Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Control: tags -1 patch thanks On Mon, Jun 24, 2019 at 03:52:16PM +0200, Bernhard Übelacker wrote: > Attached patch calls EC_KEY_dup just in case of a not null key. > With packages rebuilt in Stretch and Buster with this > patch applied, the same crash does not manifest and a multiplayer > with one nullbot was possible. My man, you are a legend, thank you for the quick patch - I can happily confirm I'm now able to play LAN multiplayer! The packaging is still in a pretty bad state, and apparently the new 3.3.0-beta1 is more stable than 3.2.3, so I'll probably still work on it for after buster: https://salsa.debian.org/emorrp1-guest/warzone2100/ signature.asc Description: PGP signature
Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Dear Maintainer, I just tried to help triaging this bug. This bug manifests in current Stretch/9.9 and also in Buster/testing. In the call to function setMultiStats a temporary PLAYERSTATS object gets constructed from the reference returned by getMultiStats. Therefore the copy constructor of EcKey for the member identity is called, which unfortunately unconditionally calls EC_KEY_dup, which seems not able to handle an null pointer as ec_key. Attached patch calls EC_KEY_dup just in case of a not null key. With packages rebuilt in Stretch and Buster with this patch applied, the same crash does not manifest and a multiplayer with one nullbot was possible. Could not find an upstream bug similar to this. Kind regards, Bernhard (gdb) bt #0 EC_KEY_dup (ec_key=0x0) at ../crypto/ec/ec_key.c:156 #1 0x558068cc in EcKey::EcKey (this=0x7fffad00, b=...) at crc.cpp:248 #2 0x556afd0a in PLAYERSTATS::PLAYERSTATS (this=0x7ffface0) at multistat.h:31 #3 setupNewPlayer (player=player@entry=0) at multijoin.cpp:473 #4 0x556afe5c in MultiPlayerJoin (playerIndex=0) at multijoin.cpp:350 #5 0x557d0157 in NEThostGame (SessionName=SessionName@entry=0x55f234e3 "Mein Spiel", PlayerName=PlayerName@entry=0x55f20520 "Spieler", one=14, two=two@entry=0, three=three@entry=0, four=four@entry=0, plyrs=4) at netplay.cpp:2780 #6 0x556b5e5d in hostCampaign (sGame=sGame@entry=0x55f234e3 "Mein Spiel", sPlayer=sPlayer@entry=0x55f20520 "Spieler") at multiopt.cpp:259 #7 0x556ab2d3 in processMultiopWidgets (id=10276) at multiint.cpp:3072 #8 0x556ada6c in runMultiOptions () at multiint.cpp:3751 #9 0x55799ea5 in titleLoop () at wrappers.cpp:176 #10 0x5567ddc5 in runTitleLoop () at main.cpp:923 #11 mainLoop () at main.cpp:995 #12 0x55804ccc in wzMainEventLoop () at main_sdl.cpp:1601 #13 0x5567ea97 in realmain (argc=, argv=) at main.cpp:1329 #14 0x72b642e1 in __libc_start_main (main=0x555d0df0 , argc=1, argv=0x7fffe668, init=, fini=, rtld_fini=, stack_end=0x7fffe658) at ../csu/libc-start.c:291 #15 0x555d0fea in _start () Description: Avoid calling EC_KEY_dup with null pointer Author: Bernhard Ãbelacker Bug-Debian: https://bugs.debian.org/930942 Forwarded: no Last-Update: 2019-06-24 --- warzone2100-3.2.1.orig/lib/framework/crc.cpp +++ warzone2100-3.2.1/lib/framework/crc.cpp @@ -245,7 +245,9 @@ EcKey::EcKey() EcKey::EcKey(EcKey const ) { - vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey); + vKey = nullptr; + if (!b.empty()) + vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey); } EcKey::EcKey(EcKey &) @@ -262,7 +264,8 @@ EcKey::~EcKey() EcKey ::operator =(EcKey const ) { clear(); - vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey); + if (!b.empty()) + vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey); return *this; } # Stretch/9.9 qemu amd64 VM 2019-06-24 apt update apt dist-upgrade apt install systemd-coredump xserver-xorg lightdm openbox mc gdb fakeroot warzone2100 warzone2100-dbgsym libssl1.1-dbgsym apt build-dep warzone2100 mkdir /home/benutzer/source/libssl1.1/orig -p cd/home/benutzer/source/libssl1.1/orig apt source libssl1.1 cd mkdir /home/benutzer/source/warzone2100/orig -p cd/home/benutzer/source/warzone2100/orig apt source warzone2100 cd reboot export DISPLAY=:0 gdb -q \ -ex 'set width 0' \ -ex 'set pagination off' \ -ex 'directory /home/benutzer/source/libssl1.1/orig/openssl-1.1.0j/crypto' \ -ex 'directory /home/benutzer/source/warzone2100/orig/warzone2100-3.2.1/lib/framework' \ -ex 'directory /home/benutzer/source/warzone2100/orig/warzone2100-3.2.1/src' \ -ex 'run' \ --args warzone2100 benutzer@debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run' --args warzone2100 Reading symbols from warzone2100...(no debugging symbols found)...done. Starting program: /usr/games/warzone2100 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe63a7700 (LWP 3843)] info|02:03:13: [realmain:1146] Using /home/benutzer/.warzone2100-3.2/logs/WZlog-0624_140313.txt debug file [New Thread 0x7fffe5b19700 (LWP 3850)] [New Thread 0x7fffdc72c700 (LWP 3853)] [New Thread 0x7fffdbf2b700 (LWP 3854)] [New Thread 0x7fffdb72a700 (LWP 3855)] [New Thread 0x7fffdaf29700 (LWP 3856)] [New Thread 0x7fffda728700 (LWP 3857)] [New Thread 0x7fffd9f27700 (LWP 3858)] [New Thread 0x7fffd9726700 (LWP 3859)] [New Thread 0x7fffd8f25700 (LWP 3860)] [New Thread 0x7fffd7925700 (LWP 3861)] [Thread 0x7fffd7925700 (LWP 3861) exited] ALSA lib confmisc.c:767:(parse_card) cannot find card '0' ALSA lib conf.c:4528:(_snd_config_evaluate) function snd_func_card_driver returned error: Datei oder Verzeichnis nicht gefunden ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings ALSA lib conf.c:4528:(_snd_config_evaluate) function snd_func_concat returned
Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Package: warzone2100 Version: 3.2.1-2 Severity: important Multi Player -> Host Game -> Start Hosting Game This is reliably reproducible on a variety of amd64 hardware: desktop, laptop, netbook, dedicated, integrated graphics. See attached debug log after installing gdb. I intend to try upgrading the packaging to latest (3.2.3) and otherwise report it upstream. -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages warzone2100 depends on: ii libc6 2.24-11+deb9u4 ii libfontconfig12.11.0-6.7+b1 ii libfreetype6 2.6.3-3.2 ii libfribidi0 0.19.7-1+b1 ii libgcc1 1:6.3.0-18+deb9u1 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglc0 0.7.2-5+b3 ii libglew2.02.0.0-3+b1 ii libglu1-mesa [libglu1]9.0.0-2.1 ii libminiupnpc101.9.20140610-4 ii libogg0 1.3.2-1 ii libopenal11:1.17.2-4+b2 ii libphysfs12.0.3-5 ii libpng16-16 1.6.28-1+deb9u1 ii libqt5core5a 5.7.1+dfsg-3+deb9u1 ii libqt5gui55.7.1+dfsg-3+deb9u1 