Segmentation fault
Opened this issue · 15 comments
Environment
kitty@vbox:~$ date
tuesday, 10 october 2023 20:07:34 +0100
kitty@vbox:~$ r2 -v
radare2 5.8.9 31299 @ linux-x86-64
birth: git.5.8.8-667-g0ae85c519b 2023-10-10__19:48:28
commit: 0ae85c519b3a15a958658745ae117145457eb83c
options: gpl -O? cs:5 cl:2 make
kitty@vbox:~$ iaito -v
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
iaito 5.8.8
kitty@vbox:~$ uname -ms
Linux x86_64
kitty@vbox:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.3 LTS
Release: 22.04
Codename: jammyDescription
I built latest r2 (5.8.9) from sources, then ran sudo apt install qttools5-dev qttools5-dev-tools qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5svg5-dev make pkg-config build-essential to install Qt deps, and after that i built latest iaito (5.8.8) from sources.
Whenever i try to run it, i have Segmentation fault.
Test
kitty@vbox:~$ iaito
Warning: Ignoring XDG_SESSION_TYPE=wayland on Gnome. Use QT_QPA_PLATFORM=wayland to run on Wayland anyway.
Plugins are loaded from "/home/kitty/.local/share/radareorg/iaito/plugins"
Loaded 0 plugin(s).
Plugins are loaded from "/usr/share/ubuntu/radareorg/iaito/plugins"
Plugins are loaded from "/usr/local/share/radareorg/iaito/plugins"
Plugins are loaded from "/usr/share/radareorg/iaito/plugins"
Plugins are loaded from "/var/lib/snapd/desktop/radareorg/iaito/plugins"
Segmentation fault (core dumped)
kitty@vbox:~$ cant reproduce. works fine everywhere, even when compiling everything with asan i cant help much without reproducing it.
Do you have old plugins somewhere in your home or system directory? do r2 works or segfaults too? the .9 versions are abi unstable, so you must rebuild them everytime you update r2/iaito just in case, otherwise just rim raf the directory and should be fine.
if its still segfasulting, please provide a backtrace or build with asan and show the crashlog
I don't know if this is related but I also have a segfault with r2 & iaito 5.8.8.
Thread 1 "iaito" received signal SIGSEGV, Segmentation fault.
__memcpy_sse2_unaligned_erms ()
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:706
Download failed: Invalid argument. Continuing without source file ./string/../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S.
706 ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
(gdb) backtrace
#0 __memcpy_sse2_unaligned_erms ()
at ../sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S:706
#1 0x00007ffff6770d2b in r_vector_push () at /lib/libr_util.so
#2 0x00007ffff6732b89 in r_event_hook () at /lib/libr_util.so
#3 0x0000555555678fff in IaitoCore::initialize(bool) ()
#4 0x000055555579bb42 in IaitoApplication::IaitoApplication(int&, char**) ()
#5 0x0000555555666bf4 in main ()
r2 5.8.8 an iaito 5.8.6 works fine
Did you recompiled iaito after switching to r2-5.8.9? Because all the .9 versions have a different abi so its suposed to cause segfaults if you dont recompile
If this is the issue i can add an abi stable runtime version check early in the main before calling qt and stop you from ezecuting iaito with the wrong version of r2
Did you recompiled iaito after switching to r2-5.8.9? Because all the .9 versions have a different abi so its suposed to cause segfaults if you dont recompile
I've rebuilt r2 (5.8.6) and iaito (5.8.6) and everything works fine, except projects management, but it is another issue.
No. I mean:
- uninstall all versions of r2 you have
- build only the latest from git
- Make clean build of iaito
That should work well. Dont mix development and stable versions of r2 (its documented in the readme)
@KulahaRoman Try changing line 17 of RelocsWidget.cpp to:
return parent.isValid() ? relocs->count() : 0;
@atom-bomb if you do this change (which makes sense) the relocs widget appears empty. the logic of the current code looks wrong and inverted, but it actually works, the relocs widget is not shown by default, so it shouldnt be causing any crash. the backtrace seems to relate to an abi problem imho
ok i found the logic after reading some qt documentation. the isValid() call is always false when the model is a table. so its a qt bug and we can just avoid checking for this. im gonna clean this code to avoid the unnecessary check. The only place where isValid() is necessary is when the model is a tree, which is not the case for the relocs widget
When testing on WSL/Ubuntu with iaito-5.8.8 I still have a segmentation fault so with the suggested fix it does not solve:
lota@DESKTOP-BBLPJT6:~/dev/iaito$ gdb /usr/local/bin/iaito
GNU gdb (Ubuntu 12.1-0ubuntu1~22.04) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/local/bin/iaito...
(No debugging symbols found in /usr/local/bin/iaito)
(gdb) r
Starting program: /usr/local/bin/iaito
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff1406640 (LWP 67185)]
[New Thread 0x7fffbce27640 (LWP 67186)]
[New Thread 0x7fffb7fff640 (LWP 67187)]
Plugins are loaded from "/home/lota/.local/share/radareorg/iaito/plugins"
Loaded 0 plugin(s).
