#541 x64 crashes with -cartcrt on command line

[ALeX Kazik]

The current version (2.4.7 from tarball) crashes when starting a cartridge from command-line with a Segmentation fault: 11.

How I build (10.9 on x86_64) and launched it:

./configure --with-cocoa
make all bindist
./vice-macosx-cocoa-x86_64-2.4.7/x64.app/Contents/MacOS/x64 -cartcrt /tmp/choplifter.crt

I've also tested it with an EasyFlash cartridge - same result. x64sc has also the same bug.

It works well when I start x64 from command line without the -cartcrt option and then add the cartridge via menu.

Older versions do work fine, e.g. 2.4 releae:

/Volumes/vice-macosx-cocoa-i386+x86_64-10.6-gcc42-2.4/x64.app/Contents/MacOS/x64 -cartcrt /tmp/choplifter.crt

[gpz]

could you provide some more info on what compiler exactly you used and what your setup looks like? it doesnt do that in linux, so it must be some OSX specific issue. can you do a gdb backtrace?

[ALeX Kazik]

I've attached the configure output - hope that helps.

I can launch prg's via cmdline fine - it's not an general cmdline problem. But specifying arguments to options, e.g. -chdir /tmp/ also crashes. Options without arguments, e.g. -sound also works fine.

Here is the lldb output:

$ lldb -- ./vice-macosx-cocoa-x86_64-2.4.7/x64.app/Contents/MacOS/x64 -cartcrt /tmp/choplifter.crt 
Current executable set to './vice-macosx-cocoa-x86_64-2.4.7/x64.app/Contents/MacOS/x64' (x86_64).
(lldb) run
Process 82128 launched: './vice-macosx-cocoa-x86_64-2.4.7/x64.app/Contents/MacOS/x64' (x86_64)
opening dynamic library /opt/local/lib/libavformat.55.dylib failed! error: dlopen(/opt/local/lib/libavformat.55.dylib, 5): image not found
Reading configuration file `/Users/me/Library/Preferences/org.viceteam.x64/vicerc'.
Process 82128 stopped
* thread #6: tid = 0x16b2362, 0x00007fff834a7732 libsystem_c.dylib`strlen + 18, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x00007fff834a7732 libsystem_c.dylib`strlen + 18
libsystem_c.dylib`strlen + 18:
-> 0x7fff834a7732:  pcmpeqb (%rdi), %xmm0
   0x7fff834a7736:  pmovmskb %xmm0, %esi
   0x7fff834a773a:  andq   $0xf, %rcx
   0x7fff834a773e:  orq    $-0x1, %rax
(lldb) bt
* thread #6: tid = 0x16b2362, 0x00007fff834a7732 libsystem_c.dylib`strlen + 18, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
  * frame #0: 0x00007fff834a7732 libsystem_c.dylib`strlen + 18
    frame #1: 0x0000000100013a9a x64`lib_stralloc(str=0x0002000000000000) + 26 at lib.c:739
    frame #2: 0x000000010000f1d9 x64`initcmdline_check_args(argc=3, argv=<unavailable>) + 73 at initcmdline.c:307
    frame #3: 0x0000000100015f1b x64`main_program(argc=3, argv=0x0000000101848b00) + 571 at main.c:191
    frame #4: 0x00000001001324a1 x64`-[VICEMachine startMachineWithArgs:app:pool:] + 689
    frame #5: 0x00000001001321e3 x64`+[VICEMachine startConnected:] + 419
    frame #6: 0x00007fff842e776b Foundation`__NSThread__main__ + 1318
    frame #7: 0x00007fff83a48899 libsystem_pthread.dylib`_pthread_body + 138
    frame #8: 0x00007fff83a4872a libsystem_pthread.dylib`_pthread_start + 137

[ALeX Kazik]

I've compiled a brunch of vice (development) releases:
2.4 and 2.4.1 work with the command line, 2.4.2 and 2.4.3 do crash.

[gpz]

mmmh, please try with r28194, maybe that fixes it...

if not, it would help if you could do the following:

• uncomment the #define DEBUG_CMDLINE at the top of initcmdline.c and cmdline.c
• recompile
• test the following commandlines, interesting is the log/console output

x64 -cartcrt yourcart.crt
x64 -cartcrt yourcart.crt foo
x64 -cartcrt yourcart.crt foo bar

[ALeX Kazik]

That didn't fix it.
With foo as an extra argument I get one of three resuts, without and with foo bar it crashes always.

x64 -cartcrt yourcart.crt:

initcmdline_check_args (argc:3)
cmdline_parse (argc:3)
1:--cartcrt
argc:3 i:3
Segmentation fault: 11

x64 -cartcrt yourcart.crt foo: (works)

initcmdline_check_args (argc:4)
cmdline_parse (argc:4)
1:--cartcrt
3:foo
argc:4 i:3
1 1=3:foo
new argc:2
initcmdline_check_args 1 (argc:2)
initcmdline_check_args 2 (argc:1)

x64 -cartcrt yourcart.crt foo: (crashes)

initcmdline_check_args (argc:4)
cmdline_parse (argc:4)
1:--cartcrt
3:foo
argc:4 i:3
1 1=3:foo
2 2=4:?-?r?
Segmentation fault: 11

x64 -cartcrt yourcart.crt foo: (hangs)

initcmdline_check_args (argc:4)
cmdline_parse (argc:4)
1:--cartcrt
3:foo
argc:4 i:3
1 1=3:foo
2 2=4:allocWithZone:
3 3=5:UH??SPH??1??w???H??tH?[]?H??H?[]?%?~?H???H????@??t?類???UH??=?z?
new argc:4
initcmdline_check_args 1 (argc:4)
initcmdline_check_args 2 (argc:3)
Extra arguments on command-line:  allocWithZone: UH??SPH??1??w???H??tH?[]?H??H?[]?%?~?H???H????@??t?類???UH??=?z?

x64 -cartcrt yourcart.crt foo bar:

initcmdline_check_args (argc:5)
cmdline_parse (argc:5)
1:--cartcrt
3:foo
argc:5 i:3
1 1=3:foo
2 2=4:bar
3 3=5:@?H
Segmentation fault: 11

[Greg King]

The bug is at the end of cmdline_parse(). When the remaining arguments are moved to the beginning of argv[], *argc is compared to j, in order to see where to stop. But, *argc is the size of the old argv[], while j is the subscript into the new argv[]. Therefore, the Macintosh-built code sometimes copies more stuff (garbage) than it should copy.

I have attached a patch that should fix the problem.

[ALeX Kazik]

That did the trick. Thanks!

[gpz]

well spotted - applied in r28219

thanks for the patch!