search

libretro / RetroArch

Cross-platform, sophisticated frontend for the libretro API. Licensed GPLv3.
http://www.libretro.com
GNU General Public License v3.0
10.3k stars 1.84k forks source link

Cheevos Leaderboards Segfault Crash #5681

Closed RobLoach closed 6 years ago

RobLoach commented 6 years ago

Description

Getting a segment fault when using Cheevos, and running a game. https://hastebin.com/xonohanizu.pas

==20303==ERROR: AddressSanitizer: attempting double-free on 0x6110004e1dc0 in thread T3:
    #0 0x7fca4d2a82ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
    #1 0x9cd836 in cheevos_parse_mem cheevos/cheevos.c:1075
    #2 0x9cefad in cheevos_new_lboard cheevos/cheevos.c:1221
    #3 0x9d00be in cheevos_read__json_end_object cheevos/cheevos.c:1351
    #4 0x953b8c in jsonx_parse_object libretro-common/formats/json/jsonsax.c:136
    #5 0x955c73 in jsonx_parse_value libretro-common/formats/json/jsonsax.c:259
    #6 0x953f67 in jsonx_parse_array libretro-common/formats/json/jsonsax.c:150
    #7 0x955c81 in jsonx_parse_value libretro-common/formats/json/jsonsax.c:262
    #8 0x95371a in jsonx_parse_object libretro-common/formats/json/jsonsax.c:122
    #9 0x955c73 in jsonx_parse_value libretro-common/formats/json/jsonsax.c:259
    #10 0x95371a in jsonx_parse_object libretro-common/formats/json/jsonsax.c:122
    #11 0x955c73 in jsonx_parse_value libretro-common/formats/json/jsonsax.c:259
    #12 0x955ea8 in jsonsax_parse libretro-common/formats/json/jsonsax.c:307
    #13 0x9d0426 in cheevos_parse cheevos/cheevos.c:1426
    #14 0x9d9e58 in cheevos_iterate cheevos/cheevos.c:2758
    #15 0x9e40de in cheevos_task_handler cheevos/cheevos.c:3361
    #16 0x442da8 in threaded_worker libretro-common/queues/task_queue.c:459
    #17 0x77ebfb in thread_wrap libretro-common/rthreads/rthreads.c:142
    #18 0x7fca4c0316b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
    #19 0x7fca47b903dc in clone (/lib/x86_64-linux-gnu/libc.so.6+0x1073dc)

Expected behavior

Cheevos should not segfault.

Actual behavior

When running Super Mario Kart, the game loads, Cheevos says it's enabled, and then it crashes.

Steps to reproduce the bug

  1. Enable Achievements
  2. Run Super Mario Kart
  3. See it break

Bisect Results

RetroArch Leaderboards merge bc969d0bf70b6f643ff59f6cca39eb2584e9a10e

Version/Commit

Environment information

ghost commented 6 years ago

leaderboard-related issue, this was the same as radius found out a few months ago.

On Thu, Nov 16, 2017 at 10:55 AM, Rob Loach notifications@github.com wrote:

Description

Getting a segment fault when using Cheevos, and running a game. https://hastebin.com/xonohanizu.pas Expected behavior

Cheevos should not segfault. Actual behavior

When running Super Mario Kart, the game loads, Cheevos says it's enabled, and then it crashes. Steps to reproduce the bug

  1. Enable Achievements
  2. Run Super Mario Kart
  3. See it break

Bisect Results

I can find this, will take a bit of time. Version/Commit

Environment information

  • OS: Linux
  • Compiler: gcc

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/libretro/RetroArch/issues/5681, or mute the thread https://github.com/notifications/unsubscribe-auth/AWPDtvBYfWk8f4FzDP2vp6lc40Fa4Y3Cks5s26QbgaJpZM4Qf46- .

celerizer commented 6 years ago

The leaderboard syntax for this game uses a control I didn't know about; it reparses the value to submit as a binary-coded decimal.

I can add this as soon as I'm at my comp.

inactive123 commented 6 years ago

See if this fixes the issue -

https://github.com/libretro/RetroArch/commit/56a3bc10e3e3b849842f9ed1f8c71271984744a1

RobLoach commented 6 years ago

Still getting the double free fault: https://hastebin.com/onutayabeg.pas

[INFO] [CHEEVOS]: got achievements for game id 232.
=================================================================
==1322==ERROR: AddressSanitizer: attempting double-free on 0x611000149140 in thread T3:
    #0 0x7fd43d22e2ca in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x982ca)
    #1 0x9bb267 in cheevos_parse_mem cheevos/cheevos.c:1082
    #2 0x9bca9e in cheevos_new_lboard cheevos/cheevos.c:1232
    #3 0x9bdc0f in cheevos_read__json_end_object cheevos/cheevos.c:1364
    #4 0x941473 in jsonx_parse_object libretro-common/formats/json/jsonsax.c:136
error:
   cheevos_free_condition(&lb->start);
   cheevos_free_condition(&lb->cancel);
   cheevos_free_condition(&lb->submit);
   if ((void*)lb->value.terms)
      free((void*)lb->value.terms);
   return -1;
RobLoach commented 6 years ago

With 5723 and #5708, this should be fixed. Feel free to re-open if you're running into it.