https://bugs.freedesktop.org/show_bug.cgi?id=65968
Andreas Ringlstetter andreas.ringlstetter@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID
--- Comment #12 from Andreas Ringlstetter andreas.ringlstetter@gmail.com --- It's a bug in PA itself, not in Mesa.
The root cause is a race condition on the shared buffer which is used to transfer the rendered HTML UI from the Coherent host process back to PA.
There is a missing mutex inside PA when the buffer gets reallocated as a result of a window resize event. Effectively, this results in a use-after-free by the render thread of the PA process.
The faster the realloc, the lower the chance of this bug occurring. It's also subject to possibly missing protections against use after free conditions on previously shared buffers. And also to the memory allocation strategy, as a reuse of the same memory region without a clear leads to the most visible effect.
Unfortunately, various Mesa drivers so not wipe the video memory after a buffer was returned to the global pool!