Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Control: tags -1 patch thanks On Mon, Jun 24, 2019 at 03:52:16PM +0200, Bernhard Übelacker wrote: > Attached patch calls EC_KEY_dup just in case of a not null key. > With packages rebuilt in Stretch and Buster with this > patch applied, the same crash does not manifest and a multiplayer > with one nullbot was possible. My man, you are a legend, thank you for the quick patch - I can happily confirm I'm now able to play LAN multiplayer! The packaging is still in a pretty bad state, and apparently the new 3.3.0-beta1 is more stable than 3.2.3, so I'll probably still work on it for after buster: https://salsa.debian.org/emorrp1-guest/warzone2100/ signature.asc Description: PGP signature
Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Dear Maintainer,
I just tried to help triaging this bug.
This bug manifests in current Stretch/9.9 and
also in Buster/testing.
In the call to function setMultiStats a temporary
PLAYERSTATS object gets constructed from the
reference returned by getMultiStats.
Therefore the copy constructor of EcKey for the member identity
is called, which unfortunately unconditionally calls EC_KEY_dup,
which seems not able to handle an null pointer as ec_key.
Attached patch calls EC_KEY_dup just in case of a not null key.
With packages rebuilt in Stretch and Buster with this
patch applied, the same crash does not manifest and a multiplayer
with one nullbot was possible.
Could not find an upstream bug similar to this.
Kind regards,
Bernhard
(gdb) bt
#0 EC_KEY_dup (ec_key=0x0) at ../crypto/ec/ec_key.c:156
#1 0x558068cc in EcKey::EcKey (this=0x7fffad00, b=...) at
crc.cpp:248
#2 0x556afd0a in PLAYERSTATS::PLAYERSTATS (this=0x7ffface0) at
multistat.h:31
#3 setupNewPlayer (player=player@entry=0) at multijoin.cpp:473
#4 0x556afe5c in MultiPlayerJoin (playerIndex=0) at multijoin.cpp:350
#5 0x557d0157 in NEThostGame
(SessionName=SessionName@entry=0x55f234e3 "Mein Spiel",
PlayerName=PlayerName@entry=0x55f20520 "Spieler", one=14,
two=two@entry=0, three=three@entry=0, four=four@entry=0, plyrs=4) at
netplay.cpp:2780
#6 0x556b5e5d in hostCampaign (sGame=sGame@entry=0x55f234e3
"Mein Spiel", sPlayer=sPlayer@entry=0x55f20520
"Spieler") at multiopt.cpp:259
#7 0x556ab2d3 in processMultiopWidgets (id=10276) at multiint.cpp:3072
#8 0x556ada6c in runMultiOptions () at multiint.cpp:3751
#9 0x55799ea5 in titleLoop () at wrappers.cpp:176
#10 0x5567ddc5 in runTitleLoop () at main.cpp:923
#11 mainLoop () at main.cpp:995
#12 0x55804ccc in wzMainEventLoop () at main_sdl.cpp:1601
#13 0x5567ea97 in realmain (argc=, argv=)
at main.cpp:1329
#14 0x72b642e1 in __libc_start_main (main=0x555d0df0 , argc=1, argv=0x7fffe668, init=, fini=, rtld_fini=, stack_end=0x7fffe658) at
../csu/libc-start.c:291
#15 0x555d0fea in _start ()
Description: Avoid calling EC_KEY_dup with null pointer
Author: Bernhard Ãbelacker
Bug-Debian: https://bugs.debian.org/930942
Forwarded: no
Last-Update: 2019-06-24
--- warzone2100-3.2.1.orig/lib/framework/crc.cpp
+++ warzone2100-3.2.1/lib/framework/crc.cpp
@@ -245,7 +245,9 @@ EcKey::EcKey()
EcKey::EcKey(EcKey const )
{
- vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
+ vKey = nullptr;
+ if (!b.empty())
+ vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
}
EcKey::EcKey(EcKey &)
@@ -262,7 +264,8 @@ EcKey::~EcKey()
EcKey ::operator =(EcKey const )
{
clear();
- vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
+ if (!b.empty())
+ vKey = (void *)EC_KEY_dup((EC_KEY *)b.vKey);
return *this;
}
# Stretch/9.9 qemu amd64 VM 2019-06-24
apt update
apt dist-upgrade
apt install systemd-coredump xserver-xorg lightdm openbox mc gdb fakeroot
warzone2100 warzone2100-dbgsym libssl1.1-dbgsym
apt build-dep warzone2100
mkdir /home/benutzer/source/libssl1.1/orig -p
cd/home/benutzer/source/libssl1.1/orig
apt source libssl1.1
cd
mkdir /home/benutzer/source/warzone2100/orig -p
cd/home/benutzer/source/warzone2100/orig
apt source warzone2100
cd
reboot
export DISPLAY=:0
gdb -q \
-ex 'set width 0' \
-ex 'set pagination off' \
-ex 'directory /home/benutzer/source/libssl1.1/orig/openssl-1.1.0j/crypto' \
-ex 'directory
/home/benutzer/source/warzone2100/orig/warzone2100-3.2.1/lib/framework' \
-ex 'directory
/home/benutzer/source/warzone2100/orig/warzone2100-3.2.1/src' \
-ex 'run' \
--args warzone2100
benutzer@debian:~$ gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'run'
--args warzone2100
Reading symbols from warzone2100...(no debugging symbols found)...done.
