From f.heckenbach at fh-soft.de Tue Jan 16 06:21:03 2018 From: f.heckenbach at fh-soft.de (Frank Heckenbach) Date: Tue, 16 Jan 2018 07:21:03 +0100 Subject: [pkg-fgfs-crew] Bug#887411: fgfs: segfaults when receiving UDP data too early Message-ID: Package: flightgear Version: 1:2016.4.4+dfsg-3+deb9u1 File: /usr/games/fgfs Severity: normal When receiving UDP data too early, fgfs segfaults after giving the message: AI error: updating aircraft without traffic record at ... I've traced the segfault to trafficcontrol.cxx:984 At this point, "current" is uninitialized, so UB. I think the function (FGTowerController::updateAircraftInformation) should return after giving the above warning. The same seems to apply to some other functions (e.g. FGStartupController::updateAircraftInformation, FGApproachController::updateAircraftInformation), but of course, I only see the first segfault that occurs. -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1), LANGUAGE= (charmap=ISO-8859-1) Shell: /bin/sh linked to /stretch/bin/dash Init: systemd (via /run/systemd/system) Versions of packages flightgear depends on: ii flightgear-data-all 1:2016.4.2+dfsg-1 ii freeglut3 2.8.1-3 ii libc6 2.24-11+deb9u2 ii libcurl3-gnutls 7.52.1-5+deb9u3 ii libdbus-1-3 1.10.24-0+deb9u1 ii libexpat1 2.2.0-2+deb9u1 ii libflite1 2.0.0-release-3+b1 ii libgcc1 1:6.3.0-18 ii libgl1-mesa-glx [libgl1] 13.0.6-1+b2 ii libglu1-mesa [libglu1] 9.0.0-2.1 ii libgsm1 1.0.13-4+b2 ii libhtsengine1 1.08-1+b1 ii libice6 2:1.0.9-2 ii libopenal1 1:1.17.2-4+b2 ii libopenscenegraph100v5 3.2.3+dfsg1-2+b4 ii libopenthreads20 3.2.3+dfsg1-2+b4 ii libplib1 1.8.5-7 ii libpng16-16 1.6.28-1 ii libqt5core5a 5.7.1+dfsg-3+b1 ii libqt5gui5 5.7.1+dfsg-3+b1 ii libqt5widgets5 5.7.1+dfsg-3+b1 ii libsm6 2:1.2.2-1+b3 ii libspeex1 1.2~rc1.2-1+b2 ii libspeexdsp1 1.2~rc1.2-1+b2 ii libsqlite3-0 3.16.2-5+deb9u1 ii libstdc++6 6.3.0-18 ii libudev1 232-25+deb9u1 ii libudns0 0.4-1+b1 ii libx11-6 2:1.6.4-3 ii libxext6 2:1.3.3-1+b2 ii libxi6 2:1.7.9-1 ii libxmu6 2:1.1.2-2 ii zlib1g 1:1.2.8.dfsg-5 Versions of packages flightgear recommends: ii flightgear-phi 2016.4.2+dfsg1-1 flightgear suggests no packages. -- debconf-show failed From f.rougon at free.fr Tue Jan 16 08:03:18 2018 From: f.rougon at free.fr (Florent Rougon) Date: Tue, 16 Jan 2018 09:03:18 +0100 Subject: [pkg-fgfs-crew] Bug#887411: Bug#887411: fgfs: segfaults when receiving UDP data too early In-Reply-To: (Frank Heckenbach's message of "Tue, 16 Jan 2018 07:21:03 +0100") References: Message-ID: <87fu76i62h.fsf@frougon.crabdance.com> Hello, Frank Heckenbach wrote: > When receiving UDP data too early, fgfs segfaults after giving the > message: > > AI error: updating aircraft without traffic record at ... > > I've traced the segfault to trafficcontrol.cxx:984 > > At this point, "current" is uninitialized, so UB. Thanks for you report. There was a fix applied in May 2017 that seems to address the problem you found: https://sourceforge.net/p/flightgear/flightgear/ci/9a64150d57ef2b7a72a3b704e97a0abbaeb10a32/ This fix is present in FlightGear 2017.2.1 and all versions >= 2017.3.0. Regards -- Florent