[1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch
Posted: Tue Nov 29, 2022 5:13 pm
This is tracked upstream at https://github.com/libsdl-org/SDL/issues/5889 and should be fixed with SDL2 version 2.24.0. Can you please update the bundled version to at least version 2.24.0? Thanks in advance
In the meantime if others are affected, this can be patched out by replacing the call to the X11_XIUngrabTouchBegin function at address 0x0196a53a with NOPs. For example like this:
Traceback of the segfault:
In the meantime if others are affected, this can be patched out by replacing the call to the X11_XIUngrabTouchBegin function at address 0x0196a53a with NOPs. For example like this:
Code: Select all
printf '\x90\x90\x90\x90\x90\x90' | dd of=factorio obs=1 seek=22459706 conv=notrunc
Code: Select all
#0 0x0000000000000000 in ?? ()
#1 0x000000000196a540 in X11_Xinput2UngrabTouch () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11xinput2.c:385
#2 X11_SetWindowMouseGrab(SDL_VideoDevice *, SDL_Window *, enum {...}) (_this=0x28d58e0, window=0x0, grabbed=(unknown: 0x4a00008)) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11window.c:1807
#3 0x000000000192fe27 in SDL_UpdateWindowGrab (window=0x28f57e0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/SDL_video.c:2818
#4 0x0000000001972867 in X11_PumpEvents (_this=0x28ffea0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11events.c:1700
#5 0x00000000019307ba in SDL_PumpEventsInternal () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:847
#6 0x0000000000cbf792 in SDL_WaitEventTimeout () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:1024
#7 SDL_PollEvent () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:886
#8 WindowHandler::pollEvent (this=0x2a45790, queue=..., flushAllEvents=8) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:867
#9 0x0000000000cbbe26 in SDLWindow::pollEventInternal () at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:52
#10 SDLWindow::pollEvent (this=0x290b9f0, nextEvent=...) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:57
#11 0x0000000000c9fa7c in GlobalContext::nextEvent () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:274
#12 LoadingSplashScreen::processWindowEvents (this=0x2a0f000) at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:293
#13 0x0000000000cb971b in LoadingSplashScreen::LoadingSplashScreen () at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:47
#14 0x0000000001ca7330 in GlobalContext::init(bool, bool, bool, std::optional<WindowPositionData>) [clone .constprop.0] [clone .isra.0] () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:472
#15 0x00000000008700dc in MainLoop::run(Filesystem::Path const&, Filesystem::Path const&, bool, bool, std::function<void ()>, Filesystem::Path const&, MainLoop::HeavyMode) (execPath=..., configPath=..., rotateLogs=8, headlessMode=true,
afterInit=..., saveAs=..., heavyMode=(unknown: 0x2a45640)) at /tmp/factorio-build-kHZ9nZ/src/MainLoop.cpp:272
#16 0x00000000006c5653 in main (argc=42817760, argv=0x0) at /tmp/factorio-build-kHZ9nZ/src/Main.cpp:1151