vrend: unbind texture target after allocating a new texture (!231) · Merge requests · virgl / virglrenderer

Gert Wollny requested to merge gerddie/virglrenderer:fix-sampler-view-zombie-take2 into master May 01, 2019

If a texture is bound in a GL context the texture object will not be destroyed by the driver even if the program using the texture freed it. At least with mesa Gallium drivers the effect that these texture objects also hold references to sampler views that might have been created and destroyed in sub-contexts. Now, when a new texture is allocated and bound to the corresponding texture target, the old texture will finally be destroyed at this point, and by doing so it will try to access these already destroyed sampler views, resulting in a use after free.

Consequently, unbind the texture in context 0 after it has been allocated, so that the driver doesn't hold an additional reference to it that inhibits its destruction of the texture when the guest program requests this.

Closes #98 (closed)

vrend: unbind texture target after allocating a new texture

Merge request reports