Plugins are loaded from "/home/lota/.local/share/flatpak/exports/share/radareorg/iaito/plugins"
Plugins are loaded from "/var/lib/flatpak/exports/share/radareorg/iaito/plugins"
Plugins are loaded from "/usr/local/share/radareorg/iaito/plugins"
Plugins are loaded from "/usr/share/radareorg/iaito/plugins"
Plugins are loaded from "/var/lib/snapd/desktop/radareorg/iaito/plugins"
Thread 1 "iaito" received signal SIGSEGV, Segmentation fault.
0x000055555571b39b in RelocsModel::rowCount(QModelIndex const&) const ()
(gdb) si
Couldn't get registers: No such process.
(gdb) [Thread 0x7fffb7fff640 (LWP 67187) exited]
[Thread 0x7fffbce27640 (LWP 67186) exited]
[Thread 0x7ffff1406640 (LWP 67185) exited]
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
And the source code is :
int RelocsModel::rowCount(R_UNUSED const QModelIndex &parent) const
{
return parent.isValid() ? relocs->count() : 0;
}
hi @vricosti, i'm using iato-5.8.9 on Ubuntu linux 22.04.3
when building the current head of trunk i made this change to fix app startup:
diff --git a/src/widgets/RelocsWidget.cpp b/src/widgets/RelocsWidget.cpp
index d543d089..08368dd8 100644
--- a/src/widgets/RelocsWidget.cpp
+++ b/src/widgets/RelocsWidget.cpp
@@ -163,13 +163,14 @@ bool RelocsProxyModel::lessThan(const QModelIndex &left, const QModelIndex &righ
}
RelocsWidget::RelocsWidget(MainWindow *main) :
- ListDockWidget(main),
- relocsModel(new RelocsModel(&relocs, this)),
- relocsProxyModel(new RelocsProxyModel(relocsModel, this))
+ ListDockWidget(main)
{
setWindowTitle(tr("Relocs"));
setObjectName("RelocsWidget");
+ relocsModel = new RelocsModel(&relocs, this);
+ relocsProxyModel = new RelocsProxyModel(relocsModel, this);
+
setModels(relocsProxyModel);
i rarely program in C++ so i'm not entirely certain why this helps.. with constructors being called left to right it seems like relocs->count() should work when it gets called but i noticed that while RelocsWidget seems to segfault at startup, the ExportsWidget does not so I made the class constructor look like the ExportsWidget.
Can you submit a pr?
Also crashes for me:
$ uname -a
Linux 6.5.0-17-generic #17~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Jan 16 14:32:32 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
$ radare2 -v
radare2 5.8.9 31685 @ linux-x86-64
birth: git.5.8.8-1061-ge3da17a0fb 2024-02-11__01:11:28
commit: e3da17a0fb35947aae1cdd6a6a95737e3bcf3536
options: gpl -O? cs:5 cl:2 make
$ iaito -v
iaito 5.8.8
$ iaito ./a.out
fish: Job 1, 'iaito ./a.out' terminated by signal SIGSEGV (Address boundary error)
Running gdb on it I get:
$ gdb iaito
...
Reading symbols from iaito...
(No debugging symbols found in iaito)
(gdb) r
Starting program: /usr/bin/iaito
...
Thread 1 "iaito" received signal SIGSEGV, Segmentation fault.
0x00007ffff75f00ef in r_event_hook (ev=0x7ffff7c95a3e <r_core_flag_get_by_spaces>, type=0, cb=0x555555680420, user=0x5555559a34e0) at event.c:62
62 hook.handle = ev->next_handle++;
(gdb) bt
#0 0x00007ffff75f00ef in r_event_hook (ev=0x7ffff7c95a3e <r_core_flag_get_by_spaces>, type=0, cb=0x555555680420, user=0x5555559a34e0) at event.c:62
#1 0x00005555556794c8 in IaitoCore::initialize(bool) ()
#2 0x000055555579dda5 in IaitoApplication::IaitoApplication(int&, char**) ()
#3 0x0000555555666f64 in main ()
(gdb) l
57 REventCallbackHook hook;
58
59 r_return_val_if_fail (ev, handle);
60 hook.cb = cb;
61 hook.user = user;
62 hook.handle = ev->next_handle++;
63 if (type == R_EVENT_ALL) {
64 r_vector_push (&ev->all_callbacks, &hook);
65 } else {
66 RVector *cbs = get_cbs (ev, type);
(gdb) p hook.handle
$1 = 1
(gdb) p ev->next_handle
$2 = 523792149
(gdb) p ev
$3 = (REvent *) 0x7ffff7c95a3e <r_core_flag_get_by_spaces>
(gdb) p *ev
$4 = {user = 0xe5894855fa1e0ff3, incall = 72, callbacks = 0xf0758b48f0758948, all_callbacks = {a = 0x8d48006af8458b48, len = 10180477118148272661, capacity = 10180477118148272917, elem_size = 10180477118148273173, free = 0x8d4852001f386d15, free_user = 0x8d4852001f386f15},
next_handle = 523792149}
(gdb) p hook
$5 = {cb = 0x555555680420, user = 0x5555559a34e0, handle = 1}
(gdb) p R_EVENT_ALL
$6 = R_EVENT_ALL
(gdb) p type == R_EVENT_ALL
$7 = 1