| Summary: | Segfault when pressing a trigger on the Steam Controller (Linux) | ||
|---|---|---|---|
| Product: | SDL | Reporter: | Matteo Beniamino <beniamino> |
| Component: | joystick | Assignee: | Sam Lantinga <slouken> |
| Status: | RESOLVED FIXED | QA Contact: | Sam Lantinga <slouken> |
| Severity: | critical | ||
| Priority: | P2 | CC: | beniamino |
| Version: | HG 2.1 | ||
| Hardware: | x86 | ||
| OS: | Linux | ||
| Attachments: |
gdb log of a segmentation fault
Always allocate max number of hats Map hats indices to the correct hwdata_hat element gdb backtrace |
||
Created attachment 3593 [details]
Always allocate max number of hats
I have a workaround: always allocate the maximum number of hats. At first I thought it was a ugly hack, but then I realized that currently said maximum number is 4 and the struct to be allocated is just an array of two ints, so it's not a big deal. I let you establish if this is ok or if you want to write a different fix.
Created attachment 3594 [details]
Map hats indices to the correct hwdata_hat element
A better patch. Allocate one hwdata_hat for each hat, report the correct number of hats (not always 4 like the previous patch did) and keep a map from the index of the hat derived from the device to the correct hwdata_hat element in the SDL array of hats.
I think this is fixed in the latest SDL snapshot, can you verify? http://www.libsdl.org/tmp/SDL-2.0.zip Created attachment 3823 [details]
gdb backtrace
Unfortunately I can still reproduce the crash.
This change looks good, thanks! https://hg.libsdl.org/SDL/rev/c54ce7eddcbe Actually, I think this change is needed too, can you verify? https://hg.libsdl.org/SDL/rev/baae9331abc0 Better, for clarity: https://hg.libsdl.org/SDL/rev/a9a7c1e48f0b Yes, I can confirm no more crashes using a9a7c1e48f0b ! Thank you. Great, thanks! |
Created attachment 3592 [details] gdb log of a segmentation fault Pressing a trigger button on a Steam Controller causes a segmentation fault both with stable version and latest mercurial head on Linux. I'm using the recent hid_steam kernel module with lizard_mode disabled (that is no keyboard/mouse emulation). I suspect this is what's happening: the driver exposes two hats. The two hats have indices 0 and 2. Inside linux/SDL_sysjoystick.c two hats are allocated in allocate_hatdata for joystick->hwdata->hats. In HandleHat function the hat parameter (that can be 2) is directly used as the index of the array that only has two elements, causing an out of bounds access. SDL is not expecting to have "holes" between hats indices. The index 2 is calculated in HandleInputEvents() as (ABS_HAT2X - ABS_HAT0X) / 2 where ABS_HAT2X is the value associated to the hat inside the hid_steam module.