I think the assumption that getDisplay() returns a valid display in the Fence destructor is wrong.

I'm trying to fix a crash in the field that looks like this:

Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )

0x69582e38	 [libglesv2.dll	 - fence.cpp:27	gl::Fence::~Fence()
0x69582f29	 [libglesv2.dll	 + 0x00022f29]	gl::Fence::`scalar deleting destructor'(unsigned int)
0x6958077d	 [libglesv2.dll	 - context.cpp:1020	gl::Context::deleteFence(unsigned int)
0x69582b9b	 [libglesv2.dll	 - context.cpp:195	gl::Context::~Context()
0x69582dcb	 [libglesv2.dll	 + 0x00022dcb]	gl::Context::`scalar deleting destructor'(unsigned int)
0x69582df2	 [libglesv2.dll	 - context.cpp:4259	glDestroyContext
0x73166ab8	 [libegl.dll	 - display.cpp:768	egl::Display::destroyContext(gl::Context *)
0x73168393	 [libegl.dll	 - libegl.cpp:861	eglDestroyContext
0x6e18f1db	 [chrome.dll	 - gl_context_egl.cc:76	gfx::GLContextEGL::Destroy()
0x6e18f40d	 [chrome.dll	 - gl_context_egl.cc:43	gfx::GLContextEGL::~GLContextEGL()

Here's the disassembly:

69582E21  push        esi  
69582E22  mov         esi,ecx 
69582E24  cmp         dword ptr [esi+4],0 
69582E28  mov         dword ptr [esi],695CBBE0h 
69582E2E  je          69582E3F 
69582E30  call        695743F5 // this is getDisplay()
69582E35  push        dword ptr [esi+4] 
69582E38  mov         edx,dword ptr [eax] // crashes here because EAX is zero
69582E3A  mov         ecx,eax 
69582E3C  call        dword ptr [edx+24h] // this is freeEventQuery()
69582E3F  pop         esi  
69582E40  ret   

It looks like getDisplay() returns null.

http://code.google.com/p/chromium/issues/detail?id=117817
Review URL: https://codereview.appspot.com/5875044

git-svn-id: https://angleproject.googlecode.com/svn/trunk@1008 736b8ea6-26fd-11df-bfd4-992fa37f6226