Bug#1041211: libsdl-perl: FTBFS and autopkgtest failure with sdl12-compat, especially on 32-bit

Simon McVittie smcv at debian.org
Mon Jul 17 10:35:14 BST 2023 

On Sat, 15 Jul 2023 at 18:43:08 +0100, Simon McVittie wrote:
> One failure mode is that t/core_video.t crashes with signal 11 (SIGSEGV)
> during testing, usually (perhaps always?) after test point 65

I can reproduce a use-after-free on amd64. The test doesn't crash on amd64
for whatever reason, but it's visible when using valgrind, or when
recompiling sdl12-compat and libsdl2 with -fsanitize=address.

I think this is probably the same root cause as the crash on 32-bit
architectures, it's just less fatal on 64-bit for whatever reason.
An easy reproducer is to run `perl ./t/core_video.t` from the libsdl-perl
source tree: it is not necessary to recompile it.

$ LD_PRELOAD=libasan.so.8 LD_LIBRARY_PATH="$HOME/tmp/build/SDL2/asan/build/.libs:$HOME/tmp/build/sdl12-compat/asan" perl ./t/core_video.t
...
==446873==ERROR: AddressSanitizer: heap-use-after-free on address 0x60800005cb74 at pc 0x7f5840705152 bp 0x7ffe496d6340 sp 0x7ffe496d6338
READ of size 4 at 0x60800005cb74 thread T0
    #0 0x7f5840705151 in SDL_FreeSurface /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5182
    #1 0x7f584301804a in objDESTROY src/helper.h:65
    #2 0x7f584301804a in objDESTROY src/helper.h:52
    #3 0x7f58430180e2 in XS_SDL__Surface_DESTROY lib/SDL/Surface.xs:185
    #4 0x557c15fe2f17 in Perl_pp_entersub (/usr/bin/perl+0x123f17) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #5 0x557c15f2f1c4 in Perl_call_sv (/usr/bin/perl+0x701c4) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #6 0x557c15ff0cfb  (/usr/bin/perl+0x131cfb) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #7 0x557c15ff144f in Perl_sv_clear (/usr/bin/perl+0x13244f) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #8 0x557c15ff1a2f in Perl_sv_free2 (/usr/bin/perl+0x132a2f) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #9 0x557c15fda2e8 in Perl_pp_sassign (/usr/bin/perl+0x11b2e8) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #10 0x557c15fd8ef5 in Perl_runops_standard (/usr/bin/perl+0x119ef5) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #11 0x557c15f37778 in perl_run (/usr/bin/perl+0x78778) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #12 0x557c15f094b1 in main (/usr/bin/perl+0x4a4b1) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)
    #13 0x7f5843a456c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #14 0x7f5843a45784 in __libc_start_main_impl ../csu/libc-start.c:360
    #15 0x557c15f094f0 in _start (/usr/bin/perl+0x4a4f0) (BuildId: 42daa0cc03328cecf85c1f8589ec1619f547c3a5)

0x60800005cb74 is located 84 bytes inside of 88-byte region [0x60800005cb20,0x60800005cb78)
freed by thread T0 here:
    #0 0x7f5843cd7288 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
    #1 0x7f583e949a02 in real_free /home/smcv/src/SDL-2.x/src/stdlib/SDL_malloc.c:5199
    #2 0x7f583e949eaa in SDL_free_REAL /home/smcv/src/SDL-2.x/src/stdlib/SDL_malloc.c:5339
    #3 0x7f583e754036 in SDL_free /home/smcv/src/SDL-2.x/src/dynapi/SDL_dynapi_procs.h:411
    #4 0x7f5840705119 in SDL_FreeSurface /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5190
    #5 0x7f58407053c7 in EndVidModeCreate /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5508
    #6 0x7f5840712c60 in SetVideoModeImpl /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5982
    #7 0x7f584071516f in SDL_SetVideoMode /home/smcv/src/sdl12-compat/src/SDL12_compat.c:6329
    #8 0x7f5842edd60e in XS_SDL__Video_set_video_mode lib/SDL/Video.xs:137

previously allocated by thread T0 here:
    #0 0x7f5843cd85bf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69
    #1 0x7f583e949a23 in real_malloc /home/smcv/src/SDL-2.x/src/stdlib/SDL_malloc.c:5196
    #2 0x7f583e949de1 in SDL_malloc_REAL /home/smcv/src/SDL-2.x/src/stdlib/SDL_malloc.c:5295
    #3 0x7f583e754012 in SDL_malloc /home/smcv/src/SDL-2.x/src/dynapi/SDL_dynapi_procs.h:408
    #4 0x7f58406d55af in Surface20to12 /home/smcv/src/sdl12-compat/src/SDL12_compat.c:4932
    #5 0x7f5840704b9b in SDL_CreateRGBSurface /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5130
    #6 0x7f5840704e0d in CreateSurface12WithFormat /home/smcv/src/sdl12-compat/src/SDL12_compat.c:5551
    #7 0x7f58407136b2 in SetVideoModeImpl /home/smcv/src/sdl12-compat/src/SDL12_compat.c:6126
    #8 0x7f584071516f in SDL_SetVideoMode /home/smcv/src/sdl12-compat/src/SDL12_compat.c:6329
    #9 0x7f5842edd60e in XS_SDL__Video_set_video_mode lib/SDL/Video.xs:137

It's still not clear to me whether this is a sdl12-compat bug or a
libsdl-perl bug. I'll continue to investigate when I have a chance.

    smcv

More information about the Pkg-sdl-maintainers mailing list