Crash inside fixup_vertex

Hi,

I was debugging a crash in SDL-Ball, an open source game.

The crash backtrace is this

(gdb) backtrace
#0 0x00007f77fbc57885 in compile_vertex_list (ctx=ctx@entry=0x55a47f555940) at ../src/mesa/vbo/vbo_save_api.c:746
#1 0x00007f77fbc57e2b in wrap_buffers (ctx=0x55a47f555940) at ../src/mesa/vbo/vbo_save_api.c:868
#2 0x00007f77fbc5842c in upgrade_vertex (ctx=ctx@entry=0x55a47f555940, attr=attr@entry=7, newsz=newsz@entry=2) at ../src/mesa/vbo/vbo_save_api.c:975
#3 0x00007f77fbc586b9 in fixup_vertex (newType=5126, sz=2, attr=7, ctx=0x55a47f555940) at ../src/mesa/vbo/vbo_save_api.c:1079
#4 _save_TexCoord2f (x=0, y=0) at ../src/mesa/vbo/vbo_attrib_tmp.h:268
#5 0x000055a47f2a7d5a in mkDLscene (dl=0x7ffcc50eba9c, tex=...) at main.cpp:2939
#6 0x000055a47f29de3a in main (argc=<optimized out>, argv=<optimized out>) at main.cpp:4056

And the problematic code:

void mkDLscene(GLuint *dl,textureClass tex)
{
  //Scenen
  *dl = glGenLists(1);
  glNewList(*dl,GL_COMPILE);
    glLoadIdentity();
    glTranslatef( 0.0f, 0.0f, -3.0 );
    glColor4f(1.0, 1.0, 1.0, 1.0);
    glEnable(GL_TEXTURE_2D);
    glBindTexture(GL_TEXTURE_2D, tex.prop.texture);
    glBegin( GL_POINTS );
      glVertex3f( -1.60, 1.25, 0.0 );
    glEnd( );
    glBegin( GL_QUADS );
      //venstre kant
      glTexCoord2f(0.0f,0.0f);glVertex3f( -1.66, 1.25, 0.0 ); // <------ HERE specifically
      glTexCoord2f(1.0f,0.0f);glVertex3f( -1.60, 1.25, 0.0 );
      glTexCoord2f(1.0f,-1.0f);glVertex3f( -1.60,-1.25, 0.0 );
      glTexCoord2f(0.0f,-1.0f);glVertex3f( -1.66,-1.25, 0.0 );
      //højre kant
      glTexCoord2f(0.0f,0.0f);glVertex3f( 1.66, 1.25, 0.0 );
      glTexCoord2f(1.0f,0.0f);glVertex3f( 1.60, 1.25, 0.0 );
      glTexCoord2f(1.0f,-1.0f);glVertex3f( 1.60,-1.25, 0.0 );
      glTexCoord2f(0.0f,-1.0f);glVertex3f( 1.66,-1.25, 0.0 );
    glEnd( );
  glEndList();
}

Ubuntu version for libgl1-mesa-dri is 21.0.3-0ubuntu0.3 amd64

this look like a bug in mesa drivers implementation.

grate-driver / mesa

Crash inside fixup_vertex #16