Thread: A segfault I'm unable to locate the source of

I'm struggling to identify what is causing the segfault found via the callstack show below, all the relevant functions that you might want to see the contents of are in the files below, the code below is from test/extra/main.c. Can't think of anything else to mention at the moment so I'm just hoping for either a fix or some ideas on where to look for the source of the problem.

Files of interest: test/extra/main.c src/extra/viewfx/glfw/vfxwai.c src/extra/viewfx/glfw/vfxwin.c
Files * 05e8b876ddd1f660802a003982b9ab536834ea5d * Lee Shallis / Dragonbuilder * GitLab
Function I cannot debug:
GLFW: Initialization, version and error reference

Code:

#include "main.h"

dint changeColors( APP *app ) { (void)app; return 0; }
void void_shared( APP *app )
{
	dint i;
	VoidVfxCfgsVoids( app );
	memset( app->SharedVfxCfgs, 0, sizeof(VFXCFG*) * SHARED_BUFFER_COUNT );
	VoidVfxVarsVoids( app );
	memset( app->SharedVfxVars, 0, sizeof(VFXVAR*) * SHARED_BUFFER_COUNT );
	VoidVfxBufsVoids( app );
	memset( app->SharedVfxBufs, 0, sizeof(VFXBUF*) * SHARED_BUFFER_COUNT );
	for ( i = SHARED_BUFFER_COUNT; i > 0; --i )
		VoidBuffer( app, &(app->SharedBuffers[--i]) );
}

int main( int argc, char *argv[] )
{
	APP app = {0};
	setbuf( stdout, NULL );
	if ( app.err )
	{
		PRINT_ERRNO( stdout, app.err );
		return EXIT_FAILURE;
	}

	do
	{
		achs hint = NULL;
		dint i, one, two, winX, winY, winH, winW;

		app.wai.name = "glfw";
		app.vai.name = "gl";

		one = MakeAchs( &app, &(app.wai.File), 0 );
		two = MakeAchs( &app, &(app.vai.File), 0 );

		if ( one || two )
		{
			if ( one )
				PRINT_ERRNO( stdout, one );
			if ( two )
				PRINT_ERRNO( stdout, two );
			app.err = one ? one : two;
			break;
		}

		one = InitAchs( &app, app.wai.File, "" );
		two = InitAchs( &app, app.vai.File, "" );

		if ( one || two )
		{
			if ( one )
				PRINT_ERRNO( stdout, one );
			if ( two )
				PRINT_ERRNO( stdout, two );
			app.err = one ? one : two;
			break;
		}

		for ( i = 0; i < argc; ++i )
		{
			smax wai_diff = 0, vai_diff = 0;

			if ( argv[i][0] != '-' )
				continue;

			hint = achschar( argv[i], '=' );

			if ( hint )
			{
				*((ach*)hint) = 0;
				wai_diff = achsdiff( argv[i], "--wai" );
				vai_diff = achsdiff( argv[i], "--vai" );
				*((ach*)hint) = '=';
			}
			else
			{
				hint = argv[++i];
				wai_diff = achsdiff( argv[i], "--wai" );
				vai_diff = achsdiff( argv[i], "--vai" );
			}

			if ( hint && wai_diff == 0 )
				app.wai.name = hint;

			if ( hint && vai_diff == 0 )
				app.vai.name = hint;
		}

		one = growAchsArrayf
		(
			&app, app.wai.File, "%s%s%s%s",
			DLL_PFX, "vfx", app.wai.name, EXT_PFX DLL_SFX
		);

		two = growAchsArrayf
		(
			&app, app.vai.File, "%s%s%s%s",
			DLL_PFX, "vfx", app.vai.name, EXT_PFX DLL_SFX
		);

		if ( one || two )
		{
			if ( one )
				PRINT_ERRNO( stdout, one );
			if ( two )
				PRINT_ERRNO( stdout, two );
			app.err = one ? one : two;
			break;
		}

		app.wai.file = SeekAchsArray( app.wai.File );
		app.vai.file = SeekAchsArray( app.vai.File );

		one = OpenLib( &app, &(app.wai) );
		two = OpenLib( &app, &(app.vai) );

		if ( one || two )
		{
			if ( one )
			{
				PRINT_ERROR( stdout, one );
				printf( "Failed to open VfxWai module '%s'\n", app.wai.file );
			}
			if ( two )
			{
				PRINT_ERROR( stdout, two );
				printf( "Failed to open VfxVai module '%s'\n", app.vai.file );
			}
			app.err = one ? one : two;
			break;
		}

		app.err = MakeShadersVoids( &app );

