From cc7dd33d0004e1097c82ca0d9512b6681bdcebcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Brooke?= Date: Sun, 22 Dec 2024 21:14:19 +0100 Subject: [PATCH] rhi: vulkan: fix crash when making readbacks in consecutive frames When requesting a readback every frame, the readback activeFrameSlot alternates between 0 and 1. Suppose we are in currentFrame 1, and process a list of readbacks of slots [1, 0]. First, we skip the readback of slot 0 since it does not match the currentFrame 1. The list thus remains [1, 0]. Then, we process the readback of slot 1, and call activeTextureReadbacks.removeLast(). This removes the readback of slot 0, while in reality we processed the readback of slot 1. The activeTextureReadbacks is now [1], containing a readback for which we called vmaDestroyBuffer(), leading to a crash ("double-free" attempt) in Vulkan on the next function call. To fix this, remove the readback that is actually processed (index i) instead of the last one. Since we iterate backwards, indices remain valid. Change-Id: Idd4296de45167edd0a9da345dcc1c3b6ac71a6d6 Reviewed-by: Laszlo Agocs (cherry picked from commit 73405890b8911dd1a58120665ce63a38281c6ce4) Reviewed-by: Qt Cherry-pick Bot (cherry picked from commit 076a818f7490b7e6b10dc5ae831a447226c00ee0) --- src/gui/rhi/qrhivulkan.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/gui/rhi/qrhivulkan.cpp b/src/gui/rhi/qrhivulkan.cpp index 0ab9cb9dc65..36ce6ea142f 100644 --- a/src/gui/rhi/qrhivulkan.cpp +++ b/src/gui/rhi/qrhivulkan.cpp @@ -4206,7 +4206,7 @@ void QRhiVulkan::finishActiveReadbacks(bool forced) if (readback.result->completed) completedCallbacks.append(readback.result->completed); - activeTextureReadbacks.removeLast(); + activeTextureReadbacks.remove(i); } } @@ -4229,7 +4229,7 @@ void QRhiVulkan::finishActiveReadbacks(bool forced) if (readback.result->completed) completedCallbacks.append(readback.result->completed); - activeBufferReadbacks.removeLast(); + activeBufferReadbacks.remove(i); } }