WashingtonDC crashes due to SIGSEGV in glfwTerminate after closing the window

[snickerbockers]

I consistently see WashingtonDC crash with the following segfault on my laptop (and only on my laptop, it's fine on my desktop):

(gdb) run -b dc_bios.bin -f dc_flash.bin 
Starting program: /home/jay/programs/washingtondc/debug/washingtondc -b dc_bios.bin -f dc_flash.bin
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
GFX: rendering graphics from within the main emulation thread
[New Thread 0x7fffcc62c700 (LWP 11240)]
dreamcast_kill called - WashingtonDC will exit soon
Total elapsed time: 1 seconds and 142743930 nanoseconds
40014577 SH4 CPU cycles executed
Performance is 35.016223 MHz (17.508111%)
program execution ended normally
io thread finished
killing the window...
[Thread 0x7fffcc62c700 (LWP 11240) exited]

Thread 1 "washingtondc" received signal SIGSEGV, Segmentation fault.
0x00007ffff5efb4f4 in free () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff5efb4f4 in free () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00005555555b426f in _glfwFreeMonitor (monitor=0x555558638360) at /home/jay/programs/washingtondc/external/glfw/src/monitor.c:194
#2  0x00005555555b4377 in _glfwFreeMonitors (monitors=0x555558630930, count=1)
    at /home/jay/programs/washingtondc/external/glfw/src/monitor.c:220
#3  0x00005555555b238f in glfwTerminate () at /home/jay/programs/washingtondc/external/glfw/src/init.c:168
#4  0x000055555557a0f7 in win_cleanup () at /home/jay/programs/washingtondc/src/glfw/window.c:67
#5  0x0000555555578b13 in main (argc=0, argv=0x7fffffffe110) at /home/jay/programs/washingtondc/src/main.c:266
(gdb) 

This crash happens after I alt+f4 WashingtonDC. There do not appear to be any problems while the emulator is running. Additionally, I have verified that the bug is reproducible on both the JIT and the interpreter.

The bug is reliably reproducible regardless of how long WashingtonDC has been running, so it should be possible to narrow down the scope by removing the main loop (so that it starts up and immediately closes) to see if it's being caused by the core emulation code, or the window/input code.

This seems to have been introduced by d1cc46ab3e2fca3fcfd20866065c865313a9ccb4, but since this is a volatile bug that commit may or may not actually be the root-cause. This is a commit which migrated WashingtonDC from using whatever version of glfw happens to be on the user's machine at build-time to downloading a specific version of glfw (via git submodule) and using that.

[snickerbockers]

Even with the following patch applied, it still segfaults. Therefore, it's not the core emulation code that's causing this.

diff --git a/src/main.c b/src/main.c
index 3cec069..bfec5c2 100644
--- a/src/main.c
+++ b/src/main.c
@@ -258,7 +258,7 @@ int main(int argc, char **argv) {
     config_set_enable_cmd_tcp(enable_cmd_tcp);
     config_set_ser_srv_enable(enable_serial);

-    dreamcast_run();
+    /* dreamcast_run(); */

     gfx_cleanup();

[snickerbockers]

I am still able to reproduce the crash with the following minimalistic program. Ergo, the root-cause of this bug is not in WashingtonDC.

#include <err.h>
#include <stdio.h>

#include <GLFW/glfw3.h>

static unsigned const res_x = 800, res_y = 600;
static GLFWwindow *win;

int main(int argc, char **argv) {
    printf("hello, glfwtest!\n");

    if (!glfwInit())
        err(1, "unable to initialize glfw");

    win = glfwCreateWindow(res_x, res_y, "glfwtest", NULL, NULL);

    glfwTerminate();

    return 0;
}

The crash happens with glfw@999f3556fdd80983b10051746264489f2cb1ef16 (which is the 3.2.1 tag) but not with glfw@f4cd470bcbca37b53355acf6deb172f33ccef675 (which is the current HEAD of master).

Therefore, I believe there is a bug in glfw but that bug has already been fixed so all I need to do is upgrade to a more recent version.

[snickerbockers]

Fixed by bda50e98f69828ead0b9d1676d9afebb07ceca70.