ii libqt5script5 5.7.1~20161021+dfsg-2 ii libqt5widgets55.7.1+dfsg-3+deb9u1 ii libsdl2-2.0-0 2.0.5+dfsg1-2 ii libssl1.1 1.1.0j-1~deb9u1 ii libstdc++66.3.0-18+deb9u1 ii libtheora01.1.1+dfsg.1-14+b1 ii libvorbis0a 1.3.5-4+deb9u2 ii libvorbisfile31.3.5-4+deb9u2 ii libx11-6 2:1.6.4-3+deb9u1 ii libxrandr22:1.5.1-1 ii warzone2100-data 3.2.1-2 ii zlib1g1:1.2.8.dfsg-5 Versions of packages warzone2100 recommends: ii warzone2100-music 3.2.1-2 warzone2100 suggests no packages. -- no debconf information Program: /usr/games/warzone2100(warzone2100) Command line: "warzone2100" Version: Version: 3.2.1, Built:Nov 28 2016 Distributor: Debian Compiled on: Nov 28 2016 19:51:47 Compiled by: GCC 6.2.1 20161124 Compiled mode: Release build Executed on: Sat Jun 22 16:19:50 2019 Operating system: Linux Node name: mithrandir Release: 4.9.0-9-amd64 Version: #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) Machine: x86_64 Pointers: 64bit Compiled against PhysicsFS version: 2.0.3 Running with PhysicsFS version: 2.0.3 Misc Data: [16:19:51]Video Mode 1600 x 900 (fullscreen) [16:19:51]OpenGL Vendor: X.Org [16:19:51]OpenGL Renderer: Gallium 0.4 on AMD ARUBA (DRM 2.49.0 / 4.9.0-9-amd64, LLVM 3.9.1) [16:19:51]OpenGL Version: 3.0 Mesa 13.0.6 [16:19:51]GLEW Version: 2.0.0 [16:19:51]OpenGL GLSL Version : 1.30 [16:19:51]OpenAL Device Name: OpenAL Soft [16:19:51]OpenAL Vendor: OpenAL Community [16:19:51]OpenAL Version: 1.1 ALSOFT 1.17.2 [16:19:51]OpenAL Renderer: OpenAL Soft [16:19:51]OpenAL Extensions: AL_EXT_ALAW AL_EXT_BFORMAT AL_EXT_DOUBLE AL_EXT_EXPONENT_DISTANCE AL_EXT_FLOAT32 AL_EXT_IMA4 AL_EXT_LINEAR_DISTANCE AL_EXT_MCFORMATS AL_EXT_MULAW AL_EXT_MULAW_BFORMAT AL_EXT_MULAW_MCFORMATS AL_EXT_OFFSET AL_EXT_source_distance_model AL_LOKI_quadriphonic AL_SOFT_block_alignment AL_SOFT_buffer_samples AL_SOFT_buffer_sub_data AL_SOFT_deferred_updates AL_SOFT_direct_channels AL_SOFT_loop_points AL_SOFT_MSADPCM AL_SOFT_source_latency AL_SOFT_source_length [16:19:51]Using Backend: SDL [16:19:51]Using language: System locale Dump caused by signal: SIGSEGV: Invalid memory reference: Address not mapped to object Log message: info|04:19:50: [realmain:1146] Using /home/emorrp1/.warzone2100-3.2/logs/WZlog-0622_161950.txt debug file GLIBC raw backtrace: warzone2100(+0x2ad50f)[0x555d9bd9850f] /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0)[0x7f9bd46340e0] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(EC_KEY_dup+0x9)[0x7f9bd1e7fda9] warzone2100(_ZN5EcKeyC2ERKS_+0xc)[0x555d9bd9d8cc] warzone2100(_Z14setupNewPlayerj+0x12a)[0x555d9bc46d0a] warzone2100(_Z15MultiPlayerJoinj+0xac)[0x555d9bc46e5c] warzone2100(_Z11NEThostGamePKcS0_j+0x3e7)[0x555d9bd67157] warzone2100(_Z12hostCampaignPcS_+0x9d)[0x555d9bc4ce5d] warzone2100(+0x1572d3)[0x555d9bc422d3] warzone2100(_Z15runMultiOptionsv+0x19c)[0x555d9bc44a6c] warzone2100(_Z9titleLoopv+0x215)[0x555d9bd30ea5] warzone2100(_Z8mainLoopv+0x105)[0x555d9bc14dc5] warzone2100(_Z15wzMainEventLoopv+0x13c)[0x555d9bd9bccc] warzone2100(_Z8realmainiPPc+0x9f7)[0x555d9bc15a97] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f9bd11532e1] warzone2100(_start+0x2a)[0x555d9bb67fea] GDB extended backtrace: GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later