[BRLTTY] Crash of BRLTTY in X session

Samuel Thibault samuel.thibault at ens-lyon.org
Thu Nov 14 23:36:24 UTC 2024 

Hello,

Sebastian Humenda, le mer. 13 nov. 2024 19:54:34 +0100, a ecrit:
> Samuel Thibault schrieb am 06.11.2024,  1:30 +0100:
> >Sebastian Humenda, le mar. 05 nov. 2024 10:52:19 +0100, a ecrit:
> >> With BRLTTY 6.7, BRLTTY crashed while I was using Orca in the X session. The
> >> back trace is below.
> >
> >> Thread 1 (Thread 0x7f2092ffe6c0 (LWP 589460)):
> >> #5  0x00007f20963ec7ba in malloc_printerr (str=str at entry=0x7f20964ef0b1 "free(): invalid pointer") at ./malloc/malloc.c:5660
> >> #6  0x00007f20963ee544 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=have_lock at entry=0) at ./malloc/malloc.c:4435
> >> #7  0x00007f20963f0e9f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3385
> >> #8  0x00005637596a87bc in freeKeyrangeList (l=l at entry=0x7f2084025ce0) at ../../Programs/brlapi_keyranges.c:65
> >> #9  0x00005637596a12c6 in doLeaveTty (c=c at entry=0x7f2084025c50) at ../../Programs/brlapi_server.c:993
> >
> >So it'd either be a concurrent operation on c->acceptedKeys, or a memory
> >corruption from somewhere else. This code has not really changed since
> >6.6, so it seems unlikely to me (and I have re-proofread it), so I'd
> >tend to think about "somewhere else". Ideally you could run it through
> >valgrind, but that'd probably be way too heavy. Perhaps you can
> >recompile with CFLAGS=-fsanitize=address LDFLAGS=-fsanitize=address ?
> 
> I'm not sure whether it worked, as I did
> 
> CFLAGS += ...
> export CFLAGS
> 
> in the debian/rules Makefile of the Debian packaging, and am hoping that the
> flags got picked up.

You can check the output of "ldd /usr/bin/brltty" which should show
libasan.so

> The backtrace is below.
> How would the backtraces change if the sanitizer is active?

It wouldn't, the sanitizer prints its debugging on stderr during the
execution.

> #7  0x00007f468c126f1f in __GI___libc_free (mem=<optimized out>) at ./malloc/malloc.c:3385
> #8  0x00005626263142e0 in freeBrailleWindow (brailleWindow=0x7f467c025da0) at ../../Programs/brlapi_server.c:607
> #9  doLeaveTty (c=c at entry=0x7f467c025d60) at ../../Programs/brlapi_server.c:994

So in this case it's not freeKeyrangeList but freeBrailleWindow (which
is just after that) which got the assertion, so it really looks like a
"something else" case.

Samuel

More information about the BRLTTY mailing list