Bug#944431: Segfault on startup

[Bernhard Übelacker]

Hello Markus, hello Enrico,
I am sorry to be late, but I guess I have found the issue.
The function SetThreadPriority does not return properly
therefore the following function gets executed which writes
to somewhere, that causes later the crash below.

The build logs show a warning for this issue:

tmp/compat_mini.cpp: In function ‘int SetThreadPriority(THREAD_HANDLE, 
int)’:
tmp/compat_mini.cpp:106:1: warning: no return statement in function 
returning non-void [-Wreturn-type]
  106 | }
  | ^

Attached patch adds return statements for all functions
currently triggering this warning.

Kind regards,
Bernhard


(gdb) bt
#0  0x562c7679292e in flip () at komat/Berusky3d_ini.cpp:46
#1  0x562c767ea5e4 in ddxPublish () at tmp/compat.cpp:196
#2  0x562c767ea6a9 in DisplayFrame () at tmp/compat.cpp:120
#3  0x562c76737374 in RunMenu (p_File_Name=p_File_Name@entry=0x562c76888c8b 
"mainmenu.txt", hWnd=hWnd@entry=0x0, p_ad=, cpu=cpu@entry=8304) 
at kofola/Menu.cpp:5810
#4  0x562c767771b7 in winmain_Game_Run (p_Level_Name=0x562c76bf3148 
 "") at kofola/game_main.cpp:252
#5  0x562c7671b293 in main (argc=, argv=) at 
komat/Berusky3d_ini.cpp:360
Description: Avoid 'no return statement in function returning non-void'
Author: Bernhard Übelacker 

Bug-Debian: https://bugs.debian.org/944431
Forwarded: no
Last-Update: 2019-11-18

--- berusky2-0.10.orig/src/tmp/compat_mini.cpp
+++ berusky2-0.10/src/tmp/compat_mini.cpp
@@ -92,7 +92,7 @@ THREAD_HANDLE CreateThread(void *lpThrea
 
 int CloseHandle(THREAD_HANDLE handle)
 {
-
+  return 1;
 }
 
 void ExitThread(dword dwExitCode)
@@ -103,10 +103,12 @@ void ExitThread(dword dwExitCode)
 
 int SetThreadPriority(THREAD_HANDLE hThread, int nPriority)
 {
+  return 1;
 }
 
 int GetThreadPriority(THREAD_HANDLE hThread)
 {
+  return 0/*THREAD_PRIORITY_NORMAL*/;
 }
 
 int GetExitCodeThread(THREAD_HANDLE hThread, dword *lpExitCode)

# Buster/stable amd64 qemu VM 2019-11-15


apt update
apt dist-upgrade


apt install systemd-coredump dpkg-dev devscripts xserver-xorg lightdm openbox 
xterm gdb valgrind rr berusky2 berusky2-dbgsym
apt build-dep berusky2

reboot

echo 1 > /proc/sys/kernel/perf_event_paranoid


mkdir /home/benutzer/source/berusky2/orig -p
cd/home/benutzer/source/berusky2/orig
apt source berusky2
cd



export DISPLAY=:0
export LANG=C


berusky2
# crashes

rr berusky2
# does not crash

valgrind berusky2
# crashes

valgrind --track-origins=yes berusky2
# crashes

gdb -q --args berusky2
# crashes




$ berusky2 
Berusky 2 v.0.10 (C) Anakreon 2011, http://www.anakreon.cz/
...
Kofola: - Load bitmap pro herni menu
--Total load time 0.2 s -
APAK: font_en.pak
Velikost AFAT: 2.6KB
Velikost Archivu: 0.4MB
Souboru: 7
Adresaru: 0
Uzlu: 2
b2_2d_font.pTTable = 0x563f6ddc1160
set font = font_en.pak
APAK: font_system_en.pak
Velikost AFAT: 2.6KB
Velikost Archivu: 0.1MB
Souboru: 7
Adresaru: 0
Uzlu: 2
b2_2d_font.pTTable = 0x563f70bd40f0
set font = font_system_en.pak
Segmentation fault (core dumped)


#


Nov 15 17:22:58 debian systemd-coredump[647]: Process 627 (berusky2) of user 
1000 dumped core.
  
