Comment 11 for bug 44112

This one was easy.

As we can see, _mesa_DeleteTextures( ) calls _mesa_free_texmemory( ), which
expects texImage->Data to be allocated using _mesa_align_malloc( ).
_mesa_align_free( ) expects texImage->Data to be prepended by one word with
actual address to pass to real free( ), but it's not, because tdfx driver uses
stock _mesa_malloc( ) without the alignment part. The bytes before
texImage->Data are garbage, so there's no way it could not crash.

I'll attach a patch in a moment, after I do some more testing (I mean play
QuakeForge, at last).

Oh, my card is PCI Voodoo3 2000. The bug happens in Mesa 6.4.2 (from FC5) and
6.5 (from AIGLX for FC5, both rebuilt for Xorg 7.0 with tdfx_dri.so enabled).
The patch will be against 6.5, because that's what I ended up with.