Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40260

Mesa: Off-by-one for newblock allocation in dlist_alloc [rhel-9]

XMLWordPrintable

    • rhel-sst-gpu
    • 15
    • 20
    • 1
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • All
    • None

      What were you trying to do that didn't work?

      Use OpenGL display lists with the software rendering driver in mesa.

      Please provide the package NVR for which bug is seen:

      mesa-23.1.4-2.el8
      mesa-23.3.3-1.el9

      The bug has been fixed in upstream mesa but is only released to versions >= 24.1.x. Related merge request.

      How reproducible:

      Always when preloading jemalloc. Mesa allocates blocks of contiguous 256-element display list nodes. If the number of display list nodes gets close to the end there is not enough space to store the continuation pointer. The bug means that a new block is not allocated early enough and memory holding half of the continuation pointer is overwritten when a new block is allocated later on.

      Steps to reproduce

      We have seen this in our application that is relatively involved to build. I can try and provide a simple example if necessary.

      Expected results

      No segfault.

      Actual results

      Segfaults.

              rh-ee-jexposit Jose Exposito Quintana
              martyn.gigg@gmail.com Martyn Gigg (Inactive)
              David Airlie David Airlie
              Peter Kopec Peter Kopec
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: