Bug#1051418: Info received (obs-studio: clicking on an xcomposite window source makes obs segfault)
For the link provided, the crash occurs because of the presence of the unicode
middot character. The wchar_to_utf8() function in libobs utils checks for any
char that is less than 0 and returns zero. This results in dstr_to_lower() not
updating name_lower in xcompcap_props(). The empty name_lower string is pushed
to window_strings which causes qsort() to SEGV.
The following is the check that fails in libobs/utils/utf8.c:
292 if ((signed char)*w < 0) {
293 if ((flags & UTF8_IGNORE_ERROR) == 0)
294 return 0;
295 continue;
Bug#1051418: Info received (obs-studio: clicking on an xcomposite window source makes obs segfault)
On Mon, 23 Oct 2023 22:20:04 + (UTC) Michael Neilly
wrote:
> Sending in plain text so it is readable:
>
>
> I'm seeing the same bug in the latest Debian testing updated this
> morning. Specifically, if I have the following github page open in my
> browser clicking the xcomposite window source cases a seg fault as
> reported.
>
>
> Â Â https://github.com/pjreddie/darknet/issues/553
>
>
> This results in a window name of
>
>
>   "Error on make: 'cuda_runtime.h: No such file or directory' ·
Issue #553 · pjreddie/darknet - Brave"
>
>
> In xcompcap_props(), the name_lower variable has zero values in the
> struct which is then pushed to window_strings.array. I can't currently
> step into dstr_to_lower().
>
>
> The following shows the array entry in window_strings.array:
>
>
> Â Â $18 = {
> Â Â name_lower = {array = 0x0, len = 0, capacity = 0},
> Â Â name = {
> Â Â Â Â array = 0x570b88e0 "Error on make: 'cuda_runtime.h: No
such file or directory' · Issue #553 · pjreddie/darknet - Brave",
> Â Â Â Â len = 100,
> Â Â Â Â capacity = 101
> Â Â },
> Â Â desc = {
> Â Â Â Â array = 0x55c24560 "54525967\r\nError on make:
'cuda_runtime.h: No such file or directory' · Issue #553 ·
pjreddie/darknet - Brave\r\nbrave-browser",
> Â Â Â Â len = 125,
> Â Â Â Â capacity = 126
> Â Â }
> Â Â }
>
>
> The following is the gdb backtrace with frame 11 being the frame where
> the above was observed.
>
>
> (gdb) bt
> #0Â __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:283
> #1Â 0x73e5de65 in msort_with_tmp (p=p@entry=0x7fffc510,
b=b@entry=0x7fffc448, n=n@entry=3) at ./stdlib/msort.c:123
> #2Â 0x73e5ddb1 in msort_with_tmp (n=3, b=0x7fffc448,
p=0x7fffc510) at ./stdlib/msort.c:44
> #3Â msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430,
n=n@entry=6) at ./stdlib/msort.c:53
> #4Â 0x73e5dd94 in msort_with_tmp (n=6, b=0x7fffc430,
p=0x7fffc510) at ./stdlib/msort.c:44
> #5Â msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430,
n=n@entry=12) at ./stdlib/msort.c:52
> #6Â 0x73e5ddb1 in msort_with_tmp (n=12, b=0x7fffc430,
p=0x7fffc510) at ./stdlib/msort.c:44
> #7Â msort_with_tmp (p=p@entry=0x7fffc510, b=0x7fffc3d8, n=n@entry=23)
at ./stdlib/msort.c:53
> #8Â 0x73e5e23b in msort_with_tmp (n=23, b=,
p=0x7fffc510) at ./stdlib/msort.c:44
> #9Â __GI___qsort_r (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72,
cmp=cmp@entry=0x7fffe1fdaac0 , arg=arg@entry=0x0) at
./stdlib/msort.c:253
> #10 0x73e5e3c8 in __GI_qsort (b=b@entry=0x570e2320, n=n@entry=23,
s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 ) at ./stdlib/msort.c:307
> #11 0x7fffe1fdbcb5 in xcompcap_props (unused=) at
./plugins/linux-capture/xcomposite-input.c:750
> #12 0x765629f6 in obs_source_properties () at
/lib/x86_64-linux-gnu/libobs.so.0
> #13 0x5564c3d5 in SourceToolbar::SourceToolbar(QWidget*,
OBSSafeRef)
(source=..., parent=0x55ea89a0, this=0x56074fd0) at
./libobs/obs.hpp:103
Installing testing's nvidia-cuda-toolkit and nvidia-driver packages
resolved this for me. Originally, I installed the driver via the .run file,
which I still think can work if you ensure the cuda libs are selected
during the setup process.
Bug#1051418: Info received (obs-studio: clicking on an xcomposite window source makes obs segfault)
Sending in plain text so it is readable:
I'm seeing the same bug in the latest Debian testing updated this
morning. Specifically, if I have the following github page open in my
browser clicking the xcomposite window source cases a seg fault as
reported.
https://github.com/pjreddie/darknet/issues/553
This results in a window name of
"Error on make: 'cuda_runtime.h: No such file or directory' · Issue #553 ·
pjreddie/darknet - Brave"
In xcompcap_props(), the name_lower variable has zero values in the
struct which is then pushed to window_strings.array. I can't currently
step into dstr_to_lower().
The following shows the array entry in window_strings.array:
$18 = {
name_lower = {array = 0x0, len = 0, capacity = 0},
name = {
array = 0x570b88e0 "Error on make: 'cuda_runtime.h: No such file or
directory' · Issue #553 · pjreddie/darknet - Brave",
len = 100,
capacity = 101
},
desc = {
array = 0x55c24560 "54525967\r\nError on make: 'cuda_runtime.h: No
such file or directory' · Issue #553 · pjreddie/darknet -
Brave\r\nbrave-browser",
len = 125,
capacity = 126
}
}
The following is the gdb backtrace with frame 11 being the frame where
the above was observed.
(gdb) bt
#0 __strcmp_avx2 () at ../sysdeps/x86_64/multiarch/strcmp-avx2.S:283
#1 0x73e5de65 in msort_with_tmp (p=p@entry=0x7fffc510,
b=b@entry=0x7fffc448, n=n@entry=3) at ./stdlib/msort.c:123
#2 0x73e5ddb1 in msort_with_tmp (n=3, b=0x7fffc448,
p=0x7fffc510) at ./stdlib/msort.c:44
#3 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430,
n=n@entry=6) at ./stdlib/msort.c:53
#4 0x73e5dd94 in msort_with_tmp (n=6, b=0x7fffc430,
p=0x7fffc510) at ./stdlib/msort.c:44
#5 msort_with_tmp (p=p@entry=0x7fffc510, b=b@entry=0x7fffc430,
n=n@entry=12) at ./stdlib/msort.c:52
#6 0x73e5ddb1 in msort_with_tmp (n=12, b=0x7fffc430,
p=0x7fffc510) at ./stdlib/msort.c:44
#7 msort_with_tmp (p=p@entry=0x7fffc510, b=0x7fffc3d8, n=n@entry=23)
at ./stdlib/msort.c:53
#8 0x73e5e23b in msort_with_tmp (n=23, b=,
p=0x7fffc510) at ./stdlib/msort.c:44
#9 __GI___qsort_r (b=b@entry=0x570e2320, n=n@entry=23, s=s@entry=72,
cmp=cmp@entry=0x7fffe1fdaac0 , arg=arg@entry=0x0) at
./stdlib/msort.c:253
#10 0x73e5e3c8 in __GI_qsort (b=b@entry=0x570e2320, n=n@entry=23,
s=s@entry=72, cmp=cmp@entry=0x7fffe1fdaac0 ) at ./stdlib/msort.c:307
#11 0x7fffe1fdbcb5 in xcompcap_props (unused=) at
./plugins/linux-capture/xcomposite-input.c:750
#12 0x765629f6 in obs_source_properties () at
/lib/x86_64-linux-gnu/libobs.so.0
#13 0x5564c3d5 in SourceToolbar::SourceToolbar(QWidget*,
OBSSafeRef) (source=...,
parent=0x55ea89a0, this=0x56074fd0) at ./libobs/obs.hpp:103
#14 ComboSelectToolbar::ComboSelectToolbar(QWidget*, OBSSafeRef) (this=this@entry=0x56074fd0,
parent=parent@entry=0x55ea89a0, source=...) at
./UI/context-bar-controls.cpp:116
#15 0x5564c562 in WindowCaptureToolbar::WindowCaptureToolbar(QWidget*,
OBSSafeRef)
(this=this@entry=0x56074fd0, parent=0x55ea89a0, source=...) at
./UI/context-bar-controls.cpp:245
#16 0x556f90f5 in OBSBasic::UpdateContextBar(bool)
(this=0x55cf9d60, force=) at ./UI/window-basic-main.cpp:3373
#17 0x7456e590 in QObject::event(QEvent*) () at
/lib/x86_64-linux-gnu/libQt6Core.so.6
#18 0x753828be in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() at /lib/x86_64-linux-gnu/libQt6Widgets.so.6
#19 0x74532a48 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() at /lib/x86_64-linux-gnu/libQt6Core.so.6
#20 0x74532c27 in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) () at /lib/x86_64-linux-gnu/libQt6Core.so.6
#21 0x747198e3 in () at /lib/x86_64-linux-gnu/libQt6Core.so.6
#22 0x7312b1b4 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#23 0x7312e2d7 in () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x7312e8f0 in g_main_context_iteration () at
/lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x7471768c in
QEventDispatcherGlib::processEvents(QFlags) ()
at /lib/x86_64-linux-gnu/libQt6Core.so.6
#26 0x7453c8ea in
QEventLoop::exec(QFlags) () at
/lib/x86_64-linux-gnu/libQt6Core.so.6
#27 0x74535846 in QCoreApplication::exec() () at
/lib/x86_64-linux-gnu/libQt6Core.so.6
#28 0x555f134f in run_program (argv=0x7fffd8c8, argc=, logFile=...) at ./UI/obs-app.cpp:2524
#29 main(int, char**) (argc=, argv=0x7fffd8c8) at
./UI/obs-app.cpp:3435
