MantisBT - Doomseeker |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0003927 | Doomseeker | [All Projects] Bug | public | 2021-12-04 18:44 | 2022-03-22 11:11 |
|
| Reporter | WaTaKiD | |
| Assigned To | Zalewa | |
| Priority | urgent | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | 1.3.2 | |
| Target Version | 1.3.3 | Fixed in Version | 1.3.3 | |
|
| Summary | 0003927: doomseeker crashes upon changing fraglimit in zandro server |
| Description | when hosting a server thru doomseeker and then changing the fraglimit, doomseeker, not zandro, crashes
the following gamemodes crash via changing fraglimit:
duel
deathmatch
terminator
lms
possession
ive not tested every single gamemode/limit combination, but i can if needed |
| Steps To Reproduce | host a 3.1 zandro server with an above gamemode, doom2.wad, and no pwads
in the server's console window, type fraglimit 1
doomseeker crashes |
| Additional Information | 1.3.2-210807-0930 (ABI: 2)
76de31dc7528
Revision: 1628328618
beta update channel
happens with zandro betas starting with ZandroDev3.1-180901-1533windows and newer, ZandroDev3.1-180520-0650windows and older dont crash |
| Tags | No tags attached. |
| Relationships | | related to | 0003936 | closed | WubTheCaptain | Doomseeker 1.3.2-p1 / doomseeker-zandronum 43 & doomseeker-zandronumq 3 release |
|
| Attached Files |  Zandronum__2021_12_08-23_58_14.log (4,358) 2021-12-08 23:59
/tracker/file_download.php?file_id=2683&type=bug
gdb-1.txt (8,114) 2021-12-09 00:26
/tracker/file_download.php?file_id=2684&type=bug
gdb-2.txt (8,036) 2021-12-09 00:26
/tracker/file_download.php?file_id=2685&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2021-12-04 18:44 | WaTaKiD | New Issue | |
| 2021-12-08 23:58 | WubTheCaptain | Status | new => confirmed |
| 2021-12-08 23:59 | WubTheCaptain | File Added: Zandronum__2021_12_08-23_58_14.log | |
| 2021-12-09 00:26 | WubTheCaptain | File Added: gdb-1.txt | |
| 2021-12-09 00:26 | WubTheCaptain | File Added: gdb-2.txt | |
| 2021-12-09 00:29 | WubTheCaptain | Note Added: 0021854 | |
| 2021-12-09 00:31 | WubTheCaptain | Note Added: 0021855 | |
| 2021-12-09 00:31 | WubTheCaptain | Note Edited: 0021855 | bug_revision_view_page.php?bugnote_id=21855#r13397 |
| 2021-12-09 00:39 | WubTheCaptain | Note Added: 0021856 | |
| 2021-12-09 00:40 | WubTheCaptain | Note Edited: 0021856 | bug_revision_view_page.php?bugnote_id=21856#r13399 |
| 2021-12-09 00:40 | WubTheCaptain | Note Added: 0021857 | |
| 2021-12-09 00:52 | WubTheCaptain | OS | Windows => |
| 2021-12-09 00:52 | WubTheCaptain | OS Version | XP/Vista/7 => |
| 2021-12-09 00:52 | WubTheCaptain | Platform | Microsoft => |
| 2021-12-09 02:57 | WubTheCaptain | Note Edited: 0021855 | bug_revision_view_page.php?bugnote_id=21855#r13423 |
| 2021-12-09 16:24 | Zalewa | Note Added: 0021868 | |
| 2021-12-09 16:24 | Zalewa | Priority | normal => urgent |
| 2021-12-09 20:56 | Pol M | Assigned To | => Pol M |
| 2021-12-09 20:56 | Pol M | Status | confirmed => assigned |
| 2021-12-09 21:52 | Pol M | Assigned To | Pol M => |
| 2021-12-09 21:52 | Pol M | Status | assigned => confirmed |
| 2021-12-10 19:10 | Zalewa | Assigned To | => Zalewa |
| 2021-12-10 19:10 | Zalewa | Status | confirmed => assigned |
| 2021-12-10 19:17 | WubTheCaptain | Note Added: 0021870 | |
| 2021-12-10 19:18 | WubTheCaptain | Note Edited: 0021870 | bug_revision_view_page.php?bugnote_id=21870#r13427 |
| 2021-12-10 19:39 | Zalewa | Note Added: 0021871 | |
| 2021-12-10 19:39 | Zalewa | Status | assigned => needs testing |
| 2021-12-11 01:29 | WaTaKiD | Note Added: 0021873 | |
| 2021-12-11 02:47 | WubTheCaptain | Note Added: 0021875 | |
| 2021-12-11 02:48 | WubTheCaptain | Note Added: 0021876 | |
| 2021-12-11 03:10 | WubTheCaptain | Relationship added | related to 0003936 |
| 2021-12-11 03:19 | WubTheCaptain | Note Added: 0021877 | |
| 2021-12-11 09:22 | Zalewa | Status | needs testing => resolved |
| 2021-12-11 09:22 | Zalewa | Resolution | open => fixed |
| 2021-12-11 15:53 | WubTheCaptain | Fixed in Version | => 1.3.3 |
| 2021-12-11 15:53 | WubTheCaptain | Target Version | => 1.3.3 |
| 2022-03-22 11:11 | WubTheCaptain | Status | resolved => closed |
|
Notes |
|
|
|
Server advertisement (tested at least in LAN) craps out.
Thread 1 "doomseeker" received signal SIGSEGV, Segmentation fault.
