Stack Smashing in Linux Endeavour OS
orderorder opened this issue · comments
[Startup] TFE_System::init
[Display] Fullscreen enabled.
[Display] Vertical Sync enabled.
[RenderBackend] OpenGL Device Tier: 3
[Startup] TFE_AudioSystem::init
[Audio] Attempting to initialize Audio System using API 'Linux ALSA'.
[Audio] Default Audio Output ID: 0.
[Audio] Device Count: 10.
[Audio] Device: 'default', ID: 0, Output Channel Count: 64.
[Audio] Device: 'hw:HDA ATI HDMI,3', ID: 1, Output Channel Count: 8.
[Audio] Device: 'hw:HDA ATI HDMI,7', ID: 2, Output Channel Count: 8.
[Audio] Device: 'hw:HDA ATI HDMI,8', ID: 3, Output Channel Count: 8.
[Audio] Device: 'hw:HDA ATI HDMI,9', ID: 4, Output Channel Count: 8.
[Audio] Device: 'hw:HDA ATI HDMI,10', ID: 5, Output Channel Count: 8.
[Audio] Device: 'hw:HDA ATI HDMI,11', ID: 6, Output Channel Count: 2.
[Audio] Device: 'hw:HD-Audio Generic,0', ID: 7, Output Channel Count: 6.
[Audio] Device: 'hw:HD-Audio Generic,1', ID: 8, Output Channel Count: 2.
[Audio] Device: 'hw:HD-Audio Generic,2', ID: 9, Output Channel Count: 0.
[Audio] Audio initialized using API 'Linux ALSA'.
[Audio] Starting up audio stream for device 'default', id 0.
[Startup] TFE_MidiPlayer::init
[Startup] TFE_Polygon::init
[Startup] TFE_Image::init
[Startup] TFE_FrontEndUI::init
[MemoryRegion] Allocated new memory block in region 'game' - new size is 1 blocks, total size is '8388608'
[MemoryRegion] Allocated new memory block in region 'level' - new size is 1 blocks, total size is '8388608'
[Error : a11y] Couldn't find font file at ; falling back to default font
*** stack smashing detected ***: terminated
[Error : CrashHandler] Received Signal 6 errno 10149 code 0
[Error : CrashHandler] Backtrace 9:
[Error : CrashHandler] 000 ./theforceengine(+0x1ac419) [0x56484ebaa419]
[Error : CrashHandler] 001 /usr/lib/libc.so.6(+0x3e710) [0x7f7d9ba3e710]
[Error : CrashHandler] 002 /usr/lib/libc.so.6(+0x8e83c) [0x7f7d9ba8e83c]
[Error : CrashHandler] 003 /usr/lib/libc.so.6(raise+0x18) [0x7f7d9ba3e668]
[Error : CrashHandler] 004 /usr/lib/libc.so.6(abort+0xd7) [0x7f7d9ba264b8]
[Error : CrashHandler] 005 /usr/lib/libc.so.6(+0x27390) [0x7f7d9ba27390]
[Error : CrashHandler] 006 /usr/lib/libc.so.6(+0x11f17b) [0x7f7d9bb1f17b]
[Error : CrashHandler] 007 /usr/lib/libc.so.6(+0x120486) [0x7f7d9bb20486]
[Error : CrashHandler] 008 ./theforceengine(+0x1c447) [0x56484ea1a447]
zsh: IOT instruction (core dumped) ./theforceengine
I get the same error on NixOS.
Same on Fedora.
