Crash when retrieving servers list with system jsoncpp

[akien-mga]

I enabled cURL support in Mageia's minetest 0.4.10 package, but it crashes when trying to retrieve the servers list. Disabling the cURL support gets rid of the crash of course.

Here are the log and backtrace from gdb:

(gdb) run
Starting program: /usr/games/minetest 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Irrlicht log: Irrlicht Engine version 1.8.1
Irrlicht log: Linux 3.17.2-desktop-1.mga5 #1 SMP Thu Oct 30 20:01:11 UTC 2014 x86_64
Irrlicht log: Using renderer: OpenGL 3.0
Irrlicht log: Mesa DRI Intel(R) Ivybridge Mobile : Intel Open Source Technology Center
Irrlicht log: OpenGL driver version is 1.2 or better.
Irrlicht log: GLSL version: 1.3
[New Thread 0x7fffe53d5700 (LWP 8739)]
[Thread 0x7fffe53d5700 (LWP 8739) exited]
[New Thread 0x7fffe53d5700 (LWP 8740)]
[New Thread 0x7fffe4bd4700 (LWP 8741)]
[New Thread 0x7fffe4ad3700 (LWP 8742)]
[New Thread 0x7fffdbffe700 (LWP 8743)]
[New Thread 0x7fffdb7fd700 (LWP 8744)]
[New Thread 0x7fffdaffc700 (LWP 8745)]
terminate called after throwing an instance of 'LuaError'
  what():  C++ exception

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffdbffe700 (LWP 8743)]
0x00007ffff4f4f627 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

(gdb) bt
#0  0x00007ffff4f4f627 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff4f50dba in __GI_abort () at abort.c:89
#2  0x00007ffff584bc0d in __gnu_cxx::__verbose_terminate_handler () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007ffff5849c96 in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007ffff5849ce1 in std::terminate () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007ffff5849ef8 in __cxxabiv1::__cxa_throw (obj=0x7fffd0005ed0, tinfo=0xb60610 <typeinfo for LuaError>, dest=0x48f590 <LuaError::~LuaError()>)
    at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:87
#6  0x00000000004a49ba in ScriptApiBase::scriptError (this=this@entry=0x10bf068) at /usr/src/debug/minetest-0.4.10/src/script/cpp_api/s_base.cpp:160
#7  0x00000000004a1242 in AsyncWorkerThread::Thread (this=0x10beff0) at /usr/src/debug/minetest-0.4.10/src/script/cpp_api/s_async.cpp:297
#8  0x0000000000485033 in JThread::TheThread (param=0x10beff0) at /usr/src/debug/minetest-0.4.10/src/jthread/pthread/jthread.cpp:160
#9  0x00007ffff64765bd in start_thread (arg=0x7fffdbffe700) at pthread_create.c:310
#10 0x00007ffff501178d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

This is on Mageia 5 with cURL 7.38.0.

[kahrl]

Does this still happen in a current development build? If so, please paste the gdb log and backtrace from there too.

In particular, LuaJIT exception wrapping has been improved at some point, so it should no longer display the generic message

  what():  C++ exception

but show the actual exception message.

[akien-mga]

Thanks, I'll compile the development build and try that.

[akien-mga]

Same crash with the master revision, but the error message is indeed more verbose:

(gdb) run
Starting program: /usr/games/minetest 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Irrlicht log: Irrlicht Engine version 1.8.1
Irrlicht log: Linux 3.17.2-desktop-3.mga5 #1 SMP Tue Nov 4 00:29:54 UTC 2014 x86_64
Irrlicht log: Using renderer: OpenGL 3.0
Irrlicht log: Mesa DRI Intel(R) Ivybridge Mobile : Intel Open Source Technology Center
Irrlicht log: OpenGL driver version is 1.2 or better.
Irrlicht log: GLSL version: 1.3
[New Thread 0x7fffe53d5700 (LWP 10844)]
[Thread 0x7fffe53d5700 (LWP 10844) exited]
[New Thread 0x7fffe53d5700 (LWP 10845)]
[New Thread 0x7fffe4bd4700 (LWP 10846)]
[New Thread 0x7fffe4ad3700 (LWP 10847)]
[New Thread 0x7fffdbffe700 (LWP 10848)]
[New Thread 0x7fffdb7fd700 (LWP 10849)]
[New Thread 0x7fffdaffc700 (LWP 10850)]
terminate called after throwing an instance of 'LuaError'
  what():  Type is not convertible to string
stack traceback:
        [C]: in function 'func'
        /usr/share/games/minetest/builtin/async/init.lua:10: in function </usr/share/games/minetest/builtin/async/init.lua:4>

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffdbffe700 (LWP 10848)]
0x00007ffff4f4f627 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

(gdb) bt
#0  0x00007ffff4f4f627 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
#1  0x00007ffff4f50dba in __GI_abort () at abort.c:89
#2  0x00007ffff584bc0d in __gnu_cxx::__verbose_terminate_handler () at ../../../../libstdc++-v3/libsupc++/vterminate.cc:95
#3  0x00007ffff5849c96 in __cxxabiv1::__terminate (handler=<optimized out>) at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:47
#4  0x00007ffff5849ce1 in std::terminate () at ../../../../libstdc++-v3/libsupc++/eh_terminate.cc:57
#5  0x00007ffff5849ef8 in __cxxabiv1::__cxa_throw (obj=0x7fffd0012470, tinfo=0xb52910 <typeinfo for LuaError>, dest=0x491510 <LuaError::~LuaError()>)
    at ../../../../libstdc++-v3/libsupc++/eh_throw.cc:87
#6  0x00000000004a681a in ScriptApiBase::scriptError (this=this@entry=0x10b5328) at /usr/src/debug/minetest-master/src/script/cpp_api/s_base.cpp:160
#7  0x00000000004a30c2 in AsyncWorkerThread::Thread (this=0x10b52b0) at /usr/src/debug/minetest-master/src/script/cpp_api/s_async.cpp:297
#8  0x0000000000486cb3 in JThread::TheThread (param=0x10b52b0) at /usr/src/debug/minetest-master/src/jthread/pthread/jthread.cpp:160
#9  0x00007ffff64765bd in start_thread (arg=0x7fffdbffe700) at pthread_create.c:310
#10 0x00007ffff501178d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

[donat-b]

For me it seems like serverlist is returning erroneous data sometimes.