		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		if ( achsfind( app.vai.name, "gl" ) )
		{
			achs init_vfxwin_args[] =
			{
				"-l", app.vai.name,
				"--major=4",
				"--minor=3",
				"--samples=4",
				"--foreward-compatability=1",
				"--profile=core",
				NULL
			};

			app.err = InitVfxWai( &app, app.wai.hook, init_vfxwin_args );

			if ( app.err )
			{
				PRINT_ERRNO( stdout, app.err );
				break;
			}
		}

		app.err = MakeVfxWin( &app, &(app.vfxwin) );

		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = OpenVfxWin
			( &app, app.vfxwin, "Example VfxWin", 640, 480 );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = BindVfxWin( app.vfxwin );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = InitVfxVai( &app, app.vai.hook );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = MakeVfxApp( &app, &(app.vfxapp) );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = InitVfxDbg( &app, true, debugVfx, &app );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = InitVfxApp( &app, app.vfxapp, "shaders/vfxapps.ini", NULL );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = BindVfxApp( &app, app.vfxapp );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = create( &app );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			break;
		}

		app.err = SeekVfxWinSize( app.vfxwin, &winH, &winW );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			winH = 640;
			winW = 480;
		}

		app.err = SeekVfxWinPos( app.vfxwin, &winX, &winY );
		if ( app.err )
		{
			PRINT_ERRNO( stdout, app.err );
			winX = 0;
			winY = 0;
		}

		app.err = MoveVfxBox( 0, 0, winH, winW );
		if ( app.err )
			PRINT_ERRNO( stdout, app.err );

		while ( !DeadVfxWin( app.vfxwin ) )
		{
			ucap i;
			SHARED_DINTS *dints =
				SeekBufferArray( app.SharedBuffers[SHARED_BUFFER_DINTS] );
			SHARED_FNUMS *fnums =
				SeekBufferArray( app.SharedBuffers[SHARED_BUFFER_FNUMS] );
			dint vertices[] = { 3, 3, 3 };
			vec3 points[sizeof(vertices)/sizeof(dint)] =
				{ { 0.25, 0.25, 0 }, { 0.75, 0.25, 0 }, { 0.5, 0.75, 0 } };
			BindVfxWin( app.vfxwin );
			BindVfxApp( &app, app.vfxapp );
			FillVfxBox( 0.0, 0.0, 0.0, 1.0 );
			ZeroVfxBit( VFX_COLOR_BIT | VFX_DEPTH_BIT );

			if ( SeekKeyAct( app.vfxwin, VFXKEY_ANSI_ESC ) == VFXKEY_ISACTIVE )
				KillVfxWin( &app, app.vfxwin );

			app.err = SeekVfxWinSize( app.vfxwin, &winH, &winW );
			if ( app.err )
				PRINT_ERRNO( stdout, app.err );

			app.err = SeekVfxWinPos( app.vfxwin, &winX, &winY );
			if ( app.err )
				PRINT_ERRNO( stdout, app.err );

			dints->mem.WinSpace.x = winW;
			dints->mem.WinSpace.y = winH;
			dints->mem.WinPoint.x = winX;
			dints->mem.WinPoint.y = winY;

			dints->mem.VtxCount = 3;
			memcpy( fnums->mem.RegPoint.raw, points, sizeof(points) );

			for ( i = 0; i < SHARED_BUFFER_COUNT; ++i )
				SendVfxBuf( &app, app.SharedVfxCfgs[i], app.SharedVfxBufs[i] );

			DrawVfxCfg( &app, app.SharedVfxCfgs[0], VFXDRAW_TRIOS );

			SwapVfxWinBufs( &app, app.vfxwin );
			PollVfxWai();
		}
	}
	while (0);

	TermVfxDbg( &app, true );
	void_shared( &app );
	VoidShadersVoids( &app );
	VoidVfxApp( &app, &(app.vfxapp) );
	TermVfxVai( &app, app.vai.hook );
	VoidVfxWin( &app, &(app.vfxwin) );
	TermVfxWai( &app, app.wai.hook );
	ShutLib( &app, &(app.vai) );
	ShutLib( &app, &(app.wai) );
	VoidStringsVoids( &app );
	return app.err ? EXIT_FAILURE : EXIT_SUCCESS;
}

You couldn't have compiled with debug enabled so at least you get line numbers in your code.
And as for posting an image of something you could copy/paste - pah!

app.SharedBuffers[SHARED_BUFFER_DINTS]
app.SharedBuffers[SHARED_BUFFER_FNUMS]
These look like out of bounds accesses

Why are you decrementing i twice ?

