[go: up one dir, main page]
Menu

#80 segfault FontDecode and Font_LineBreaks on OpenBSD

1.04
open
nobody
None
2022-12-29
2020-04-23
Nam
No

OpenBSD fteqw revision 5675

It crashes often after clicking on new game. Sometimes, I manage to get into a game and open console and type and it crashes in the same manner. Two debug dumps provided from these scenarios. It seems like the while loop gl/gl_font.c:2685 is problematic.

(gdb) run -basedir ~/games/data/quake
Starting program: /usr/local/bin/fteqw -basedir ~/games/data/quake
[New thread 486146]
[New thread 508746]
[New thread 454114]
[New thread 360077]
[New thread 615626]
[New thread 405646]

Thread 1 received signal SIGSEGV, Segmentation fault.
0x000000f8b39c16ff in Font_Decode (start=0xfb515cc000, codeflags=0x7f7ffffca8a4, codepoint=0x7f7ffffca8a0) at client/screen.h:297
297     if (*start & CON_LONGCHAR)
(gdb) bt
#0  0x000000f8b39c16ff in Font_Decode (start=0xfb515cc000, codeflags=0x7f7ffffca8a4, codepoint=0x7f7ffffca8a0) at client/screen.h:297
#1  0x000000f8b382b82b in Font_LineBreaks (start=0xfb515cbf20, end=0xfb515cbfa8, maxpixelwidth=1884, maxlines=64, starts=0x7f7ffffcaea0, ends=0x7f7ffffcaca0) at gl/gl_font.c:2685
#2  0x000000f8b3bb94dd in Con_DrawConsoleLines (con=0xfadb62bc00, l=0xfb515cbf00, displayscroll=0, sx=18, ex=1902, y=684, top=0, selactive=2, selsx=794, selex=794, selsy=96, seley=96, lineagelimit=0) at client/console.c:2370
#3  0x000000f8b3bbef17 in Con_DrawConsole (lines=479, noback=qfalse) at client/console.c:2899
#4  0x000000f8b3b6e01e in SCR_DrawConsole (noback=qfalse) at client/cl_screen.c:2385
#5  0x000000f8b3b6fed3 in SCR_DrawTwoDimensional (nohud=qtrue) at client/cl_screen.c:3355
#6  0x000000f8b38b01b3 in GLSCR_UpdateScreen () at gl/gl_screen.c:221
#7  0x000000f8b3b6d987 in SCR_ImageName (mapname=0x7f7ffffd17a0 "start") at client/cl_screen.c:2260
#8  0x000000f8b3e3fa47 in SV_Map_f () at server/sv_ccmds.c:707
#9  0x000000f8b39deb9b in Cmd_ExecuteStringGlobalsAreEvil (text=0x7f7ffffd1920 "map start", level=29) at common/cmd.c:2753
#10 0x000000f8b39da631 in Cmd_ExecuteString (text=0x7f7ffffe19b0 "map start", level=29) at common/cmd.c:2937
#11 0x000000f8b39da5ae in Cbuf_ExecuteLevel (level=29) at common/cmd.c:527
#12 0x000000f8b39da6f3 in Cbuf_Execute () at common/cmd.c:554
#13 0x000000f8b3b34a96 in Host_Frame (time=0.018233999999999639) at client/cl_main.c:6078
#14 0x000000f8b394d8df in main (c=3, v=0x7f7fffff2078) at client/sys_linux.c:1202
(gdb) print start
$1 = (conchar_t *) 0xfb515cc000
(gdb) print *start
Cannot access memory at address 0xfb515cc000

(gdb) run -basedir ~/games/data/quake
Starting program: /usr/local/bin/fteqw -basedir ~/games/data/quake
[New thread 382455]
[New thread 542899]
[New thread 418912]
[New thread 258613]
[New thread 260614]
[New thread 100565]

Thread 1 received signal SIGSEGV, Segmentation fault.
0x0000009f775166ff in Font_Decode (start=0xa1bb595000, codeflags=0x7f7ffffee214, codepoint=0x7f7ffffee210) at client/screen.h:297
297     if (*start & CON_LONGCHAR)
(gdb) print start
$1 = (conchar_t *) 0xa1bb595000
(gdb) print *start
Cannot access memory at address 0xa1bb595000
(gdb) bt
#0  0x0000009f775166ff in Font_Decode (start=0xa1bb595000, codeflags=0x7f7ffffee214, codepoint=0x7f7ffffee210) at client/screen.h:297
#1  0x0000009f7738082b in Font_LineBreaks (start=0xa1bb594120, end=0xa1bb594178, maxpixelwidth=1884, maxlines=64, starts=0x7f7ffffee810, ends=0x7f7ffffee610) at gl/gl_font.c:2685
#2  0x0000009f7770e4dd in Con_DrawConsoleLines (con=0xa214f5ac00, l=0xa1bb594100, displayscroll=0, sx=18, ex=1902, y=502, top=0, selactive=0, selsx=676, selex=676, selsy=692, seley=692, lineagelimit=0) at client/console.c:2370
#3  0x0000009f77713f17 in Con_DrawConsole (lines=239, noback=qfalse) at client/console.c:2899
#4  0x0000009f776c301e in SCR_DrawConsole (noback=qfalse) at client/cl_screen.c:2385
#5  0x0000009f776c4ee9 in SCR_DrawTwoDimensional (nohud=qfalse) at client/cl_screen.c:3361
#6  0x0000009f774051b3 in GLSCR_UpdateScreen () at gl/gl_screen.c:221
#7  0x0000009f7768a3d9 in Host_Frame (time=0.015150999999995918) at client/cl_main.c:6204
#8  0x0000009f774a28df in main (c=3, v=0x7f7fffff2fe8) at client/sys_linux.c:1202
#1  0x0000009f7738082b in Font_LineBreaks (start=0xa1bb594120, end=0xa1bb594178, maxpixelwidth=1884, maxlines=64, starts=0x7f7ffffee810, ends=0x7f7ffffee610) at gl/gl_font.c:2685
2685                n = Font_Decode(l, &codeflags, &codepoint);
#0  0x0000009f775166ff in Font_Decode (start=0xa1bb595000, codeflags=0x7f7ffffee214, codepoint=0x7f7ffffee210) at client/screen.h:297
297     if (*start & CON_LONGCHAR)

Discussion

  • Nam

    Nam - 2020-04-23

    Reverting to revision 5554 implementation of Font_LineBreaks, as in the following patch, seems to have resolved the issue.

    $OpenBSD$

revert Font_LineBreaks implementation from revision 5675 to 5554 implementation
to resolve frequent segfaults

https://sourceforge.net/p/fteqw/tickets/80/

Index: engine/gl/gl_font.c
--- engine/gl/gl_font.c.orig
+++ engine/gl/gl_font.c
@@ -2665,10 +2665,7 @@ int Font_LineBreaks(conchar_t *start, conchar_t *end, 
                if (codepoint > ' ')
                    l = n;
                else
-               {
-                   l = n;
                    break;
-               }
            }
            if (l == start && bt>start)
                l = Font_DecodeReverse(bt, start, &codeflags, &codepoint);
@@ -2679,14 +2676,6 @@ int Font_LineBreaks(conchar_t *start, conchar_t *end, 
        foundlines++;
        if (foundlines == maxlines)
            break;
-
-       for (;;)
-       {
-           n = Font_Decode(l, &codeflags, &codepoint);
-           if (!(codeflags & CON_HIDDEN) && (codepoint != ' '))
-               break;
-           l = n;
-       }

        start=l;
        if (start == end)
     

Log in to post a comment.