virglrenderer crashes because of a use after free error

Invalid read of size 1
==12038==    at 0x4E533A8: vrend_draw_vbo (vrend_renderer.c:3860)
==12038==    by 0x4E7739B: vrend_decode_draw_vbo (vrend_decode.c:422)
==12038==    by 0x4E7739B: vrend_decode_block (vrend_decode.c:1374)
==12038==    by 0x434F93: virgl_cmd_submit_3d (virtio-gpu-3d.c:217)
==12038==    by 0x434F93: virtio_gpu_virgl_process_cmd (virtio-gpu-3d.c:427)
==12038==    by 0x4325D1: virtio_gpu_process_cmdq (virtio-gpu.c:893)
==12038==    by 0x433B94: virtio_gpu_handle_ctrl (virtio-gpu.c:944)
==12038==    by 0x433B94: virtio_gpu_ctrl_bh (virtio-gpu.c:956)
==12038==    by 0x7A63F5: aio_bh_call (async.c:90)
==12038==    by 0x7A63F5: aio_bh_poll (async.c:118)
==12038==    by 0x7A9727: aio_dispatch (aio-posix.c:440)
==12038==    by 0x7A62DD: aio_ctx_dispatch (async.c:261)
==12038==    by 0x79915BD: g_main_dispatch (gmain.c:3234)
==12038==    by 0x79915BD: g_main_context_dispatch (gmain.c:3899)
==12038==    by 0x7A89E1: glib_pollfds_poll (main-loop.c:215)
==12038==    by 0x7A89E1: os_host_main_loop_wait (main-loop.c:238)
==12038==    by 0x7A89E1: main_loop_wait (main-loop.c:497)
==12038==    by 0x4FB66D: main_loop (vl.c:1894)
==12038==    by 0x390DEB: main (vl.c:4628)

Edited Nov 08, 2018 by Gert Wollny

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

virglrenderer crashes because of a use after free error