Fence has pointer to the associated egl::Display.
I think the assumption that getDisplay() returns a valid display in the Fence destructor is wrong.
I'm trying to fix a crash in the field that looks like this:
Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x00000000 )
0x69582e38 [libglesv2.dll - fence.cpp:27 gl::Fence::~Fence()
0x69582f29 [libglesv2.dll + 0x00022f29] gl::Fence::`scalar deleting destructor'(unsigned int)
0x6958077d [libglesv2.dll - context.cpp:1020 gl::Context::deleteFence(unsigned int)
0x69582b9b [libglesv2.dll - context.cpp:195 gl::Context::~Context()
0x69582dcb [libglesv2.dll + 0x00022dcb] gl::Context::`scalar deleting destructor'(unsigned int)
0x69582df2 [libglesv2.dll - context.cpp:4259 glDestroyContext
0x73166ab8 [libegl.dll - display.cpp:768 egl::Display::destroyContext(gl::Context *)
0x73168393 [libegl.dll - libegl.cpp:861 eglDestroyContext
0x6e18f1db [chrome.dll - gl_context_egl.cc:76 gfx::GLContextEGL::Destroy()
0x6e18f40d [chrome.dll - gl_context_egl.cc:43 gfx::GLContextEGL::~GLContextEGL()
Here's the disassembly:
69582E21 push esi
69582E22 mov esi,ecx
69582E24 cmp dword ptr [esi+4],0
69582E28 mov dword ptr [esi],695CBBE0h
69582E2E je 69582E3F
69582E30 call 695743F5 // this is getDisplay()
69582E35 push dword ptr [esi+4]
69582E38 mov edx,dword ptr [eax] // crashes here because EAX is zero
69582E3A mov ecx,eax
69582E3C call dword ptr [edx+24h] // this is freeEventQuery()
69582E3F pop esi
69582E40 ret
It looks like getDisplay() returns null.
http://code.google.com/p/chromium/issues/detail?id=117817
Review URL: https://codereview.appspot.com/5875044
git-svn-id: http://angleproject.googlecode.com/svn/trunk@1008 736b8ea6-26fd-11df-bfd4-992fa37f6226
4 files changed
