Bug#1041211: libsdl-perl: FTBFS and autopkgtest failure with sdl12-compat, especially on 32-bit

Simon McVittie smcv at debian.org
Tue Jul 18 18:24:32 BST 2023


Control: tags -1 + upstream
Control: clone -1 -2
Control: reassign -1 src:libsdl-perl 2.548-3
Control: forwarded -1 https://github.com/PerlGameDev/SDL/issues/305
Control: severity -2 wishlist
Control: retitle -2 sdl12-compat: could work around libsdl-perl incorrectly freeing SDL_SetVideoMode() result

On Tue, 18 Jul 2023 at 02:07:39 +0100, Simon McVittie wrote:
> On Mon, 17 Jul 2023 at 10:35:14 +0100, Simon McVittie wrote:
> > I can reproduce a use-after-free on amd64. The test doesn't crash on amd64
> > for whatever reason, but it's visible when using valgrind, or when
> > recompiling sdl12-compat and libsdl2 with -fsanitize=address.
> 
> I was able to reduce the Perl test to a small C reproducer, which I've
> sent upstream to sdl12-compat (see URL above). As far as I can tell,
> it's most likely to be a sdl12-compat bug, but I don't understand the
> memory management for these surfaces well enough to fix it.

SDL upstream have clarified that what libsdl-perl is doing here was
never correct, so actually, this is more a libsdl-perl bug than a
sdl12-compat bug. The result of SDL_SetVideoMode() is never meant to be
freed by a library user, only internally by SDL itself.

I've sent a possible fix to https://github.com/PerlGameDev/SDL/pull/306,
but I'm intentionally not tagging this bug +patch, because it badly needs
reviewing by someone who has written XS bindings before (I'd never tried
writing XS before today).

> A brute-force workaround would be to intentionally leak every surface
> object that was previously the video surface, by adding a flag that
> would make SDL_FreeSurface ignore it, but I hope upstream will be able
> to suggest something less bad than that.

Let's use #1041211 for the RC bug in libsdl-perl (FTBFS and autopkgtest
failure triggered by the new version of libsdl1.2debian), and use its new
clone -2 to represent a possible workaround in sdl12-compat.

sdl12-compat aims for bug-for-bug compatibility with classic SDL 1.2,
so they are hoping to be able to avoid the crash. If they can, I'll
downgrade #1041211 to be non-RC after that workaround is uploaded.

    smcv



More information about the Pkg-sdl-maintainers mailing list