View Issue Details

IDProjectCategoryView StatusLast Update
0000902LDMud 3.6Runtimepublic2022-09-19 22:46
Reporterparadox Assigned ToGnomi  
PrioritynormalSeveritycrashReproducibilityalways
Status resolvedResolutionfixed 
PlatformLinuxOSUbuntuOS Version20.04
Fixed in Version3.6.6 
Summary0000902: LDMud 3.6.5 python initialization time object reference crash
DescriptionWith LDMud 3.6.4 with Python support compiled in it was possible to have a `--python-script` argument that used `import ldmud; ldmud.Object("/some/path.c")` to get a reference to an LPC object, even while the early driver initialization is occurring and the master object is not available.

With LDMud 3.6.5 the same Python startup script causes a reliable segfault. In "Steps to Reproduce" I've included a built binary and core dump from a representative segfault.

This appears to be due to a the `current_ob` being `NULL` before master has been initialized. This in turn causes a call to `ldmud_object_create` to use `NULL` as an argument to `ref_object`, causing a panic.

Here is a GDB session with a backtrace:
```
mud@windmill2:~/dunenextnext/ldmud-3.6.5/test$ gdb --args ../src/ldmud -u-1 -E 0 --no-compat -e -N --cleanup-time -1 --reset-time -1 --max-array 0 --max-callouts 0 --max-bytes 0 --max-file 0 -s-1 -sv-1 --hard-malloc-limit unlimited --min-malloc 0 -ru0 -rm0 -rs0 --no-strict-euids --no-wizlist-file --check-refcounts --check-state 2 --access-file none --access-log none -f test --python-script startup.py -Mmaster -mt-python 65432 --debug-file ../log/result.t-python.log
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation tgresources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ../src/ldmud...
warning: File "/home/mud/dunenextnext/ldmud-3.6.5/src/ldmud-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
    add-auto-load-safe-path /home/mud/dunenextnext/ldmud-3.6.5/src/ldmud-gdb.py
line to your configuration file "/home/mud/.gdbinit".
To completely disable this security protection add
    set auto-load safe-path /
line to your configuration file "/home/mud/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual. E.g., run from the shell:
    info "(gdb)Auto-loading safe path"
(gdb) run
Starting program: /home/mud/dunenextnext/ldmud-3.6.5/src/ldmud -u-1 -E 0 --no-compat -e -N --cleanup-time -1 --reset-time -1 --max-array 0 --max-callouts 0 --max-bytes 0 --max-file 0 -s-1 -sv-1 --hard-malloc-limit unlimited --min-malloc 0 -ru0 -rm0 -rs0 --no-strict-euids --no-wizlist-file --check-refcounts --check-state 2 --access-file none --access-log none -f test --python-script startup.py -Mmaster -mt-python 65432 --debug-file ../log/result.t-python.log
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
2022.01.11 02:10:38 LDMud 3.6.5 (3.6.5-1-gd8f1ef68) (development)
2022.01.11 02:10:38 Seeding PRNG from /dev/urandom.
2022.01.11 02:10:38 TLS: (OpenSSL) x509 keyfile '/home/mud/dunenextnext/certs/privkey.pem', certfile '/home/mud/dunenextnext/certs/fullchain.pem'
2022.01.11 02:10:38 TLS: (OpenSSL) X509 certificate from '/home/mud/dunenextnext/certs/fullchain.pem': B3:99:2B:EC:AD:C2:AE:1C:E6:64:C1:34:97:69:F6:C8:65:63:6F:21
2022.01.11 02:10:38 TLS: (OpenSSL) trusted x509 certificates from '/home/mud/dunenextnext/certs/fullchain.pem'.
2022.01.11 02:10:38 TLS: Importing built-in default DH parameters.
2022.01.11 02:10:38 mySQL 8.0.27

Program received signal SIGSEGV, Segmentation fault.
ldmud_object_create (ob=0x0) at pkg-python.c:2943
2943 self->lpc_object = ref_object(ob, "ldmud_object_create");
(gdb) bt
#0 ldmud_object_create (ob=0x0) at pkg-python.c:2943