Code:

    for ( i = SHARED_BUFFER_COUNT; i > 0; --i )
        VoidBuffer( app, &(app->SharedBuffers[--i]) );

Originally Posted by Salem

You couldn't have compiled with debug enabled so at least you get line numbers in your code.

I don't know what lib to reference for the dbueg symbols of glfw, my own come out fine but glfw & glew don't, which doesn't surprise me since they're 3rd party libraries

Originally Posted by Salem

And as for posting an image of something you could copy/paste - pah!

I would if gede provided that option, as it currently stands it doesn't so image it was.

Originally Posted by Salem

app.SharedBuffers[SHARED_BUFFER_DINTS]
app.SharedBuffers[SHARED_BUFFER_FNUMS]
These look like out of bounds accesses

Don't look like it to me:

Code:

app->SharedBuffers[i] = buffer = SeekVfxBufData( vfxbuf );

Originally Posted by Salem

Why are you decrementing i twice ?

Code:

    for ( i = SHARED_BUFFER_COUNT; i > 0; --i )
        VoidBuffer( app, &(app->SharedBuffers[--i]) );

That's an oversight and possibly the source of my segfault, I'll go check that now

Edit: It was, ty

> I would if gede provided that option, as it currently stands it doesn't so image it was.
Try harder - seriously.

If you can't figure out what combination of ctrl-alt-meta allows you to copy the console window, then google it.

What the hell is "gede" anyway.

Originally Posted by rstanley

Gede is a gui front-end for gdb.

So it would seem.
Gede : Start
Still looks like a toy rather than anything I'd want to use in anger.

Much less using it as the 'excuse' for not being able to copy/paste text.

Originally Posted by Salem

So it would seem.
Gede : Start
Still looks like a toy rather than anything I'd want to use in anger.

Much less using it as the 'excuse' for not being able to copy/paste text.

Hey some of us are either not comfortable or too lazy to deal with text only interface that using command line/shell for debugging comes along with so get off your high horse already because your making yourself look like an ass, gede's currently the best gui for gdb out there imo so despite it's lack of some features it's still better than dealing with the alternatives for me.

Rather than create a new thread I'm just gonna re-use this thread, ran into another segfault I couldn't identify the source of, since I got lucky last time and someone managed to point out the source of the issue I figure maybe I'll get lucky this time too, this time however I can't narrow it down to one file's code so I can only point you to the starting function, makeVfxAppShader() in src/extra/viewfx/vfxapp.c, the segfault occurs upon attempting to bind the path object to the shader object in makeShaderCode() sub call (at function bindShaderPath()), it's deep in the call stack where an attempt to reallocate the array to a new size is made, since the same function is called frequently by various things prior the the attempt I'm certain it's not the reallcation itself that's the issue but likely a buffer over run or under run somewhere that caused it, I just haven't spotted the cause yet.

Files * f7fc044d561309df5fc09f2f2cb9d098af5fa233 * Lee Shallis / Dragonbuilder * GitLab

Originally Posted by thmm

clang and GCC have a memory sanitizer - have you tried that ?
gcc comes with sanitizer tool to use - TechnologyRelated

While it's not the 1st I've heard of it, I'm not familiar with how to use it, nevertheless I've added the options to the debug options and did a full rebuild, tried running in gede to start with but it didn't seem to have any handlers for it so ran the binary on it's own to get the output proper:

