The International Simutrans Forum

Development => Bug Reports => Topic started by: Ashley on December 05, 2012, 10:09:19 AM

Title: simuconf.tab - value longer than 129 characters causes segfault
Post by: Ashley on December 05, 2012, 10:09:19 AM
Reading low level config data ...
parse_simuconf() at config/simuconf.tab: Reading simuconf.tab successful!
Simutrans version 112.0 from Nov 14 2012 r6000M
Message: simmain():     Server started on port 13353
Message: network_init_server(): Preparing to bind address: "::"
Attempting to bind listening sockets for: "::"
Message: network_init_server(): Potential bind address: ::
Added valid listen socket for address: "::"
Message: socket_list_t::add_server:     add server socket[3]
Message: network_init_server(): Preparing to bind address: "0.0.0.0"
Attempting to bind listening sockets for: "0.0.0.0"
Message: network_init_server(): Potential bind address: 0.0.0.0
Added valid listen socket for address: "0.0.0.0"
Message: socket_list_t::add_server:     add server socket[4]
Server started, added 2 server sockets
Message: simmain::main():       Version: 112.0  Date: Nov 14 2012
Message: Debuglevel:    4
Message: program_dir:   /home/timothy/simutrans/simutrans/
Message: home_dir:      /home/timothy/simutrans/simutrans/
Message: locale:        en
Message: obj_reader_t::read_file():     filename='skin/ground.Outside.pak'
ERROR: obj_reader_t::read_file():       reading 'skin/ground.Outside.pak' failed!
For help with this error or to file a bug report please see the Simutrans forum:
http://forum.simutrans.com
Warning: obj_reader_t::load():  ground.Outside.pak not found, cannot guess tile size! (driving on left will not work!)
Message: obj_reader_t::load():  reading from 'skin/'
Message: obj_reader_t::read_file():     filename='skin/menu.WindowSkin.pak'
Message: obj_reader_t::read_file():     read 1 blocks, file version is 3e9
Segmentation fault


Simutrans is segfaulting if the parameter for a config file entry is longer than 129 characters. E.g.

server_infurl = http://your.domain/server-info.htmlfefefefeefefeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee33

Works fine but

server_infurl = http://your.domain/server-info.htmlfefefefeefefeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee334

Does not (one character more). Strangely enough running it under gdb shows the segfault to be happening here:

Reading symbols from /home/timothy/simutrans/simutrans/sim...done.
(gdb) run
Starting program: /home/timothy/simutrans/simutrans/sim
Use work dir /home/timothy/simutrans/simutrans/
Reading low level config data ...
parse_simuconf() at config/simuconf.tab: Reading simuconf.tab successful!

Program received signal SIGSEGV, Segmentation fault.
image_reader_t::read_node (this=0x83b1d50, fp=0x8453b30, node=...) at besch/reader/image_reader.cc:144
144                             do {


The tabfile reader does appear to use strdup to duplicate the strings it reads in (the max size for the key and value being 4096 characters based on the char buffer it's using). I don't know where to go from here in trying to fix this since it seems to be something rather strange...
Title: Re: simuconf.tab - value longer than 129 characters causes segfault
Post by: Dwachs on December 05, 2012, 10:42:32 AM
You could try valgrind and see, whether it complains about something strange.
Title: Re: simuconf.tab - value longer than 129 characters causes segfault
Post by: Ashley on December 05, 2012, 03:01:53 PM
So I'm seeing this same thing when testing my syslog patch now...


Program received signal SIGSEGV, Segmentation fault.
image_reader_t::read_node (this=0x83b70f0, fp=0x8459aa8, node=...) at besch/reader/image_reader.cc:144
144                             do {
(gdb) bt
#0  image_reader_t::read_node (this=0x83b70f0, fp=0x8459aa8, node=...) at besch/reader/image_reader.cc:144
#1  0x0807c39c in obj_reader_t::read_nodes (fp=0x8459aa8, data=@0x8459c90, register_nodes=3, version=1001) at besch/reader/obj_reader.cc:270
#2  0x0807c3e8 in obj_reader_t::read_nodes (fp=0x8459aa8, data=@0x8459c48, register_nodes=2, version=1001) at besch/reader/obj_reader.cc:272
#3  0x0807c3e8 in obj_reader_t::read_nodes (fp=0x8459aa8, data=@0x8459c20, register_nodes=1, version=1001) at besch/reader/obj_reader.cc:272
#4  0x0807c3e8 in obj_reader_t::read_nodes (fp=0x8459aa8, data=@0xbfffda58, register_nodes=0, version=1001) at besch/reader/obj_reader.cc:272
#5  0x0807c98a in obj_reader_t::read_file (name=0x8459240 "skin/menu.WindowSkin.pak") at besch/reader/obj_reader.cc:228
#6  0x0807e332 in obj_reader_t::load (path=0x833db62 "skin/", message=0x833db50 "Loading skins ...") at besch/reader/obj_reader.cc:177
#7  0x0807e80e in obj_reader_t::init () at besch/reader/obj_reader.cc:55
#8  0x082b743a in simu_main (argc=1, argv=0xbffffcf4) at simmain.cc:655
#9  0x082c7f4c in sysmain (argc=1, argv=0xbffffcf4) at simsys.cc:703
#10 0x0833a18f in main (argc=1, argv=0xbffffcf4) at simsys_posix.cc:147


It's strange that it only happens under certain situations (combinations of command line flags...)

I have no idea how to use valgrind :(


Edit: In the case of the syslog patch I did find that copying ground.Outside.pak to the skin/ directory mysteriously solved it - presumably by avoiding calling some code...
Title: Re: simuconf.tab - value longer than 129 characters causes segfault
Post by: Dwachs on December 05, 2012, 07:23:20 PM
Quote from: Timothy on December 05, 2012, 03:01:53 PM
I have no idea how to use valgrind :(
valgrind ./sim -server -bla

should do the trick.

Edit: could you post your simuconf.tab and your command-line parameters? I could not reproduce the crash.
Title: Re: simuconf.tab - value longer than 129 characters causes segfault
Post by: Ters on December 07, 2012, 05:46:26 AM
I don't think I've ever seen a segfault on a do {. What memory access is it performing?
Title: Re: simuconf.tab - value longer than 129 characters causes segfault
Post by: prissi on December 07, 2012, 09:55:02 AM
The copying of outside to the skin directory would prevent a warning very on in loading times and shortens the corresponding error message. This seems like somehow either something is not properly initialized or and intermediate string is static and too short.