[BRLTTY] Crash of BRLTTY in X sessionudo systemctl edit brlpulse

Sebastian Humenda shumenda at gmx.de
Mon Mar 3 10:20:03 UTC 2025 

Hi Dave

Dave Mielke schrieb am 01.03.2025,  7:41 -0500:
>[quoted lines by Samuel Thibault on 2025/02/27 at 21:54 +0100]
>
>>I believe we have the information:
>>
>>> ==208649==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0019f8101 at pc 0x55de2ae390a3 bp 0x7fff172e34a0 sp 0x7fff172e3498
>>> READ of size 1 at 0x60c0019f8101 thread T0
>>>     #0 0x55de2ae390a2 in usbCancelRequest ??:?
>>
>>This is the urb->endpoint read. We are trying to cancel a request but it
>>was already freed.
>
>Sebastian: Please test the attached patch.

The ASAN output is below. It might be unrelated, as I saw the behaviour on the
TTY.

Thanks
Sebastian
===
brltty[529799]: Braille Driver: ht [HandyTech] Version:0.6
brltty[529799]: brltty: Braille Driver: ht [HandyTech] Version:0.6
brltty[529799]: AddressSanitizer:DEADLYSIGNAL
brltty[529799]: =================================================================
brltty[529799]: ==529799==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f33836d0d66 bp 0x7ffff7b30bb0 sp 0x7ffff7b30338 T0)
brltty[529799]: ==529799==The signal is caused by a READ memory access.
brltty[529799]: ==529799==Hint: address points to the zero page.
brltty[529799]:     #0 0x7f33836d0d66 in __sanitizer::internal_strlen(char const*) ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167
brltty[529799]:     #1 0x7f338366dc9f in unpoison_glob_t ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2304
brltty[529799]:     #2 0x7f338366e292 in __interceptor_glob ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:2380
brltty[529799]:     #3 0x55f3f6a1fd9b  (/usr/bin/brltty+0x109d9b)
brltty[529799]:     #4 0x55f3f6a1e0dd  (/usr/bin/brltty+0x1080dd)
brltty[529799]:     #5 0x55f3f6a23009 in getCurrentMenuItem (/usr/bin/brltty+0x10d009)
brltty[529799]:     #6 0x55f3f6a22b72 in changeMenuSettingScaled (/usr/bin/brltty+0x10cb72)
brltty[529799]:     #7 0x55f3f6a4b2ad  (/usr/bin/brltty+0x1352ad)
brltty[529799]:     #8 0x55f3f6a3a0f8 in handleCommand (/usr/bin/brltty+0x1240f8)
brltty[529799]:     #9 0x55f3f6a3a388 in handleCommandAlarm (/usr/bin/brltty+0x124388)
brltty[529799]:     #10 0x55f3f69f2205 in asyncExecuteAlarmCallback (/usr/bin/brltty+0xdc205)
brltty[529799]:     #11 0x55f3f69f0a72  (/usr/bin/brltty+0xdaa72)
brltty[529799]:     #12 0x55f3f69f0f06  (/usr/bin/brltty+0xdaf06)
brltty[529799]:     #13 0x55f3f69f11ef in asyncAwaitCondition (/usr/bin/brltty+0xdb1ef)
brltty[529799]:     #14 0x55f3f69ca47b in brlttyWait (/usr/bin/brltty+0xb447b)
brltty[529799]:     #15 0x55f3f69c2ad7  (/usr/bin/brltty+0xacad7)
brltty[529799]:     #16 0x55f3f69c2b10 in main (/usr/bin/brltty+0xacb10)
brltty[529799]:     #17 0x7f3380e46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
brltty[529799]:     #18 0x7f3380e46304 in __libc_start_main_impl ../csu/libc-start.c:360
brltty[529799]:     #19 0x55f3f69c2a00 in _start (/usr/bin/brltty+0xaca00)
brltty[529799]: AddressSanitizer can not provide additional info.
brltty[529799]: SUMMARY: AddressSanitizer: SEGV ../../../../src/libsanitizer/sanitizer_common/sanitizer_libc.cpp:167 in __sanitizer::internal_strlen(char const*)
brltty[529799]: ==529799==ABORTING

More information about the BRLTTY mailing list