This bug report was migrated from our old Bugzilla tracker.

These attachments are available in the static archive:

• fix by Ozkan Sezer (SDL2-system-999.01-fix-invalid-pointer.patch, text/plain, 2019-08-26 13:28:11 +0000, 400 bytes)

Reported in version: 2.0.10
Reported for operating system, platform: Linux, ARM

Comments on the original bug report:

On 2019-08-20 08:55:23 +0000, Frank wrote:

Well when I try to run libretro cores on my RPi3 by using Retroarch 1.7.7 with Emulationstation 2.8.4 & SDL2 2.0.10 then it always crashes once you exit Retroarch. This does not happen with SDL2 2.0.9 so I'm not exactly sure where I should start to dig 🤔 because it works fine on Generic & Rockchip builds. ES also only crashs when you start lr cores but runs standalone stuff like amiberry fine and returns to the ES frontend as you would expect.

I use a LibreELEC image as base for my builds. https://github.com/5schatten/LibreELEC-RR

I did a bisect & it looks like ES starts to crash after this commit spurious/SDL-mirror@a5a5e2c

strace output:

writev(2, [{iov_base="free(): invalid pointer", iov_len=23}, {iov_base="\n", iov_len=1}], 2free(): invalid pointer
) = 24
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76ef3000
rt_sigprocmask(SIG_UNBLOCK, [ABRT], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1], [], 8) = 0
getpid()                                = 3106
gettid()                                = 3106
tgkill(3106, 3106, SIGABRT)             = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
--- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=3106, si_uid=0} ---
+++ killed by SIGABRT +++
Aborted

journalctl:

Aug 19 09:58:35 raspi3 emulationstation.start[773]: free(): invalid pointer
Aug 19 09:58:36 raspi3 emulationstation.start[773]: Aborted

On 2019-08-20 15:59:50 +0000, Frank wrote:

I also opened an issue for ES RetroPie/EmulationStation#591 since I can't be sure if ES is not faulty.

On 2019-08-25 14:40:31 +0000, Sylvain wrote:

Just a guess, but what about making sure global_cursor is initialized.
eg:

static SDL_Cursor *global_cursor = NULL;

in:

https://hg.libsdl.org/SDL/file/7693573f862d/src/video/raspberry/SDL_rpimouse.c#l54

On 2019-08-25 15:13:00 +0000, Frank wrote:

I tried this patch but unfortunately it still crashs.

--- a/src/video/raspberry/SDL_rpimouse.c
+++ b/src/video/raspberry/SDL_rpimouse.c
@@ -51,7 +51,7 @@
static void RPI_WarpMouse(SDL_Window * window, int x, int y);
static int RPI_WarpMouseGlobal(int x, int y);

-static SDL_Cursor *global_cursor;
+static SDL_Cursor *global_cursor = NULL;

static SDL_Cursor *
RPI_CreateDefaultCursor(void)

On 2019-08-25 15:55:55 +0000, Ozkan Sezer wrote:

Looks like a double-free?

Where is free() called, possibly from RPI_FreeCursor()?
If so, RPI_FreeCursor() doesn't set global_cursor to NULL
if cursor==global_cursor, maybe that's the reason.

On 2019-08-25 17:42:28 +0000, Ozkan Sezer wrote:

Try something like the following (untested) :

diff --git a/src/video/raspberry/SDL_rpimouse.c b/src/video/raspberry/SDL_rpimouse.c
--- a/src/video/raspberry/SDL_rpimouse.c
+++ b/src/video/raspberry/SDL_rpimouse.c
@@ -226,6 +226,9 @@ RPI_FreeCursor(SDL_Cursor * cursor)
SDL_free(cursor->driverdata);
}
SDL_free(cursor);

•    if (cursor == global_cursor) {
  

•        global_cursor = NULL;
  

•    }
  

  }
  }

On 2019-08-26 13:26:57 +0000, Frank wrote:

Thx this patch solved the problem for me :-) I guess you'll send this patch upstream?

On 2019-08-26 13:28:11 +0000, Frank wrote:

Created attachment 3932
fix by Ozkan Sezer

On 2019-08-26 15:43:11 +0000, Ozkan Sezer wrote:

Fix pushed as https://hg.libsdl.org/SDL/rev/5748bf293bea

On 2019-09-20 20:47:40 +0000, Ryan C. Gordon wrote:

We're changing how we do SDL release versions; now releases will be even numbers (2.0.10, 2.0.12, etc), and as soon as we tag a release, we'll move the internal version number to an odd number (2.0.12 ships, we tag the latest in revision control as 2.0.13 immediately, which will become 2.0.14 on release, etc).

As such, I'm moving the bugs tagged with target-2.0.11 to target 2.0.12. Sorry if you get a lot of email from this change!

Thanks,
--ryan.

On 2019-09-20 20:48:39 +0000, Ryan C. Gordon wrote:

We're changing how we do SDL release versions; now releases will be even numbers (2.0.10, 2.0.12, etc), and as soon as we tag a release, we'll move the internal version number to an odd number (2.0.12 ships, we tag the latest in revision control as 2.0.13 immediately, which will become 2.0.14 on release, etc).

As such, I'm moving the bugs tagged with target-2.0.11 to target 2.0.12. Sorry if you get a lot of email from this change!

Thanks,
--ryan.