Starting program: /usr/games/warzone2100
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe63a7700 (LWP 3843)]
info|02:03:13: [realmain:1146] Using
/home/benutzer/.warzone2100-3.2/logs/WZlog-0624_140313.txt debug file
[New Thread 0x7fffe5b19700 (LWP 3850)]
[New Thread 0x7fffdc72c700 (LWP 3853)]
[New Thread 0x7fffdbf2b700 (LWP 3854)]
[New Thread 0x7fffdb72a700 (LWP 3855)]
[New Thread 0x7fffdaf29700 (LWP 3856)]
[New Thread 0x7fffda728700 (LWP 3857)]
[New Thread 0x7fffd9f27700 (LWP 3858)]
[New Thread 0x7fffd9726700 (LWP 3859)]
[New Thread 0x7fffd8f25700 (LWP 3860)]
[New Thread 0x7fffd7925700 (LWP 3861)]
[Thread 0x7fffd7925700 (LWP 3861) exited]
ALSA lib confmisc.c:767:(parse_card) cannot find card '0'
ALSA lib conf.c:4528:(_snd_config_evaluate) function snd_func_card_driver
returned error: Datei oder Verzeichnis nicht gefunden
ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings
ALSA lib conf.c:4528:(_snd_config_evaluate) function snd_func_concat returned
Bug#930942: warzone2100: Segfault upon multiplayer "Start Hosting Game"
Package: warzone2100 Version: 3.2.1-2 Severity: important Multi Player -> Host Game -> Start Hosting Game This is reliably reproducible on a variety of amd64 hardware: desktop, laptop, netbook, dedicated, integrated graphics. See attached debug log after installing gdb. I intend to try upgrading the packaging to latest (3.2.3) and otherwise report it upstream. -- System Information: Debian Release: 9.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages warzone2100 depends on: ii libc6 2.24-11+deb9u4 ii libfontconfig12.11.0-6.7+b1 ii libfreetype6 2.6.3-3.2 ii libfribidi0 0.19.7-1+b1 ii libgcc1 1:6.3.0-18+deb9u1 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglc0 0.7.2-5+b3 ii libglew2.02.0.0-3+b1 ii libglu1-mesa [libglu1]9.0.0-2.1 ii libminiupnpc101.9.20140610-4 ii libogg0 1.3.2-1 ii libopenal11:1.17.2-4+b2 ii libphysfs12.0.3-5 ii libpng16-16 1.6.28-1+deb9u1 ii libqt5core5a 5.7.1+dfsg-3+deb9u1 ii libqt5gui55.7.1+dfsg-3+deb9u1 ii libqt5script5 5.7.1~20161021+dfsg-2 ii libqt5widgets55.7.1+dfsg-3+deb9u1 ii libsdl2-2.0-0 2.0.5+dfsg1-2 ii libssl1.1 1.1.0j-1~deb9u1 ii libstdc++66.3.0-18+deb9u1 ii libtheora01.1.1+dfsg.1-14+b1 ii libvorbis0a 1.3.5-4+deb9u2 ii libvorbisfile31.3.5-4+deb9u2 ii libx11-6 2:1.6.4-3+deb9u1 ii libxrandr22:1.5.1-1 ii warzone2100-data 3.2.1-2 ii zlib1g1:1.2.8.dfsg-5 Versions of packages warzone2100 recommends: ii warzone2100-music 3.2.1-2 warzone2100 suggests no packages. -- no debconf information Program: /usr/games/warzone2100(warzone2100) Command line: "warzone2100" Version: Version: 3.2.1, Built:Nov 28 2016 