0x00007ffff6882e70 in QString::operator=(QString const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
(gdb) bt full
#0 0x00007ffff6882e70 in QString::operator=(QString const&) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
#1 0x0000555555683b50 in PWad::PWad(QString const&, bool) ()
No symbol table info available.
0000002 0x00007ffff0da4d55 in ZandronumServer::readRequest(QByteArray const&) () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so
No symbol table info available.
0000003 0x00007ffff0d87f2c in ZandronumBroadcast::readAllPendingDatagrams() () from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so
No symbol table info available.
0000004 0x00007ffff6a1c1b8 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000005 0x00007ffff74833cf in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5
No symbol table info available.
0000006 0x00007ffff7496211 in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5
No symbol table info available.
0000007 0x00007ffff77b86bf in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
No symbol table info available.
0000008 0x00007ffff69e5b1a in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000009 0x00007ffff6a3dd0d in ?? () from /lb/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000010 0x00007ffff5819cdb in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000011 0x00007ffff5819f88 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000012 0x00007ffff581a03f in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000013 0x00007ffff6a3d154 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000014 0x00007ffff69e452b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000015 0x00007ffff69ec800 in QCoreApplication::exec() () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000016 0x000055555563a2f3 in Main::run() ()
No symbol table info available.
0000017 0x00005555554eb5db in main ()
No symbol table info available.
Debug symbols available in attached gdb-1.txt and gdb-2.txt log files. The server process needs to be killed for Doomseeker to launch again (and not be hit by this bug immediately on server list fetching).
I'm guessing this is remotely exploitable (crashable) with Doomseeker's default configuration. |
|
|
|
(0021855)
|
|
WubTheCaptain
|
2021-12-09 00:31
(edited on: 2021-12-09 02:57) |
|
For the record, Qt 5.15 is also showing lots of deprecation warnings when compiling. I've tested with Qt 5.15, but have not tested with earlier Qt5 versions. But we're probably doing something wrong here ourselves too.
|
|
|
|
(0021856)
|
|
WubTheCaptain
|
2021-12-09 00:39
(edited on: 2021-12-09 00:40) |
|
To reproduce the bug, the primary conditions are:
- When hosting the server, it must be broadcast to at least LAN.
- Doomseeker must query for Zandronum servers and refresh the server list to see the server; this may happen automatically, depending on configuration (and may require mouse focus on the server list window).
- Additional conditions as reported by OP.
|
|
|
|
|
I also had this different error earlier.
(gdb) bt full
#0 0x0000555555683b60 in PWad::isOptional() const ()
No symbol table info available.
#1 0x00007ffff0da4d20 in ZandronumServer::readRequest(QByteArray const&) ()
from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so
No symbol table info available.
0000002 0x00007ffff0d87f2c in ZandronumBroadcast::readAllPendingDatagrams() ()
from /usr/lib/x86_64-linux-gnu/doomseeker/engines/libzandronum.so
No symbol table info available.
0000003 0x00007ffff6a1c1b8 in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000004 0x00007ffff74833cf in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5
No symbol table info available.
0000005 0x00007ffff7496211 in ?? () from /lib/x86_64-linux-gnu/libQt5Network.so.5
No symbol table info available.
0000006 0x00007ffff77b86bf in QApplicationPrivate::notify_helper(QObject*, QEvent*) ()
from /lib/x86_64-linux-gnu/libQt5Widgets.so.5
No symbol table info available.
0000007 0x00007ffff69e5b1a in QCoreApplication::notifyInternal2(QObject*, QEvent*) ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000008 0x00007ffff6a3dd0d in ?? () from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000009 0x00007ffff5819cdb in g_main_context_dispatch ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000010 0x00007ffff5819f88 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000011 0x00007ffff581a03f in g_main_context_iteration ()
from /lib/x86_64-linux-gnu/libglib-2.0.so.0
No symbol table info available.
0000012 0x00007ffff6a3d154 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
() from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000013 0x00007ffff69e452b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000014 0x00007ffff69ec800 in QCoreApplication::exec() ()
from /lib/x86_64-linux-gnu/libQt5Core.so.5
No symbol table info available.
0000015 0x000055555563a2f3 in Main::run() ()
No symbol table info available.
0000016 0x00005555554eb5db in main ()
No symbol table info available. |
|
|
|
(0021868)
|
|
Zalewa
|
|
2021-12-09 16:24
|
|
|
A crash like this is not good. The protocol parser should be resistant to the data it accepts, which it clearly isn't, and any specifically prepared server could crash it. I'm upping the priority to urgent on this. |
|
|
|
(0021870)
|
|
WubTheCaptain
|
2021-12-10 19:17
(edited on: 2021-12-10 19:18) |
|
Target Version for this issue?
|
|
|
|
(0021871)
|
|
Zalewa
|
|
2021-12-10 19:39
|
|
|
|
|
|
|
while i cant speak for qzandronum, this does seem to be fixed for regular zandronum |
|
|
|
|
|
I'll leave this issue up to Zalewa to resolve, though I state my support for the idea of a 1.3.2-p1 release with these two patched engines on top of the latest stable Doomseeker 1.3.2 release. |
|
|
|
|
Quote from WubTheCaptain
I'll leave this issue up to Zalewa to resolve, though I state my support for the idea of a 1.3.2-p1 release with these two patched engines on top of the latest stable Doomseeker 1.3.2 release.
For DRDTeam Debian packages, this would mean updates to doomseeker-zandronum and doomseeker-zandronumq packages alone. |
|
|
|
|
Zalewa: For the record, the copyright years in file headers never seem to be updated even for so significant changes like this. 🙃
"About" dialogue is currently fine. |
|