0000001 0x000055555565beca in svalue_to_python (svp=0x7fffffffc710) at pkg-python.c:9322
0000002 python_save_contextvar_value (contextvar=0x5555557b9c08 <python_contextvar_current_object>,
    name=0x5555556c9dbd "ldmud.current_object", object=...) at pkg-python.c:9832
0000003 python_save_context () at pkg-python.c:9857
0000004 0x0000555555660fc5 in python_call_hook_object (hook=1, is_external=<optimized out>, ob=0x7ffff6440b80)
    at pkg-python.c:10410
0000005 0x0000555555619b4a in init_object_variables (ob=ob@entry=0x7ffff6440b80, templ=templ@entry=0x0) at object.c:494
0000006 0x000055555566ed22 in load_object (lname=lname@entry=0x7ffff644ad20 "a", create_super=create_super@entry=false,
    depth=depth@entry=0, isMasterObj=isMasterObj@entry=false, chain=chain@entry=0x0) at simulate.c:2236
0000007 0x000055555566c443 in lookfor_object (str=<optimized out>, bLoad=bLoad@entry=true) at simulate.c:2538
0000008 0x0000555555651a25 in ldmud_object_init_getobject (num_arg=num_arg@entry=0, data=data@entry=0x7fffffffcaa0)
    at pkg-python.c:2600
0000009 0x000055555565c0e9 in call_lpc_secure (fun=fun@entry=0x555555651a10 <ldmud_object_init_getobject>,
    num_arg=num_arg@entry=0, data=data@entry=0x7fffffffcaa0) at pkg-python.c:9759
0000010 0x000055555565c59a in ldmud_object_init (self=0x7ffff5de3540, args=<optimized out>, kwds=<optimized out>)
    at pkg-python.c:2632
0000011 0x00007ffff6edd199 in ?? () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
0000012 0x00007ffff6f3cafb in _PyObject_MakeTpCall () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
0000013 0x00007ffff6d08df3 in ?? () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#14 0x00007ffff6d10ef6 in _PyEval_EvalFrameDefault () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#15 0x00007ffff6e5eecb in _PyEval_EvalCodeWithName () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#16 0x00007ffff6e5f252 in PyEval_EvalCodeEx () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#17 0x00007ffff6e5f63f in PyEval_EvalCode () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#18 0x00007ffff6e200dc in ?? () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#19 0x00007ffff6e21a47 in PyRun_SimpleFileExFlags () from /lib/x86_64-linux-gnu/libpython3.8.so.1.0
#20 0x000055555565faf6 in pkg_python_init (prog_name=<optimized out>) at pkg-python.c:9987
#21 0x0000555555571b52 in main (argc=<optimized out>, argv=0x7fffffffe158) at main.c:581
```
Steps To ReproduceYou can download a core and a binary from https://binaryparadox.net/d/3.6.5.pyinit.segfault.tar.gz

It's also very easy to reproduce. Simply add a `.c` file to your lib, and have the Python script you pass to `--python-script` reference it from the top level package init context with `ldmud.Object("/path/to/ob.c")`. This will cause a segfault at game start.

Additional InformationI have a unit test that reproduces the crash as well as a fix to consider. I'll open a PR with both and leave a comment here with the URL in a moment.
TagsNo tags attached.

Activities

paradox

2022-01-11 02:26

reporter   ~0002674

Here's a branch with a unit test that reproduces the crash, and a potential fix to consider: https://github.com/ldmud/ldmud/pull/69

Issue History

Date Modified Username Field Change
2022-01-11 02:23 paradox New Issue
2022-01-11 02:26 paradox Note Added: 0002674
2022-01-11 08:39 Gnomi Assigned To => Gnomi
2022-01-11 08:39 Gnomi Status new => assigned
2022-09-19 22:46 Gnomi Status assigned => resolved
2022-09-19 22:46 Gnomi Resolution open => fixed
2022-09-19 22:46 Gnomi Fixed in Version => 3.6.6