Distributor: Debian Compiled on: Nov 28 2016 19:51:47 Compiled by: GCC 6.2.1 20161124 Compiled mode: Release build Executed on: Sat Jun 22 16:19:50 2019 Operating system: Linux Node name: mithrandir Release: 4.9.0-9-amd64 Version: #1 SMP Debian 4.9.168-1+deb9u2 (2019-05-13) Machine: x86_64 Pointers: 64bit Compiled against PhysicsFS version: 2.0.3 Running with PhysicsFS version: 2.0.3 Misc Data: [16:19:51]Video Mode 1600 x 900 (fullscreen) [16:19:51]OpenGL Vendor: X.Org [16:19:51]OpenGL Renderer: Gallium 0.4 on AMD ARUBA (DRM 2.49.0 / 4.9.0-9-amd64, LLVM 3.9.1) [16:19:51]OpenGL Version: 3.0 Mesa 13.0.6 [16:19:51]GLEW Version: 2.0.0 [16:19:51]OpenGL GLSL Version : 1.30 [16:19:51]OpenAL Device Name: OpenAL Soft [16:19:51]OpenAL Vendor: OpenAL Community [16:19:51]OpenAL Version: 1.1 ALSOFT 1.17.2 [16:19:51]OpenAL Renderer: OpenAL Soft [16:19:51]OpenAL Extensions: AL_EXT_ALAW AL_EXT_BFORMAT AL_EXT_DOUBLE AL_EXT_EXPONENT_DISTANCE AL_EXT_FLOAT32 AL_EXT_IMA4 AL_EXT_LINEAR_DISTANCE AL_EXT_MCFORMATS AL_EXT_MULAW AL_EXT_MULAW_BFORMAT AL_EXT_MULAW_MCFORMATS AL_EXT_OFFSET AL_EXT_source_distance_model AL_LOKI_quadriphonic AL_SOFT_block_alignment AL_SOFT_buffer_samples AL_SOFT_buffer_sub_data AL_SOFT_deferred_updates AL_SOFT_direct_channels AL_SOFT_loop_points AL_SOFT_MSADPCM AL_SOFT_source_latency AL_SOFT_source_length [16:19:51]Using Backend: SDL [16:19:51]Using language: System locale Dump caused by signal: SIGSEGV: Invalid memory reference: Address not mapped to object Log message: info|04:19:50: [realmain:1146] Using /home/emorrp1/.warzone2100-3.2/logs/WZlog-0622_161950.txt debug file GLIBC raw backtrace: warzone2100(+0x2ad50f)[0x555d9bd9850f] /lib/x86_64-linux-gnu/libpthread.so.0(+0x110e0)[0x7f9bd46340e0] /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(EC_KEY_dup+0x9)[0x7f9bd1e7fda9] warzone2100(_ZN5EcKeyC2ERKS_+0xc)[0x555d9bd9d8cc] warzone2100(_Z14setupNewPlayerj+0x12a)[0x555d9bc46d0a] warzone2100(_Z15MultiPlayerJoinj+0xac)[0x555d9bc46e5c] warzone2100(_Z11NEThostGamePKcS0_j+0x3e7)[0x555d9bd67157] warzone2100(_Z12hostCampaignPcS_+0x9d)[0x555d9bc4ce5d] warzone2100(+0x1572d3)[0x555d9bc422d3] warzone2100(_Z15runMultiOptionsv+0x19c)[0x555d9bc44a6c] warzone2100(_Z9titleLoopv+0x215)[0x555d9bd30ea5] warzone2100(_Z8mainLoopv+0x105)[0x555d9bc14dc5] warzone2100(_Z15wzMainEventLoopv+0x13c)[0x555d9bd9bccc] warzone2100(_Z8realmainiPPc+0x9f7)[0x555d9bc15a97] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f9bd11532e1] warzone2100(_start+0x2a)[0x555d9bb67fea] GDB extended backtrace: GNU gdb (Debian 7.12-6) 7.12.0.20161007-git Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later
