search

FLIF-hub / FLIF

Free Lossless Image Format
Other
3.72k stars 229 forks source link

viewflif crashes on file generated by make test #356

Closed matthiaskrgr closed 7 years ago

matthiaskrgr commented 7 years ago

cd src make test make viewflif LD_LIBRARY_PATH=. ./viewflif ../tmp-test/endless_war.flif => segfault

matthiaskrgr commented 7 years ago 
Decoding progressively...
viewflif.c:63:26: runtime error: load of null pointer of type 'SDL_Texture *' (aka 'struct SDL_Texture *')
SUMMARY: AddressSanitizer: undefined-behavior viewflif.c:63:26 in 
ASAN:DEADLYSIGNAL
=================================================================
==1486==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004e806c bp 0x7ffee769f030 sp 0x7ffee769ed00 T0)
==1486==The signal is caused by a READ memory access.
==1486==Hint: address points to the zero page.
    #0 0x4e806b in draw_image /home/matthias/vcs/github/FLIF/src/viewflif.c:63:26
    #1 0x4e9ee6 in do_event /home/matthias/vcs/github/FLIF/src/viewflif.c:101:100
    #2 0x4ecbab in main /home/matthias/vcs/github/FLIF/src/viewflif.c:256:35
    #3 0x7f99a1d11400 in __libc_start_main (/lib64/libc.so.6+0x20400)
    #4 0x41b0b9 in _start (/home/matthias/vcs/github/FLIF/src/viewflif+0x41b0b9)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/matthias/vcs/github/FLIF/src/viewflif.c:63:26 in draw_image
==1486==ABORTING
jonsneyers commented 7 years ago

I can't reproduce this one. Do you need to compile viewflif with ASAN maybe?

matthiaskrgr commented 7 years ago

It crashes also with a non-asan build (that's how I found it) For the record, I use clang 3.9.1 to compile.

jonsneyers commented 7 years ago

I can't reproduce it with gcc or clang 3.8. I wonder how you're getting a null pointer there...

matthiaskrgr commented 7 years ago

edit: crash also happens when building with gcc 6.3.1 instead of clang 3.9.1

Hm, this is what gdb says after installing a gig of debug symbols, does this help somehow?

GNU gdb (GDB) Fedora 7.12.1-41.fc25
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./viewflif...done.
(gdb) run ../tmp-test/endless_war.flif 
Starting program: /home/matthias/vcs/github/FLIF/src/viewflif ../tmp-test/endless_war.flif
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Decoding progressively...
[New Thread 0x7fffe9a15700 (LWP 11614)]

