search

patriciogonzalezvivo / glslViewer

Console-based GLSL Sandbox for 2D/3D shaders
BSD 3-Clause "New" or "Revised" License
4.57k stars 352 forks source link

[bug] Segmentation fault within the `ncurses` console because of a race condition #350

Open lowlevl opened 9 months ago

lowlevl commented 9 months ago

Hi,

I'm trying to package glslviewer for Alpine Linux, and while testing the application, I noticed that when compiled with ncurses, rapidly typing random characters in the glslviewer console would cause a crash with a segmentation fault, here is the stack trace:

#0  memcpy () at src/string/x86_64/memcpy.s:18
#1  0x00007ffff7fb337f in sn_write (f=0x7fffffffd5e0, s=0x7fffe5d1fc70 "%", l=439211896) at src/stdio/vsnprintf.c:25
#2  0x00007ffff7fb0872 in out (l=439211896, s=0x7fffe5d1fc70 "%", f=0x7fffffffd5e0) at src/stdio/vfprintf.c:135
#3  printf_core (f=f@entry=0x7fffffffd5e0, fmt=fmt@entry=0x7fffe5d1fc70 "%", ap=ap@entry=0x7fffffffd448, nl_arg=nl_arg@entry=0x7fffffffd4e0,
    nl_type=nl_type@entry=0x7fffffffd460) at src/stdio/vfprintf.c:639
#4  0x00007ffff7fb0a0b in vfprintf (f=f@entry=0x7fffffffd5e0, fmt=0x7fffe5d1fc70 "%", ap=<optimized out>) at src/stdio/vfprintf.c:688
#5  0x00007ffff7fb3479 in vsnprintf (s=<optimized out>, n=n@entry=2147483647, fmt=<optimized out>, ap=ap@entry=0x7fffffffd6e8) at src/stdio/vsnprintf.c:54
#6  0x00007ffff7fb3491 in vsprintf (s=<optimized out>, fmt=<optimized out>, ap=ap@entry=0x7fffffffd6e8) at src/stdio/vsprintf.c:6
#7  0x00007ffff7fae416 in sprintf (s=<optimized out>, fmt=<optimized out>) at src/stdio/sprintf.c:9
#8  0x00007ffff7f2d506 in ?? () from /usr/lib/libncursesw.so.6
#9  0x00007ffff7f2f07e in _nc_tiparm () from /usr/lib/libncursesw.so.6
#10 0x00007ffff7f12c4b in ?? () from /usr/lib/libncursesw.so.6
#11 0x00007ffff7f13bba in _nc_do_color_sp () from /usr/lib/libncursesw.so.6
#12 0x00007ffff7f25cae in vid_puts_sp () from /usr/lib/libncursesw.so.6
#13 0x00007ffff7f1ff7e in ?? () from /usr/lib/libncursesw.so.6
#14 0x00007ffff7f20333 in ?? () from /usr/lib/libncursesw.so.6
#15 0x00007ffff7f2090c in ?? () from /usr/lib/libncursesw.so.6
#16 0x00007ffff7f2181a in ?? () from /usr/lib/libncursesw.so.6
#17 0x00007ffff7f21e93 in ?? () from /usr/lib/libncursesw.so.6
#18 0x00007ffff7f235ea in doupdate_sp () from /usr/lib/libncursesw.so.6
#19 0x00007ffff7f1b0fa in wrefresh () from /usr/lib/libncursesw.so.6
#20 0x0000555555608da3 in console_uniforms_refresh() ()
#21 0x00005555555db3f6 in loop() ()
#22 0x00005555555d77b9 in main ()

while diving a bit into the code, I noticed two things:

This race condition cause segmentation faults when passing the window to the wrefresh method of ncurses.

I also confirmed this does not happen when passing the --noncurses flag or disabling ncurses at the compilation step.

lowlevl commented 9 months ago

This might be a duplicate or related to #323.