segfault in decode_ascii() from D878UVCodeplug::scanlist_t::getName

[petrus-lt]

I just installed qdmr 0.5.3 from ppa on LinuxMint 20.1. It launches, and when I try to read my Anytone D878 (1.18), it crashes with the following backtrace:

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f2add49bc21 in decode_ascii(unsigned char const*, unsigned long, unsigned short) () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
[Current thread is 1 (Thread 0x7f2ad933c780 (LWP 6254))]
(gdb) bt
#0  0x00007f2add49bc21 in decode_ascii(unsigned char const*, unsigned long, unsigned short) () at /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#1  0x00007f2add50ebad in D878UVCodeplug::scanlist_t::getName() const () at /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#2  0x00007f2add50ec1a in D878UVCodeplug::scanlist_t::toScanListObj() () at /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#3  0x00007f2add512aa1 in D878UVCodeplug::decode(Config*) () at /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#4  0x0000563748c3f202 in Application::onCodeplugDownloaded(Radio*, CodePlug*) ()
#5  0x0000563748c679de in  ()
#6  0x00007f2adc2eed5a in QObject::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#7  0x00007f2adc8f95c6 in QGuiApplication::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Gui.so.5
#8  0x00007f2adcf344a4 in QApplication::event(QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#9  0x00007f2adcf2ca66 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#10 0x00007f2adcf360f0 in QApplication::notify(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
#11 0x00007f2adc2c293a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#12 0x00007f2adc2c55b8 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#13 0x00007f2adc31af67 in  () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#14 0x00007f2adb262f9d in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x00007f2adb263220 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#16 0x00007f2adb2632c3 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0
#17 0x00007f2adc31a565 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#18 0x00007f2adc2c14db in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#19 0x00007f2adc2c9246 in QCoreApplication::exec() () at /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
#20 0x0000563748c3e23e in main ()

I had this happened each time I tried to read the radio memory, but I can't really reproduce it anymore as I get another segfault now (serial related - happens much earlier - I'll open another issue).

If that helps, here is a screenshot of my scanlists names:

I'd be happy to help troubleshooting on this issue, having a linux software to program the D878 would be great :)

[petrus-lt]

So, the other crash I had was somehow related to X11 forwarding (qt5 errors), so here is the terminal output from qdmr when running on the host computer, not sure if it's that useful. The backtrace is identical.

$ qdmr
qt5ct: using qt5ct plugin
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/repeaterdatabase.cc@96: Loaded repeater database with 3887 entries from /home/petrus/.local/share/DM3MAT/qdmr/repeater.json.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/userdatabase.cc@123: Loaded user database with 190309 entries from /home/petrus/.local/share/DM3MAT/qdmr/user.json.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/src/application.cc@65: Last known position:
qt5ct: D-Bus global menu: no
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/dfu_libusb.cc@39: Try to detect USB DFU interface 483:df11.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/hid_libusb.cc@11: Try to detect USB HID interface 15a2:73.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@8: Try to detect USB serial interface 1fc9:94.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@8: Try to detect USB serial interface 28e9:18a.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@16: Found serial port 28e9:18a: ttyACM0 'GD32 Virtual ComPort in FS Mode'.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@37: Openend serial port ttyACM0 with 9600baud.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@270: Anytone: In program-mode now.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@115: Found radio 'D878UV', version 'V100'.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@323: Anytone: Left program-mode.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@72: Serial port will close now.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/radio.cc@296: Found Radio: D878UV
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@8: Try to detect USB serial interface 28e9:18a.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@16: Found serial port 28e9:18a: ttyACM0 'GD32 Virtual ComPort in FS Mode'.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@37: Openend serial port ttyACM0 with 9600baud.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@270: Anytone: In program-mode now.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@115: Found radio 'D878UV', version 'V100'.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@163: Download of 10 bitmaps.
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 0 24c1500:200
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 1 24c1300:20
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 2 2640000:500
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
ERROR in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@67: Serial port error: (8) Unknown error.
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
ERROR in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@67: Serial port error: (8) Unknown error.
ERROR in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@67: Serial port error: (9) Ressource temporairement non disponible.
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 3 2900100:80
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 4 25c0b10:20
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 5 24c1340:20
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 6 24c1320:20
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 7 1640800:90
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 8 25c0b00:10
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@169: Download of block 9 2480210:20
...
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1231 10c0400:c0
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1232 10c0600:c0
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1233 10c0800:c0
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1234 10c0a00:c0
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1235 10c0c00:c0
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1236 2580000:20
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1237 2500000:630
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/d878uv.cc@209: Download of block 1238 2501040:60
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/anytone_interface.cc@323: Anytone: Left program-mode.
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
QSocketNotifier: Socket notifiers cannot be enabled or disabled from another thread
Debug in /build/qdmr-AJdTRo/qdmr-0.5.3/lib/usbserial.cc@72: Serial port will close now.
Erreur de segmentation (core dumped)

