search

SteamGridDB / SGDBoop

A program used for applying custom artwork to Steam, using SteamGridDB. Supports both Windows and Linux, written completely in C.
https://www.steamgriddb.com/boop
zlib License
269 stars 10 forks source link

SEGFault in `appBlockEndPtr = strstr(tagsPtr, "\x08")` #63

Closed leegao closed 1 year ago

leegao commented 1 year ago

Environment: Steam Deck (archlinux), SGDBoop is from the website as of 9/2/23

Trigger: xdg-open sgdb://boop/steam,steam,steam,steam,steam/298110-header-en,298110-capsule-en,298110-hero-en,298110-logo-en,298110-clienticon-en/nonsteam

I got a segfault, looking at coredumpctl and rewinding the crash in gdb, I see the segfault happening here:

   0x000055a4e357a121 <+942>:   call   0x55a4e357be4c <strstr_i>
   0x000055a4e357a126 <+947>:   mov    %rax,-0x268(%rbp)
   0x000055a4e357a12d <+954>:   mov    -0x268(%rbp),%rax
   0x000055a4e357a134 <+961>:   lea    0x3158(%rip),%rdx        # 0x55a4e357d293
   0x000055a4e357a13b <+968>:   mov    %rdx,%rsi
   0x000055a4e357a13e <+971>:   mov    %rax,%rdi
   0x000055a4e357a141 <+974>:   call   0x55a4e3577500 <strstr@plt>
   0x000055a4e357a146 <+979>:   mov    %rax,-0x260(%rbp)
   0x000055a4e357a14d <+986>:   mov    -0x260(%rbp),%rax
   0x000055a4e357a154 <+993>:   mov    $0x8,%esi
   0x000055a4e357a159 <+998>:   mov    %rax,%rdi
   0x000055a4e357a15c <+1001>:  call   0x55a4e3577520 <strchr@plt>
=> 0x000055a4e357a161 <+1006>:  add    $0x1,%rax

matching this up with the source code, it looks like the segfault occurs here (note that strstr for single char strings get optimized to strchr)

            unsigned char* appidPtr = strstr_i(parsingChar, "\002appid");
            unsigned char* tagsPtr = strstr(appidPtr, "\x03tags\x03");
=>          unsigned char* appBlockEndPtr = strstr(tagsPtr, "\x08") + 1; // gcc fucks with optimization on strstr for 2 consecutive hex values. DON'T EDIT THIS.

mainly, tagsPtr returned a nullptr. I think my shortcuts.vdf is just janky.

That said, it'd be good to do a nullptr check for tagsPtr (and appidPtr) and skip this entry if this loop fails.

dumpinfo.txt

leegao commented 1 year ago

https://file.io/gaopxTIhhwlY for my shortcuts.vdf in case you want to reproduce this

https://file.io/gaopxTIhhwlY for the core file + the SGDBoop binary that you can gdb to inspect as well

doZennn commented 1 year ago

Fixed in v1.2.8. If it's still not working, please re-open the issue.

leegao commented 1 year ago

I've been on the road so haven't been able to reply to this. Thank you so much, the fix worked perfectly!