  Stack trace of thread 627:
  #0  0x563f6b62b92e n/a 
(berusky2)
  #1  0x563f6b6835e4 n/a 
(berusky2)
  #2  0x563f6b6836a9 n/a 
(berusky2)
  #3  0x563f6b5d0374 n/a 
(berusky2)
  #4  0x563f6b6101b7 n/a 
(berusky2)
  #5  0x563f6b5b4293 main 
(berusky2)
  #6  0x7f2f6423a09b 
__libc_start_main (libc.so.6)
  #7  0x563f6b5b450a n/a 
(berusky2)
  
  Stack trace of thread 642:
  #0  0x7f2f64304819 __poll 
(libc.so.6)
  #1  0x7f2f63bdd9af n/a 
(libasound.so.2)
  #2  0x7f2f63bddccb 
snd_pcm_wait (libasound.so.2)
  #3  0x7f2f6498d2ff n/a 
(libopenal.so.1)
  #4  0x7f2f6499bb67 n/a 
(libopenal.so.1)
  #5  0x7f2f64701fa3 
start_thread (libpthread.so.0)
  #6  0x7f2f6430f4cf __clone 
(libc.so.6)
  
  Stack trace of thread 643:
  #0  0x7f2f6470a896 
do_futex_wait.constprop.1 (libpthread.so.0)
   

Bug#944431: Segfault on startup

[Markus Koschany]

Control: severity -1 serious
Control: tags -1 confirmed

Am 09.11.19 um 23:48 schrieb Enrico Zini:
> Package: berusky2
> Version: 0.10-7
> Severity: normal
> 
> Hello,
> 
> thank you for packaging berusky2.
> 
> I wanted to try the game but it segfaults on startup, after showing the 
> cinemax
> logo. The stack trace is sadly not really helpful:

[...]

Hi Enrico,

thanks for reporting! I can reproduce the segfault. It has something to
do with compiler optimizations. When I build without any optimization,
the game starts as expected. Something must have changed with GCC 9. I
am too lazy to investigate the underlying problem and upstream is
inactive hence I intend to go with -O0.

Regards,

Markus



signature.asc
Description: OpenPGP digital signature

Bug#944431: Segfault on startup

[Enrico Zini]

Package: berusky2
Version: 0.10-7
Severity: normal

Hello,

thank you for packaging berusky2.

I wanted to try the game but it segfaults on startup, after showing the cinemax
logo. The stack trace is sadly not really helpful:

  Thread 1 "berusky2" received signal SIGSEGV, Segmentation fault.
  0x555d892e in ?? ()
  (gdb) where
  #0  0x555d892e in ?? ()
  #1  0x556305e4 in ?? ()
  #2  0x556306a9 in ?? ()
  #3  0x5557d374 in ?? ()
  #4  0x555bd1b7 in ?? ()
  #5  0x55561293 in main ()

The stdout/stderr output when launching the game is this:

Checking /home/enrico/.berusky2/...ok
Checking /home/enrico/.berusky2/Save/...ok
Checking /home/enrico/.berusky2/Save/profiles/...ok
Checking ~/.berusky2/berusky3d.ini...OK
Trying to open ini file at /home/enrico/.berusky2//berusky3d.ini...OK
SDL Init...
Init video surface...

Screen resolution 1024x768
Color depth 32 bits
Fullscreen = 0
OpenGL = 0

Creating screen...
Loading extensions...
OpenGL Vendor: Intel Open Source Technology Center
OpenGL Renderer: Mesa DRI Intel(R) HD Graphics 620 (Kaby Lake GT2) 
OpenGL Version: 3.0 Mesa 18.3.6