Code:

make debug=1 run
...
cd bin && ./check_extra._x86_64_linux_cc_d.elf -D APP_DATA=../run
Opened module 'libvfxglfw._x86_64_linux_cc_d.so'
Opened module 'libvfxgl._x86_64_linux_cc_d.so'
Creating program '.flat'
Generating path for 'spec.glsl'
Generating shader 'point' with path 'bin/../run/shaders/spec.glsl':
=================================================================
==4767==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6040000610b8 at pc 0x7f62d4e59ad3 bp 0x7ffc4c5a9090 sp 0x7ffc4c5a8838
READ of size 28 at 0x6040000610b8 thread T0
    #0 0x7f62d4e59ad2 in __interceptor_memmove /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810
    #1 0x7f62d4dbe3ca in cramMembers src/basic/buffer.c:505
    #2 0x7f62d4dbe49f in growBuffer src/basic/buffer.c:517
    #3 0x7f62d4dbd979 in bindMember src/basic/buffer.c:418
    #4 0x7f62d4dc86d4 in bindVoid src/basic/buffer/voids.c:56
    #5 0x7f62d4df9d0b in makeShaderPath src/extra/viewfx/shader.c:196
    #6 0x7f62d4dfed7a in makeVfxAppShader src/extra/viewfx/vfxapp.c:598
    #7 0x7f62d4e0044c in initVfxApp src/extra/viewfx/vfxapp.c:801
    #8 0x7f62d4e01797 in InitVfxApp src/extra/viewfx/vfxapp.c:934
    #9 0x55e7314c96d4 in main src/tests/extra/main.c:262
    #10 0x7f62d4c04b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
    #11 0x55e7314c367d in _start (bin/check_extra._x86_64_linux_cc_d.elf+0x467d)
0x6040000610b8 is located 0 bytes to the right of 40-byte region [0x604000061090,0x6040000610b8)
allocated by thread T0 here:
    #0 0x7f62d4ed7279 in __interceptor_malloc /build/gcc/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x7f62d4dc2443 in allot src/basic/shared.c:84
    #2 0x7f62d4dbe02a in fillBufferTotal src/basic/buffer.c:472
    #3 0x7f62d4dbdc64 in fillBufferCount src/basic/buffer.c:446
    #4 0x7f62d4dbe294 in cramMembers src/basic/buffer.c:494
    #5 0x7f62d4dbe49f in growBuffer src/basic/buffer.c:517
    #6 0x7f62d4dbcfaa in initBuffer src/basic/buffer.c:326
    #7 0x7f62d4dc80be in initVoids src/basic/buffer/voids.c:14
    #8 0x7f62d4df8d5c in _MAKE_SHADER src/extra/viewfx/shader.c:23
    #9 0x7f62d4dc21d4 in makeObject src/basic/shared.c:55
    #10 0x7f62d4dbbeeb in makeNode src/basic/buffer.c:209
    #11 0x7f62d4dfa2d5 in makeShader src/extra/viewfx/shader.c:267
    #12 0x7f62d4dfe990 in makeVfxAppShader src/extra/viewfx/vfxapp.c:563
    #13 0x7f62d4e0044c in initVfxApp src/extra/viewfx/vfxapp.c:801
    #14 0x7f62d4e01797 in InitVfxApp src/extra/viewfx/vfxapp.c:934
    #15 0x55e7314c96d4 in main src/tests/extra/main.c:262
    #16 0x7f62d4c04b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
SUMMARY: AddressSanitizer: heap-buffer-overflow /build/gcc/src/gcc/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:810 in __interceptor_memmove
Shadow bytes around the buggy address:
  0x0c08800041c0: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x0c08800041d0: fa fa 00 00 00 00 00 fa fa fa fd fd fd fd fd fd
  0x0c08800041e0: fa fa 00 00 00 00 00 00 fa fa fd fd fd fd fd fd
  0x0c08800041f0: fa fa 00 00 00 00 00 01 fa fa fd fd fd fd fd fd
  0x0c0880004200: fa fa fd fd fd fd fd fd fa fa 00 00 00 00 00 00
=>0x0c0880004210: fa fa 00 00 00 00 00[fa]fa fa 00 00 00 00 00 00
  0x0c0880004220: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x0c0880004230: fa fa 00 00 00 00 00 00 fa fa 00 00 00 00 00 00
  0x0c0880004240: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880004250: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c0880004260: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==4767==ABORTING
make: *** [gnu.mak:44: run] Error 1
Compilation failed.

Currently the above means little to me, if you can find any useful details in there mind explaining to me both that and the any related details that would help me find it myself in the furture?

Never mind, after taking a break I tried looking at the line the top line mentioned, seems I had not quite prevented overflow there.