vrend: Fix use-after-free in bound programs

If we bind a GL program with a given id, then destroy the program and
its id, then immediately create another program which ends up with
the same id, we won't be able to tell that a new program needs to be
bound, and we will access freed data. This results in funny crashes.

We fix this by setting the program to 0 when a different shader is
being bound. This will force the draw code to bind the proper program
later on.

This fixes a lot of semi-random crashes. To debug it I used this
particular deqp test which becomes stable with this change:
dEQP-GLES3.functional.draw.draw_elements.triangle_fan.default_attribute

Signed-off-by: Stéphane Marchesin <marcheu@chromium.org>
Tested-by: Robert Foss <robert.foss@collabora.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>

src/vrend_renderer.c

@@ -2382,8 +2382,11 @@ void vrend_bind_shader(struct vrend_context *ctx,
    if (sel->type != type)
       return;
 
-   if (ctx->sub->shaders[sel->type] != sel)
+   if (ctx->sub->shaders[sel->type] != sel) {
       ctx->sub->shader_dirty = true;
+      ctx->sub->prog_ids[sel->type] = 0;
+   }
+
    vrend_shader_state_reference(&ctx->sub->shaders[sel->type], sel);
 }