Bug 1183104 - Openarena segfault on launch
Openarena segfault on launch
Status: RESOLVED INVALID
: 1183253 (view as bug list)
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: X11 Applications
Current
x86-64 openSUSE Tumbleweed
: P5 - None : Normal (vote)
: ---
Assigned To: Martin Liška
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-03-05 16:19 UTC by James Smith
Modified: 2021-09-17 09:48 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Smith 2021-03-05 16:19:51 UTC
$ openarena
ioq3+oa 1.36 linux-x86_64 Jan 25 2021
----- FS_Startup -----
Segmentation fault (core dumped)

$ zypper if openarena
Loading repository data...
Reading installed packages...


Information for package openarena:
----------------------------------
Repository     : openSUSE-20190121-0
Name           : openarena
Version        : 0.8.8-5.2
Arch           : x86_64
Vendor         : openSUSE
Installed Size : 3.0 MiB
Installed      : Yes
Status         : up-to-date
Source package : openarena-0.8.8-5.2.src
Summary        : Open Arena game engine
Description    : 
    OpenArena is an open-source content package for Quake III Arena
    licensed under the GPL, effectively creating a free stand-alone game.

Nothing from gdb (suggests installing glibc debuginfo and a number of build dependecies debuginfo)
Comment 1 Dirk Stoecker 2021-03-11 13:52:09 UTC
Matthias: Any chance to fix it? My reaction would be to delete the package.
Comment 2 Matthias Mailänder 2021-07-03 11:42:58 UTC
I agree https://build.opensuse.org/request/show/903832
Comment 3 Adam Mizerski 2021-09-08 05:55:44 UTC
I'd like to push this a bit. I found that this might be caused by LTO.

There are 2 very similar functions in the code:

void Sys_FreeFileList( char **list )
{
	int i;

	if ( !list ) {
		return;
	}

	for ( i = 0 ; list[i] ; i++ ) {
		Z_Free( list[i] );
	}

	Z_Free( list );
}


void FS_FreeFileList( char **list ) {
	int		i;

	if ( !fs_searchpaths ) {
		Com_Error( ERR_FATAL, "Filesystem call made without initialization\n" );
	}

	if ( !list ) {
		return;
	}

	for ( i = 0 ; list[i] ; i++ ) {
		Z_Free( list[i] );
	}

	Z_Free( list );
}

Segfault happens, when Sys_FreeFileList is called with null pointer. Gdb shows that FS_FreeFileList is called instead ('(gdb) disassemble Sys_FreeFileList' says 'No symbol "Sys_FreeFileList" in current context.', probably because it was deduplicated by LTO), it skips the 'if ( !list ) {return;}' part and segfaults on 'list[i]'.

Adding '-fno-lto' to CFLAGS resolves the problem.
Comment 4 Adam Mizerski 2021-09-08 06:44:15 UTC
*** Bug 1183253 has been marked as a duplicate of this bug. ***
Comment 5 Matthias Mailänder 2021-09-10 16:47:49 UTC
I don't plan on working on it. There is a battery of https://sources.debian.org/patches/openarena/0.8.8+dfsg-5/ while https://src.fedoraproject.org/rpms/openarena/blob/rawhide/f/openarena.spec oddly ships a binary package. http://openarena.ws/smfnews.php still last release on Feb 2012 so upstream is quite dead.
Comment 6 Adam Mizerski 2021-09-10 18:27:45 UTC
I think this should be assigned to someone who knows anything about LTO. New compiler flags should not break old code (unless there's undefined behavior involved, but I doubt there is).
Comment 7 Chenzi Cao 2021-09-16 14:46:47 UTC
Hi Martin, would you please take a look at this issue? I'm really not sure whether it is right to assign it to you, please feel free to reassign whenever necessary, thanks.
Comment 8 Martin Liška 2021-09-17 09:48:37 UTC
It crashes due to:

code/qcommon/files.c:2568:2: runtime error: null pointer passed as argument 1, which is declared to never be null
    #0 0x4a9d69 in FS_AddGameDirectory code/qcommon/files.c:2568
    #1 0x4aa2f7 in FS_Startup code/qcommon/files.c:2871
    #2 0x4ae40a in FS_InitFilesystem code/qcommon/files.c:3312
    #3 0x49af7a in Com_Init code/qcommon/common.c:2635
    #4 0x7298d8 in main code/sys/sys_main.c:583
    #5 0x7ffff71a5b34 in __libc_start_main ../csu/libc-start.c:332
    #6 0x40712d in _start (/home/marxin/BIG/osc/games/openarena/openarena-engine-source-0.8.8/build/release-linux-x86_64/openarena.x86_64+0x40712d)

one can see it when building the project with -fsanitize=undefined. When qsort is called, the compiler assumes the argument is non-null, that's why the 'if (!list) return;' is optimized out.