[akien-mga]

For me it seems like serverlist is returning erroneous data sometimes.

It's a systematic error for me though, I never got it to work. I just tried a build with the embedded version of jthread instead of the system one (just to be sure), but it doesn't solve it.

[donat-b]

My assumption was wrong then.

[ShadowNinja]

It might be that the code is depending on an int field being a string. I fixed a few of those oddities in my master server. If so it should consistently crash for everyone though, and I don't have this issue.

[sapier]

NEVER use a different version then our included jthiread it's not gonna work, we changed quite a lot things in there

[akien-mga]

NEVER use a different version then our included jthiread it's not gonna work, we changed quite a lot things in there

I'll keep that in mind, but anyway this bug is not related to using the system version of jthread, since I can reproduce both with minetest's and my system's.

[akien-mga]

@sapier's comment put my on the right track and I figured out that the issue comes from jsoncpp. When retrieving the server list with minetest build against my system's jsoncpp library (0.6.0 RC2), the game crashes. With the embedded version from the minetest tree, it works fine.

So I can build minetest against the embedded version of jsoncpp to workaround this issue. I'll let you decide whether you want to try to fix the compatibility with jsoncpp 0.6.0 RC2 or close the issue. Note that jsoncpp 0.7.0 (pre C++11 branch) and 1.0.0 were released 11 days ago; minetest doesn't link against version 1.0.0, I'm off testing 0.7.0.

[Zeno-]

There are a lot of LTS distros out there that still do not support C++11, so maybe that's why the JSON lib is included in the minetest tree. Although I'm not sure this explains your issue (apart from the linking one)

[akien-mga]

There are a lot of LTS distros out there that still do not support C++11, so maybe that's why the JSON lib is included in the minetest tree.

The 0.6.0 RC2 version I was building against is not using C++11, and the newly released 0.7.0 version doesn't either, as I can infer from the branching upstream: https://github.com/open-source-parsers/jsoncpp

[Zeno-]

Yes, so I'm not sure what the issue is. Perhaps the one bundled with minetest is modified (I really don't know, sorry). The only reason I commented is I didn't want this issue used as excuse for starting to use C++11 (which you didn't suggest, but ya never know how people might read things :))

[akien-mga]

I built minetest against jsoncpp 0.7.0, and there is some change: the client no longer segfault but I get *** Error in /usr/games/minetest': malloc(): memory corruption (fast): 0x00007fffc40c4f60 ***` when ticking the checkbox to retrieve the servers list.

The GUI stays responsive, but trying to launch a game or to close the client ends up in a freeze (which seems logical with regard to the error message).

[akien-mga]

Here's a backtrace. I don't know if this is relevant because the game doesn't segfault, so I had to close it with Ctrl+C in gdb to be able to ask for a backtrace (so maybe it's just a backtrace of my Ctrl+C call :-) ):

Program received signal SIGINT, Interrupt.
0x00007ffff6473665 in pthread_join (threadid=140736962288080, thread_return=0x0) at pthread_join.c:92
92          lll_wait_tid (pd->tid);
(gdb) bt
#0  0x00007ffff6473665 in pthread_join (threadid=140736962288080, thread_return=0x0) at pthread_join.c:92
#1  0x0000000000486d46 in JThread::Wait (this=0x10d5970) at /usr/src/debug/minetest-master/src/jthread/pthread/jthread.cpp:52
#2  0x000000000049e9d9 in AsyncEngine::~AsyncEngine (this=0x10b5fb8, __in_chrg=<optimized out>) at /usr/src/debug/minetest-master/src/script/cpp_api/s_async.cpp:63
#3  0x0000000000548cdc in ~MainMenuScripting (this=0x10b5fb0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /usr/src/debug/minetest-master/src/script/scripting_mainmenu.h:31
#4  MainMenuScripting::~MainMenuScripting (this=0x10b5fb0, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /usr/src/debug/minetest-master/src/script/scripting_mainmenu.h:31
#5  0x00000000006ab5e9 in GUIEngine::~GUIEngine (this=0x7fffffffcff0, __in_chrg=<optimized out>) at /usr/src/debug/minetest-master/src/guiEngine.cpp:302
#6  0x000000000047fed9 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/minetest-master/src/main.cpp:1730

[akien-mga]

It looks like minetest's version of jsoncpp was never patched and was imported in 2013, so it should work with a system wide version: https://github.com/minetest/minetest/commits/master/src/json/jsoncpp.cpp

Unless minetest uses it in a way that was not supported in 0.6 RC2 (2011) and was changed in 0.7.0 (2014).

[paramat]

@akien-mga still an issue? Note we have now moved to C++11.

[akien-mga]

Did a quick test with minetest 0.4.16, building with ENABLED_SYSTEM_JSONCPP=ON, and it no longer seems to crash when retrieving the servers list. I haven't done extensive testing but I guess this issue could be closed, and maybe the warning at https://github.com/minetest/minetest/blob/master/cmake/Modules/FindJson.cmake#L7 could be removed.

[paramat]

Thanks.