers/nv50/nv50_context.c
@@ -82,6 +82,10 @@ nv50_destroy(struct pipe_context *pipe)
so_ref(NULL, &nv50->state.vtxattr);
draw_destroy(nv50->draw);
+
+ if (nv50->screen->cur_ctx == nv50)
+ nv50->screen->cur_ctx = NULL;
+
FREE(nv50);
}
--
1.6.6
_______________________________________________
Nouveau mailing list
Nouveau@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/nouveau