Thread 1 "viewflif" received signal SIGSEGV, Segmentation fault.
0x00000000004016f7 in draw_image () at viewflif.c:63
63      if (SDL_QueryTexture(image_frame[frame], NULL, NULL, &ir.w, &ir.h)) { printf("Error: Could not query texture\n"); return; };
Missing separate debuginfos, use: dnf debuginfo-install dbus-libs-1.11.8-1.fc25.x86_64 expat-2.2.0-1.fc25.x86_64 libX11-1.6.4-4.fc25.x86_64 libXScrnSaver-1.2.2-10.fc24.x86_64 libXau-1.0.8-6.fc24.x86_64 libXcursor-1.1.14-6.fc24.x86_64 libXdamage-1.1.4-8.fc24.x86_64 libXext-1.3.3-4.fc24.x86_64 libXfixes-5.0.3-1.fc25.x86_64 libXi-1.7.9-1.fc25.x86_64 libXinerama-1.1.3-6.fc24.x86_64 libXrandr-1.5.1-1.fc25.x86_64 libXrender-0.9.10-1.fc25.x86_64 libXxf86vm-1.1.4-3.fc24.x86_64 libcap-2.25-2.fc25.x86_64 libdrm-2.4.75-1.fc25.x86_64 libgcrypt-1.6.6-1.fc25.x86_64 libgpg-error-1.24-1.fc25.x86_64 libpciaccess-0.13.4-3.fc24.x86_64 libselinux-2.5-13.fc25.x86_64 libtxc_dxtn-1.0.1-1.gitef072983.fc24.x86_64 libxcb-1.12-1.fc25.x86_64 libxshmfence-1.2-3.fc24.x86_64 lz4-1.7.5-1.fc25.x86_64 mesa-dri-drivers-13.0.3-5.fc25.x86_64 mesa-libGL-13.0.3-5.fc25.x86_64 mesa-libglapi-13.0.3-5.fc25.x86_64 nettle-3.3-1.fc25.x86_64 pcre-8.40-1.fc25.x86_64 systemd-libs-231-12.fc25.x86_64 xz-libs-5.2.2-2.fc24.x86_64
(gdb) bt full
#0  0x00000000004016f7 in draw_image () at viewflif.c:63
        ir = {x = 0, y = 0, w = 0, h = 0}
        wr = {x = 0, y = 0, w = 0, h = 0}
        tr = {x = 0, y = 0, w = 0, h = 0}
#1  0x0000000000401996 in do_event (e=...) at viewflif.c:101
No locals.
#2  0x000000000040256b in main (argc=2, argv=0x7fffffffde48) at viewflif.c:256
        result = 0
        decode_thread = 0x211f6b0
        e = {type = 512, common = {type = 512, timestamp = 3407}, window = {type = 512, timestamp = 3407, windowID = 2, event = 6 '\006', padding1 = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l', data1 = 796, data2 = 90}, key = {type = 512, timestamp = 3407, windowID = 2, state = 6 '\006', 
            repeat = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l', keysym = {scancode = 796, sym = 90, mod = 0, unused = 0}}, edit = {type = 512, timestamp = 3407, windowID = 2, text = "\006\344\273l\034\003\000\000Z", '\000' <repeats 11 times>, "\200\327\377\377\377\177\000\000\000\000\000", start = 0, 
            length = 789}, text = {type = 512, timestamp = 3407, windowID = 2, text = "\006\344\273l\034\003\000\000Z", '\000' <repeats 11 times>, "\200\327\377\377\377\177\000\000\000\000\000"}, motion = {type = 512, timestamp = 3407, windowID = 2, which = 1824252934, state = 796, x = 90, y = 0, xrel = 0, 
            yrel = -10368}, button = {type = 512, timestamp = 3407, windowID = 2, which = 1824252934, button = 28 '\034', state = 3 '\003', clicks = 0 '\000', padding1 = 0 '\000', x = 90, y = 0}, wheel = {type = 512, timestamp = 3407, windowID = 2, which = 1824252934, x = 796, y = 90, direction = 0}, jaxis = {
            type = 512, timestamp = 3407, which = 2, axis = 6 '\006', padding1 = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l', value = 796, padding4 = 0}, jball = {type = 512, timestamp = 3407, which = 2, ball = 6 '\006', padding1 = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l', xrel = 796, 
            yrel = 0}, jhat = {type = 512, timestamp = 3407, which = 2, hat = 6 '\006', value = 228 '\344', padding1 = 187 '\273', padding2 = 108 'l'}, jbutton = {type = 512, timestamp = 3407, which = 2, button = 6 '\006', state = 228 '\344', padding1 = 187 '\273', padding2 = 108 'l'}, jdevice = {type = 512, 
            timestamp = 3407, which = 2}, caxis = {type = 512, timestamp = 3407, which = 2, axis = 6 '\006', padding1 = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l', value = 796, padding4 = 0}, cbutton = {type = 512, timestamp = 3407, which = 2, button = 6 '\006', state = 228 '\344', 
            padding1 = 187 '\273', padding2 = 108 'l'}, cdevice = {type = 512, timestamp = 3407, which = 2}, adevice = {type = 512, timestamp = 3407, which = 2, iscapture = 6 '\006', padding1 = 228 '\344', padding2 = 187 '\273', padding3 = 108 'l'}, quit = {type = 512, timestamp = 3407}, user = {type = 512, 
            timestamp = 3407, windowID = 2, code = 1824252934, data1 = 0x5a0000031c, data2 = 0x0}, syswm = {type = 512, timestamp = 3407, msg = 0x6cbbe40600000002}, tfinger = {type = 512, timestamp = 3407, touchId = 7835106691162046466, fingerId = 386547057436, x = 0, y = 0, dx = -nan(0x7fd780), 
            dy = 4.59163468e-41, pressure = 0}, mgesture = {type = 512, timestamp = 3407, touchId = 7835106691162046466, dTheta = 1.11543358e-42, dDist = 1.26116862e-43, x = 0, y = 0, numFingers = 55168, padding = 65535}, dgesture = {type = 512, timestamp = 3407, touchId = 7835106691162046466, 
            gestureId = 386547057436, numFingers = 0, error = 0, x = -nan(0x7fd780), y = 4.59163468e-41}, drop = {type = 512, timestamp = 3407, file = 0x6cbbe40600000002 <error: Cannot access memory at address 0x6cbbe40600000002>, windowID = 796}, 
          padding = "\000\002\000\000O\r\000\000\002\000\000\000\006\344\273l\034\003\000\000Z", '\000' <repeats 11 times>, "\200\327\377\377\377\177\000\000\000\000\000\000\000\000\000\000\025\003\000\000\000\000\000"}
        current_time = 0
        begin = 3207
(gdb)
jonsneyers commented 7 years ago

Is this bug still there? @hrj has been improving viewflif recently...

matthiaskrgr commented 7 years ago

I can't reproduce anymore :) (tried normal and asan+ubsan debug build) Thanks!