[hmatuschek]

Concerning the first crash: The d878uv support is not very good in the master branch jet. I have a seprarate branch called "d878uv" where I work on this device. This branch is much further (APRS support etc) and also fixed some bugs with the code-plug. However, I cannon simply merge this branch back into master, as the roaming implementation will break the file-format. That is, I want to complete the d878uv implementation and merge it once into master. This will still break the file-format but this time only once.

Put long words short: Try to compile qdmr from the "d878uv" branch. You used gdb, so I know you know how to compile things :-)

[petrus-lt]

Thanks for your answer @hmatuschek. I just compiled branch d878uv, it compiles & runs but crashes with the same backtrace unfortunately when I try to read from radio, in decode_ascii() invoked from D878UVCodeplug::scanlist_t::getName().

[hmatuschek]

Ok, I have an idea what it could be.

Although I handle it explicitly, there might be an issue with missing entries/deleted entries. If your code-plug does not contain any sensitive data, can you download it in binary format using the command line tool

dmrconf read codeplug.dfu

and attach it to the comments here? This allows me to reproduce the issue and test any possible solution. You may also try to decode the binary one using the command line with

dmrconf decode --radio=d878uv codeplug.dfu

This call should also crash.

[petrus-lt]

Downloading the codeplug went well, you'll find it attached. And indeed trying to parse/decode the file also coredumps at the same function:

$ dmrconf decode --radio=d878uv codeplug.dfu
Erreur de segmentation (core dumped)

Core was generated by `dmrconf decode --radio=d878uv codeplug.dfu'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007eff98ce7c21 in decode_ascii(unsigned char const*, unsigned long, unsigned short) () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
(gdb) bt
[codeplug-20210312.dfu.gz](https://github.com/hmatuschek/qdmr/files/6129665/codeplug-20210312.dfu.gz)

#0  0x00007eff98ce7c21 in decode_ascii(unsigned char const*, unsigned long, unsigned short) () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#1  0x00007eff98d5abad in D878UVCodeplug::scanlist_t::getName() const () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#2  0x00007eff98d5ac1a in D878UVCodeplug::scanlist_t::toScanListObj() () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#3  0x00007eff98d5eaa1 in D878UVCodeplug::decode(Config*) () from /usr/lib/x86_64-linux-gnu/libdmrconf.so.0.5
#4  0x000055b73479bde9 in decodeCodeplug(QCommandLineParser&, QCoreApplication&) ()
#5  0x000055b73479402c in main ()

[hmatuschek]

Ok, I found this issue: I had a tiny typo in the code that checks whether a scan list is enabled (see commit b4dd4af717a1caad191f2304568dee05232315e9, tiny mistake huge consequence). However, there is still another issue that causes a crash concerning the APRS settings (still very beta). I am on it.

[hmatuschek]

Just forgot to download the APRS settings from the device. Disabled APRS settings for now to allow you to test it (commit b97a6d4ce196db102c4e3c1b14b9e9c9aa571073). I can now decode your code-plug. Hence you should too.

[petrus-lt]

Vielen dank Hannes, this works great!

dmrconf is able to read the previously imported codeplug, and importing from qdmr also works fine.

One thing that could be noted in the readme/manual, at least for the Anytone AT-D878UV, would be to be careful with radio volume when importing the codeplug, I've had several serial timeouts that were related to volume beeing to loud.