Availabile extensions:
GL_ARB_multisample
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_blend_color
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_copy_texture
GL_EXT_subtexture
GL_EXT_texture_object
GL_EXT_vertex_array
GL_EXT_compiled_vertex_array
GL_EXT_texture
GL_EXT_texture3D
GL_IBM_rasterpos_clip
GL_ARB_point_parameters
GL_EXT_draw_range_elements
GL_EXT_packed_pixels
GL_EXT_point_parameters
GL_EXT_rescale_normal
GL_EXT_separate_specular_color
GL_EXT_texture_edge_clamp
GL_SGIS_generate_mipmap
GL_SGIS_texture_border_clamp
GL_SGIS_texture_edge_clamp
GL_SGIS_texture_lod
GL_ARB_framebuffer_sRGB
GL_ARB_multitexture
GL_EXT_framebuffer_sRGB
GL_IBM_multimode_draw_arrays
GL_IBM_texture_mirrored_repeat
GL_3DFX_texture_compression_FXT1
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_transpose_matrix
GL_EXT_blend_func_separate
GL_EXT_fog_coord
GL_EXT_multi_draw_arrays
GL_EXT_secondary_color
GL_EXT_texture_env_add
GL_EXT_texture_filter_anisotropic
GL_EXT_texture_lod_bias
GL_INGR_blend_func_separate
GL_NV_blend_square
GL_NV_light_max_exponent
GL_NV_texgen_reflection
GL_NV_texture_env_combine4
GL_S3_s3tc
GL_SUN_multi_draw_arrays
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_EXT_framebuffer_object
GL_EXT_texture_compression_s3tc
GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3
GL_MESA_window_pos
GL_NV_packed_depth_stencil
GL_NV_texture_rectangle
GL_ARB_depth_texture
GL_ARB_occlusion_query
GL_ARB_shadow
GL_ARB_texture_env_combine
GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3
GL_ARB_texture_mirrored_repeat
GL_ARB_window_pos
GL_EXT_stencil_two_side
GL_EXT_texture_cube_map
GL_NV_depth_clamp
GL_NV_fog_distance
GL_APPLE_packed_pixels
GL_ARB_draw_buffers
GL_ARB_fragment_program
GL_ARB_fragment_shader
GL_ARB_shader_objects
GL_ARB_vertex_program
GL_ARB_vertex_shader
GL_ATI_draw_buffers
GL_ATI_texture_env_combine3
GL_ATI_texture_float
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_MESA_pack_invert
GL_NV_primitive_restart
GL_ARB_depth_clamp
GL_ARB_fragment_program_shadow
GL_ARB_half_float_pixel
GL_ARB_occlusion_query2
GL_ARB_point_sprite
GL_ARB_shading_language_100
GL_ARB_sync
GL_ARB_texture_non_power_of_two
GL_ARB_vertex_buffer_object
GL_ATI_blend_equation_separate
GL_EXT_blend_equation_separate
GL_OES_read_format
GL_ARB_color_buffer_float
GL_ARB_pixel_buffer_object
GL_ARB_texture_compression_rgtc
GL_ARB_texture_float
GL_ARB_texture_rectangle
GL_EXT_packed_float
GL_EXT_pixel_buffer_object
GL_EXT_texture_compression_dxt1
GL_EXT_texture_compression_rgtc
GL_EXT_texture_rectangle
GL_EXT_texture_sRGB
GL_EXT_texture_shared_exponent
GL_ARB_framebuffer_object
GL_EXT_framebuffer_blit
GL_EXT_framebuffer_multisample
GL_EXT_packed_depth_stencil
GL_APPLE_object_purgeable
GL_ARB_vertex_array_object
GL_ATI_separate_stencil
GL_EXT_draw_buffers2
GL_EXT_draw_instanced
GL_EXT_gpu_program_parameters
GL_EXT_texture_array
GL_EXT_texture_integer
GL_EXT_texture_sRGB_decode
GL_EXT_timer_query
GL_OES_EGL_image
GL_ARB_copy_buffer
GL_ARB_depth_buffer_float
GL_ARB_draw_instanced
GL_ARB_half_float_vertex
GL_ARB_instanced_arrays
GL_ARB_map_buffer_range
GL_ARB_texture_rg
GL_ARB_texture_swizzle
GL_ARB_vertex_array_bgra
GL_EXT_texture_swizzle
GL_EXT_vertex_array_bgra
GL_NV_conditional_render
GL_AMD_conservative_depth
GL_AMD_depth_clamp_separate
GL_AMD_draw_buffers_blend
GL_AMD_seamless_cubemap_per_texture
GL_AMD_shader_stencil_export
GL_ARB_ES2_compatibility
GL_ARB_blend_func_extended
GL_ARB_debug_output
GL_ARB_draw_buffers_blend
GL_ARB_draw_elements_base_vertex
GL_ARB_explicit_attrib_location
GL_ARB_fragment_coord_conventions
GL_ARB_provoking_vertex
GL_ARB_sample_shading
GL_ARB_sampler_objects
GL_ARB_seamless_cube_map
GL_ARB_shader_stencil_export
GL_ARB_shader_texture_lod
GL_ARB_texture_cube_map_array
GL_ARB_texture_gather
GL_ARB_texture_multisample
GL_ARB_texture_query_lod
GL_ARB_texture_rgb10_a2ui