Bugzilla – Bug 1183104
Openarena segfault on launch
Last modified: 2021-09-17 09:48:37 UTC
$ openarena ioq3+oa 1.36 linux-x86_64 Jan 25 2021 ----- FS_Startup ----- Segmentation fault (core dumped) $ zypper if openarena Loading repository data... Reading installed packages... Information for package openarena: ---------------------------------- Repository : openSUSE-20190121-0 Name : openarena Version : 0.8.8-5.2 Arch : x86_64 Vendor : openSUSE Installed Size : 3.0 MiB Installed : Yes Status : up-to-date Source package : openarena-0.8.8-5.2.src Summary : Open Arena game engine Description : OpenArena is an open-source content package for Quake III Arena licensed under the GPL, effectively creating a free stand-alone game. Nothing from gdb (suggests installing glibc debuginfo and a number of build dependecies debuginfo)
Matthias: Any chance to fix it? My reaction would be to delete the package.
I agree https://build.opensuse.org/request/show/903832
I'd like to push this a bit. I found that this might be caused by LTO. There are 2 very similar functions in the code: void Sys_FreeFileList( char **list ) { int i; if ( !list ) { return; } for ( i = 0 ; list[i] ; i++ ) { Z_Free( list[i] ); } Z_Free( list ); } void FS_FreeFileList( char **list ) { int i; if ( !fs_searchpaths ) { Com_Error( ERR_FATAL, "Filesystem call made without initialization\n" ); } if ( !list ) { return; } for ( i = 0 ; list[i] ; i++ ) { Z_Free( list[i] ); } Z_Free( list ); } Segfault happens, when Sys_FreeFileList is called with null pointer. Gdb shows that FS_FreeFileList is called instead ('(gdb) disassemble Sys_FreeFileList' says 'No symbol "Sys_FreeFileList" in current context.', probably because it was deduplicated by LTO), it skips the 'if ( !list ) {return;}' part and segfaults on 'list[i]'. Adding '-fno-lto' to CFLAGS resolves the problem.
*** Bug 1183253 has been marked as a duplicate of this bug. ***
I don't plan on working on it. There is a battery of https://sources.debian.org/patches/openarena/0.8.8+dfsg-5/ while https://src.fedoraproject.org/rpms/openarena/blob/rawhide/f/openarena.spec oddly ships a binary package. http://openarena.ws/smfnews.php still last release on Feb 2012 so upstream is quite dead.
I think this should be assigned to someone who knows anything about LTO. New compiler flags should not break old code (unless there's undefined behavior involved, but I doubt there is).
Hi Martin, would you please take a look at this issue? I'm really not sure whether it is right to assign it to you, please feel free to reassign whenever necessary, thanks.
It crashes due to: code/qcommon/files.c:2568:2: runtime error: null pointer passed as argument 1, which is declared to never be null #0 0x4a9d69 in FS_AddGameDirectory code/qcommon/files.c:2568 #1 0x4aa2f7 in FS_Startup code/qcommon/files.c:2871 #2 0x4ae40a in FS_InitFilesystem code/qcommon/files.c:3312 #3 0x49af7a in Com_Init code/qcommon/common.c:2635 #4 0x7298d8 in main code/sys/sys_main.c:583 #5 0x7ffff71a5b34 in __libc_start_main ../csu/libc-start.c:332 #6 0x40712d in _start (/home/marxin/BIG/osc/games/openarena/openarena-engine-source-0.8.8/build/release-linux-x86_64/openarena.x86_64+0x40712d) one can see it when building the project with -fsanitize=undefined. When qsort is called, the compiler assumes the argument is non-null, that's why the 'if (!list) return;' is optimized out.