Rockbox

  • Status Closed
  • Percent Complete
    100%
  • Task Type Bugs
  • Category User Interface → Themes
  • Assigned To No-one
  • Operating System Sansa Clip Zip
  • Severity High
  • Priority Very Low
  • Reported Version Daily build (which?)
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Rockbox
Opened by toehser - 2014-01-09
Last edited by kugel. - 2014-01-12

FS#12929 - Crash in ClipZip and Simulator with certain themes/playlists (tomsway2 theme).

Using the theme “tomsway2” for “Sansa Clip Zip”, crashes and very bad things happen with some files/playlists, both on the player and the simulator.

- Hex dump screens requiring hard boot in the player
- “Stack Smashing Detected” core dumps in simulator

In an older build, also the user font was intermittently changing to the sysfont with no warning, but not in the tip of git.
Right now I’m using the tip of git as of Jan 9 2014.
I’ll try reproducing with a daily build next, for repeatability.

This seems to happen in a playlist that has international characters in fields and longing names.
I’ll investigate myself things like what the address is, but for now, most useful would be if it reproduces for everyone… I think…

Closed by  kugel.
2014-01-12 15:20
Reason for closing:  Fixed
Additional comments about closing:  

7ba2d01

- With 3.13 it the font changes sporadically to sysfont, then later it crashes on power off or on theme/wps/font change. (But works weirdly with wrong font for a while).
- With git head, it just crashes right away.
- I’ll upload a file that reproduces the problem in a few hours/days…

Here is a file that crashes with theme ClipZip tomsway2.

Here’s the file that breaks the theme.

It doesn’t want to let me attach it… trying again…

Note: The difference between “3.13 gets weird sysfont replacing user font then crashes later” and “git head crashes right away” seems to be due to my GCC defaulting to -fstack-protector - probably it is the same bug, but I’m catching it earlier with -fstack-protector in my toolchain when I build myself. The bug has been reproduced now using -fstack-protector (presumably it would fail eventually even without that).

Admin
fg commented on 2014-01-09 16:58

I’ve looked at this with fde92de2 in the sim. To easily reproduce, add -fstack-protector to GCCOPTS and/or LDOPTS (not sure if both are needed), unless your distro has added those to the defaults already.
The issue is that the filename here is fairly long, and the theme displays the filename. print_line() in apps/gui/line.c has a 128 byte buffer for lines (and does not check for overflow!), which in this case isn’t enough.
It looks like just splitting the string into smaller chunks in print_line() isn’t a solution because those chunks will then become individual scrollers, which clearly isn’t what we want.

There are 2 separate problems: one that affects git-head, a buffer overrun in line.c, and one that affects 3.13, a buffer corruption in bidi.c, details developing in IRC

I have pushed 7ba2d01 and 99f3f77 to address this in the current build. Can this be closed now?

All fixed, yes.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing