Fence has pointer to the associated egl::Display.

I think the assumption that getDisplay() returns a valid display in the Fence destructor is wrong. I'm trying to fix a crash in the field that looks like this: Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 ) 0x69582e38 [libglesv2.dll - fence.cpp:27 gl::Fence::~Fence() 0x69582f29 [libglesv2.dll + 0x00022f29] gl::Fence::`scalar deleting destructor'(unsigned int) 0x6958077d [libglesv2.dll - context.cpp:1020 gl::Context::deleteFence(unsigned int) 0x69582b9b [libglesv2.dll - context.cpp:195 gl::Context::~Context() 0x69582dcb [libglesv2.dll + 0x00022dcb] gl::Context::`scalar deleting destructor'(unsigned int) 0x69582df2 [libglesv2.dll - context.cpp:4259 glDestroyContext 0x73166ab8 [libegl.dll - display.cpp:768 egl::Display::destroyContext(gl::Context *) 0x73168393 [libegl.dll - libegl.cpp:861 eglDestroyContext 0x6e18f1db [chrome.dll - gl_context_egl.cc:76 gfx::GLContextEGL::Destroy() 0x6e18f40d [chrome.dll - gl_context_egl.cc:43 gfx::GLContextEGL::~GLContextEGL() Here's the disassembly: 69582E21 push esi 69582E22 mov esi,ecx 69582E24 cmp dword ptr [esi+4],0 69582E28 mov dword ptr [esi],695CBBE0h 69582E2E je 69582E3F 69582E30 call 695743F5 // this is getDisplay() 69582E35 push dword ptr [esi+4] 69582E38 mov edx,dword ptr [eax] // crashes here because EAX is zero 69582E3A mov ecx,eax 69582E3C call dword ptr [edx+24h] // this is freeEventQuery() 69582E3F pop esi 69582E40 ret It looks like getDisplay() returns null. http://code.google.com/p/chromium/issues/detail?id=117817 Review URL: https://codereview.appspot.com/5875044 git-svn-id: https://angleproject.googlecode.com/svn/trunk@1008 736b8ea6-26fd-11df-bfd4-992fa37f6226

Fence has pointer to the associated egl::Display.
563c0a53 · apatrick@chromium.org · 73536984 · 563c0a53 · 563c0a53 · 563c0a53
Commit 563c0a53 authored Mar 23, 2012 by apatrick@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 7 deletions

version.h src/common/version.h +1 -1

Context.cpp src/libGLESv2/Context.cpp +1 -1

Fence.cpp src/libGLESv2/Fence.cpp +5 -4

Fence.h src/libGLESv2/Fence.h +7 -1

No files found.
--- a/src/common/version.h
+++ b/src/common/version.h
 #define MAJOR_VERSION 1
 #define MINOR_VERSION 0
 #define BUILD_VERSION 0
-#define BUILD_REVISION 1007
+#define BUILD_REVISION 1008
 #define STRINGIFY(x) #x
 #define MACRO_STRINGIFY(x) STRINGIFY(x)

--- a/src/libGLESv2/Context.cpp
+++ b/src/libGLESv2/Context.cpp
@@ -940,7 +940,7 @@ GLuint Context::createFence()
 {
    GLuint handle = mFenceHandleAllocator.allocate();
-    mFenceMap[handle] = new Fence;
+    mFenceMap[handle] = new Fence(mDisplay);
    return handle;
 }

--- a/src/libGLESv2/Fence.cpp
+++ b/src/libGLESv2/Fence.cpp
@@ -13,8 +13,9 @@
 namespace gl
 {
-Fence::Fence()
+Fence::Fence(egl::Display* display)
-{ 
+{
+    mDisplay = display;
    mQuery = NULL;
    mCondition = GL_NONE;
    mStatus = GL_FALSE;
@@ -24,7 +25,7 @@ Fence::~Fence()
 {
    if (mQuery != NULL)
    {
-        getDisplay()->freeEventQuery(mQuery);
+        mDisplay->freeEventQuery(mQuery);
    }
 }
@@ -39,7 +40,7 @@ void Fence::setFence(GLenum condition)
 {
    if (!mQuery)
    {
-        mQuery = getDisplay()->allocateEventQuery();
+        mQuery = mDisplay->allocateEventQuery();
        if (!mQuery)
        {
            return error(GL_OUT_OF_MEMORY);

--- a/src/libGLESv2/Fence.h
+++ b/src/libGLESv2/Fence.h
@@ -15,13 +15,18 @@
 #include "common/angleutils.h"
+namespace egl
+{
+class Display;
+}
 namespace gl
 {
 class Fence
 {
  public:
-    Fence();
+    explicit Fence(egl::Display* display);
    virtual ~Fence();
    GLboolean isFence();
@@ -33,6 +38,7 @@ class Fence
  private:
    DISALLOW_COPY_AND_ASSIGN(Fence);
+    egl::Display* mDisplay;
    IDirect3DQuery9* mQuery;
    GLenum mCondition;
    GLboolean mStatus;