[1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

This subforum contains all the issues which we already resolved.
Post Reply
Fwiffo
Burner Inserter
Burner Inserter
Posts: 7
Joined: Thu Dec 31, 2020 5:17 pm
Contact:

[1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Post by Fwiffo »

This is tracked upstream at https://github.com/libsdl-org/SDL/issues/5889 and should be fixed with SDL2 version 2.24.0. Can you please update the bundled version to at least version 2.24.0? Thanks in advance :-)

In the meantime if others are affected, this can be patched out by replacing the call to the X11_XIUngrabTouchBegin function at address 0x0196a53a with NOPs. For example like this:

Code: Select all

printf '\x90\x90\x90\x90\x90\x90' | dd of=factorio obs=1 seek=22459706 conv=notrunc
Traceback of the segfault:

Code: Select all

#0  0x0000000000000000 in ?? ()
#1  0x000000000196a540 in X11_Xinput2UngrabTouch () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11xinput2.c:385
#2  X11_SetWindowMouseGrab(SDL_VideoDevice *, SDL_Window *, enum {...}) (_this=0x28d58e0, window=0x0, grabbed=(unknown: 0x4a00008)) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11window.c:1807
#3  0x000000000192fe27 in SDL_UpdateWindowGrab (window=0x28f57e0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/SDL_video.c:2818
#4  0x0000000001972867 in X11_PumpEvents (_this=0x28ffea0) at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/video/x11/SDL_x11events.c:1700
#5  0x00000000019307ba in SDL_PumpEventsInternal () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:847
#6  0x0000000000cbf792 in SDL_WaitEventTimeout () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:1024
#7  SDL_PollEvent () at /tmp/factorio-build-kHZ9nZ/libraries/SDL2/src/events/SDL_events.c:886
#8  WindowHandler::pollEvent (this=0x2a45790, queue=..., flushAllEvents=8) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:867
#9  0x0000000000cbbe26 in SDLWindow::pollEventInternal () at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:52
#10 SDLWindow::pollEvent (this=0x290b9f0, nextEvent=...) at /tmp/factorio-build-kHZ9nZ/src/Graphics/SDLWindow.cpp:57
#11 0x0000000000c9fa7c in GlobalContext::nextEvent () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:274
#12 LoadingSplashScreen::processWindowEvents (this=0x2a0f000) at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:293
#13 0x0000000000cb971b in LoadingSplashScreen::LoadingSplashScreen () at /tmp/factorio-build-kHZ9nZ/src/Graphics/LoadingSplashScreen.cpp:47
#14 0x0000000001ca7330 in GlobalContext::init(bool, bool, bool, std::optional<WindowPositionData>) [clone .constprop.0] [clone .isra.0] () at /tmp/factorio-build-kHZ9nZ/src/GlobalContext.cpp:472
#15 0x00000000008700dc in MainLoop::run(Filesystem::Path const&, Filesystem::Path const&, bool, bool, std::function<void ()>, Filesystem::Path const&, MainLoop::HeavyMode) (execPath=..., configPath=..., rotateLogs=8, headlessMode=true, 
    afterInit=..., saveAs=..., heavyMode=(unknown: 0x2a45640)) at /tmp/factorio-build-kHZ9nZ/src/MainLoop.cpp:272
#16 0x00000000006c5653 in main (argc=42817760, argv=0x0) at /tmp/factorio-build-kHZ9nZ/src/Main.cpp:1151
Last edited by Fwiffo on Wed Dec 07, 2022 3:19 am, edited 1 time in total.

Donion
Factorio Staff
Factorio Staff
Posts: 163
Joined: Sun Aug 22, 2021 9:18 am
Contact:

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Post by Donion »

Recently I was working on updating to SDL 2.24.0(1) but a different issue made me reconsider, so currently the 2.0.22 is used.
I'm looking at the recently released 2.26.0, if there are no issues I'd like to update to that soon.

Fwiffo
Burner Inserter
Burner Inserter
Posts: 7
Joined: Thu Dec 31, 2020 5:17 pm
Contact:

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Post by Fwiffo »

Since the issue still exists in version 1.1.76, here is a quick way to find the address to patch:

Code: Select all

objdump -d factorio | sed -n -e '/call.*X11_XIUngrabTouchBegin/s/^ *\([^:]\+\).*/\1/p'

Donion
Factorio Staff
Factorio Staff
Posts: 163
Joined: Sun Aug 22, 2021 9:18 am
Contact:

Re: [1.1.72] Null pointer deref with bundled SDL at X11_Xinput2UngrabTouch

Post by Donion »

The issue should be fixed for the next release.
All credit goes to Fwiffo. Thank you for the report and provided workaround and context!

Post Reply

Return to “Resolved Problems and Bugs”