Comment 33 for bug 401067

I was able to get this out of valgrind:

==31602== Invalid read of size 8
==31602== at 0xC29C0F4: intelDestroyContext (intel_context.c:877)
==31602== by 0xC28CB7A: driDestroyContext (dri_util.c:545)
==31602== by 0x80FE505: __glXDRIcontextDestroy (glxdri2.c:192)
==31602== by 0x80ED0A1: __glXFreeContext (glxext.c:211)
==31602== by 0x80ECD9F: ContextGone (glxext.c:110)
==31602== by 0x437D55: FreeResourceByType (resource.c:598)
==31602== by 0x80E333F: __glXDisp_DestroyContext (glxcmds.c:370)
==31602== by 0x80ED95E: __glXDispatch (glxext.c:578)
==31602== by 0x439AEC: Dispatch (dispatch.c:445)
==31602== by 0x42678A: main (main.c:285)
==31602== Address 0x1bbdc508 is 8 bytes inside a block of size 144 free'd
==31602== at 0x4C255FD: free (vg_replace_malloc.c:323)
==31602== by 0xC3796CC: _mesa_free (imports.c:85)
==31602== by 0xC28CB33: dri_put_drawable (dri_util.c:516)
==31602== by 0xC28CB50: driDestroyDrawable (dri_util.c:523)
==31602== by 0x80FE2B7: __glXDRIdrawableDestroy (glxdri2.c:105)
==31602== by 0x80ECF57: DrawableGone (glxext.c:163)
==31602== by 0x437C09: FreeResource (resource.c:562)
==31602== by 0x45AED1: CrushTree (window.c:877)
==31602== by 0x45AFF2: DeleteWindow (window.c:914)
==31602== by 0x437C09: FreeResource (resource.c:562)
==31602== by 0x43A78F: ProcDestroyWindow (dispatch.c:751)
==31602== by 0x439AEC: Dispatch (dispatch.c:445)

There's a race. intelDestroyContext() and __glXDRIdrawableDestroy() can be called in either order when the program closes, but the Intel mesa code doesn't do refcounting on the drawable. So if intelDestroyContext() is called second, the drawable is already destroyed and free'd, and may already be overwritten. Crash.