Page 1 of 1

[1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Posted: Tue Nov 29, 2022 5:13 pm
by Fwiffo
This is tracked upstream at https://github.com/libsdl-org/SDL/issues/5889 and should be fixed with SDL2 version 2.24.0. Can you please update the bundled version to at least version 2.24.0? Thanks in advance :-)

In the meantime if others are affected, this can be patched out by replacing the call to the X11_XIUngrabTouchBegin function at address 0x0196a53a with NOPs. For example like this:

Code: Select all

printf '\x90\x90\x90\x90\x90\x90' | dd of=factorio obs=1 seek=22459706 conv=notrunc
Traceback of the segfault:

Code: Select all

#0  0x0000000000000000 in ?? ()
#1  0x000000000196a540 in X11_Xinput2UngrabTouch () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11xinput2.c:385
#2  X11_SetWindowMouseGrab(SDL_VideoDevice *, SDL_Window *, enum {...}) (_this=0x28d58e0, window=0x0, grabbed=(unknown: 0x4a00008)) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11window.c:1807
#3  0x000000000192fe27 in SDL_UpdateWindowGrab (window=0x28f57e0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/SDL_video.c:2818
#4  0x0000000001972867 in X11_PumpEvents (_this=0x28ffea0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11events.c:1700
#5  0x00000000019307ba in SDL_PumpEventsInternal () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:847
#6  0x0000000000cbf792 in SDL_WaitEventTimeout () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:1024
#7  SDL_PollEvent () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:886
#8  WindowHandler::pollEvent (this=0x2a45790, queue=..., flushAllEvents=8) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:867
#9  0x0000000000cbbe26 in SDLWindow::pollEventInternal () at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:52
#10 SDLWindow::pollEvent (this=0x290b9f0, nextEvent=...) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:57
#11 0x0000000000c9fa7c in GlobalContext::nextEvent () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:274
#12 LoadingSplashScreen::processWindowEvents (this=0x2a0f000) at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:293
#13 0x0000000000cb971b in LoadingSplashScreen::LoadingSplashScreen () at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:47
#14 0x0000000001ca7330 in GlobalContext::init(bool, bool, bool, std::optional<WindowPositionData>) [clone .constprop.0] [clone .isra.0] () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:472
#15 0x00000000008700dc in MainLoop::run(Filesystem::Path const&, Filesystem::Path const&, bool, bool, std::function<void ()>, Filesystem::Path const&, MainLoop::HeavyMode) (execPath=..., configPath=..., rotateLogs=8, headlessMode=true, 
    afterInit=..., saveAs=..., heavyMode=(unknown: 0x2a45640)) at /tmp/factorio-build-kHZ9nZ/src/MainLoop.cpp:272
#16 0x00000000006c5653 in main (argc=42817760, argv=0x0) at /tmp/factorio-build-kHZ9nZ/src/Main.cpp:1151

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Posted: Tue Nov 29, 2022 5:40 pm
by Donion
Recently I was working on updating to SDL 2.24.0(1) but a different issue made me reconsider, so currently the 2.0.22 is used.
I'm looking at the recently released 2.26.0, if there are no issues I'd like to update to that soon.

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Posted: Wed Feb 01, 2023 6:34 pm
by Fwiffo
Since the issue still exists in version 1.1.76, here is a quick way to find the address to patch:

Code: Select all

objdump -d factorio | sed -n -e '/call.*X11_XIUngrabTouchBegin/s/^ *\([^:]\+\).*/\1/p'

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Posted: Fri Feb 17, 2023 1:04 pm
by Donion
The issue should be fixed for the next release.
All credit goes to Fwiffo. Thank you for the report and provided workaround and context!