Rebuilding with debug symbols, I get a completely bogus stack trace:
(gdb) bt
#0 0x0000000000000000 in ?? ()
This gets the system up and running, so it appears to be something in accessibility (adding @kevinfoley ).
diff --git a/TheForceEngine/TFE_A11y/accessibility.cpp b/TheForceEngine/TFE_A11y/accessibility.cpp
index b448a4b..7d772af 100644
--- a/TheForceEngine/TFE_A11y/accessibility.cpp
+++ b/TheForceEngine/TFE_A11y/accessibility.cpp
@@ -86,16 +86,17 @@ namespace TFE_A11Y // a11y is industry slang for accessibility
static std::vector<Caption> s_exampleCaptions;
static std::map<string, ImFont*> s_fontMap;
static ImFont* s_currentCaptionFont;
static string s_pendingFontPath;
// Initialize the Accessibility system. Only call this once on application launch.
void init()
{
+return;
assert(s_status == CC_NOT_LOADED);
CCMD("showCaption", enqueueCaption, 1, "Display a test caption. Example: showCaption \"Hello, world\"");
CVAR_BOOL(s_logSFXNames, "d_logSFXNames", CVFLAG_DO_NOT_SERIALIZE, "If enabled, log the name of each sound effect that plays.");
findCaptionFiles();
findFontFiles();
}
@classilla Thanks. Please test the possible fix by maxz at #331 . I don't have a Linux dev environment set up right now, but I'll work on setting one up.
I have that already applied, but that doesn't fix the crash here.
@classilla Thanks for clarifying. I'll try to get a Fedora dev environment set up in the next few days so that I can troubleshoot this thoroughly. In the meantime, your workaround of simply skipping A11y initialization will work fine as long as you don't try to go into the Accessibility settings menu.
One thing I noticed in accessibility.cpp::143:
sprintf(programFontsDir, "Fonts/");
TFE_Paths::mapSystemPath(programFontsDir);
mapSystemPath() expects a path to a file, not a directory.
This of course works on windows since a) it's a noop, and b) windows will keep opening files at where you put the binary/what you set as root in visual studio I suppose.
I'll try to find a solution.
The crash is here, at TFE_A11y/accessibility.cpp::216:
TFE_Settings::getA11ySettings()->lastFontPath = path;
It crashes at the string to string assignment. Don't yet know why, on the surface it looks innocent...
This here fixes startup for me:
diff --git a/TheForceEngine/TFE_A11y/accessibility.cpp b/TheForceEngine/TFE_A11y/accessibility.cpp
index 71980ef5..3037b10d 100644
--- a/TheForceEngine/TFE_A11y/accessibility.cpp
+++ b/TheForceEngine/TFE_A11y/accessibility.cpp
@@ -208,12 +208,16 @@ namespace TFE_A11Y // a11y is industry slang for accessibility
}
assert(s_currentCaptionFont != nullptr);
- char name[256];
- FileUtil::getFileNameFromPath(path.c_str(), name);
+ char name[TFE_MAX_PATH];
+ char pp[TFE_MAX_PATH];
+ memset(name, 0, TFE_MAX_PATH);
+ memset(pp, 0, TFE_MAX_PATH);
+ strncpy(pp, path.c_str(), TFE_MAX_PATH);
+ FileUtil::getFileNameFromPath(pp, name);
s_currentFontFile.name = string(name);
s_currentFontFile.path = path;
- TFE_Settings::getA11ySettings()->lastFontPath = path;
+ TFE_Settings::getA11ySettings()->lastFontPath = string(pp);
}Ok it's a simple buffer overrun: getFileNameFromPath() clears "name" with TFE_MAX_PATH null chars.
Fixed thusly:
--- a/TheForceEngine/TFE_A11y/accessibility.cpp
+++ b/TheForceEngine/TFE_A11y/accessibility.cpp
@@ -208,7 +208,7 @@ namespace TFE_A11Y // a11y is industry slang for accessibility
}
assert(s_currentCaptionFont != nullptr);
- char name[256];
+ char name[TFE_MAX_PATH];
FileUtil::getFileNameFromPath(path.c_str(), name);
s_currentFontFile.name = string(name);
s_currentFontFile.path = path;
That fix work for me
This should be fixed in master now. Thanks everyone for looking into the issue.