MacOSX: Crash in SDL_SendKeyboardKey()

SDL Development
1

Hi

I am using MacOSX 10.6 with Macports, and after upgrading the 'libsdl-devel’
package, my application is crashing in SDL_SendKeyboardKey()… the crash
is happening after a few frames have been displayed on the screen.

Version of SDL used:

libsdl-devel @1.3.0-5552_0 (active)

My application is reading events from SDL like this:

SDL_Event event;
SDL_PollEvent(&event);

here is parts of the GDB backtrace:

(gdb) bt
#0 0x0000000101ea5358 in SDL_SendKeyboardKey ()
#1 0x0000000101efbe51 in Cocoa_HandleKeyEvent ()
#2 0x0000000101efac1e in Cocoa_PumpEvents ()
#3 0x0000000101ea4195 in SDL_PumpEvents ()
#4 0x0000000101ea45a5 in SDL_WaitEventTimeout ()

I can provide more info if needed …

/alfred

2

Hi Alfred,On Wed, Feb 24, 2010 at 12:35 AM, Alfred E. Heggestad wrote:

I am using MacOSX 10.6 with Macports, and after upgrading the 'libsdl-devel’
package, my application is crashing in SDL_SendKeyboardKey()… the crash
is happening after a few frames have been displayed on the screen.

Version of SDL used:

?libsdl-devel @1.3.0-5552_0 (active)

My application is reading events from SDL like this:

? ? ? ?SDL_Event event;
? ? ? ?SDL_PollEvent(&event);

here is parts of the GDB backtrace:

(gdb) bt
#0 ?0x0000000101ea5358 in SDL_SendKeyboardKey ()
#1 ?0x0000000101efbe51 in Cocoa_HandleKeyEvent ()
#2 ?0x0000000101efac1e in Cocoa_PumpEvents ()
#3 ?0x0000000101ea4195 in SDL_PumpEvents ()
#4 ?0x0000000101ea45a5 in SDL_WaitEventTimeout ()

I can provide more info if needed …

Cocoa_HandleKeyEvent has been changed a little bit to adapt the
Unicode text input model, however, from what I have seen in the
code it is still unclear why it will cause the crash in
SDL_SendKeyboardKey. My guess is some keyboard index has not been
initialized. It will be really helpful if you can reduce your app
into a minimal example that can reproduce the same crash and
attach this example here.

  • Jiang
3

Hi Alfred,

I am using MacOSX 10.6 with Macports, and after upgrading the 'libsdl-devel’
package, my application is crashing in SDL_SendKeyboardKey()… the crash
is happening after a few frames have been displayed on the screen.

Version of SDL used:

libsdl-devel @1.3.0-5552_0 (active)

My application is reading events from SDL like this:

    SDL_Event event;
    SDL_PollEvent(&event);

here is parts of the GDB backtrace:

(gdb) bt
#0 0x0000000101ea5358 in SDL_SendKeyboardKey ()
#1 0x0000000101efbe51 in Cocoa_HandleKeyEvent ()
#2 0x0000000101efac1e in Cocoa_PumpEvents ()
#3 0x0000000101ea4195 in SDL_PumpEvents ()
#4 0x0000000101ea45a5 in SDL_WaitEventTimeout ()

I can provide more info if needed …

Cocoa_HandleKeyEvent has been changed a little bit to adapt the
Unicode text input model, however, from what I have seen in the
code it is still unclear why it will cause the crash in
SDL_SendKeyboardKey. My guess is some keyboard index has not been
initialized. It will be really helpful if you can reduce your app
into a minimal example that can reproduce the same crash and
attach this example here.

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’, scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’, scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily unavailable, due to optimizations>, event=<value temporarily unavailable, due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at src/video/cocoa/SDL_cocoaevents.m:213
#3 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#4 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830, timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

/alfredOn 2/24/10 2:30 AM, Jjgod Jiang wrote:

On Wed, Feb 24, 2010 at 12:35 AM, Alfred E. Heggestad<@Alfred_E_Heggestad> wrote:

  • Jiang

SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

4

hello
i remember seeing a similar error in
keyboard->focus
when using the SDL_iPhoneKeyboard* routines.
Every time i pressed a key button the app would send a EXC_BAD_ACCESS
because focus was NULL
i didn’t report it because i thought it was an error in my code or due to
the beta status of sdl for iphone but it appears is something tied to the
MacOS architecture

could you file a bug in bugzilla? this can become serious but can be fixed
if it gets enough visibility

bye
Vittorio

Charles de Gaullehttp://www.brainyquote.com/quotes/authors/c/charles_de_gaulle.html

  • "The better I get to know men, the more I find myself loving dogs."On Wed, Feb 24, 2010 at 11:09 AM, Alfred E. Heggestad wrote:

On 2/24/10 2:30 AM, Jjgod Jiang wrote:

Hi Alfred,

On Wed, Feb 24, 2010 at 12:35 AM, Alfred E. Heggestad wrote:

I am using MacOSX 10.6 with Macports, and after upgrading the
’libsdl-devel’
package, my application is crashing in SDL_SendKeyboardKey()… the crash
is happening after a few frames have been displayed on the screen.

Version of SDL used:

libsdl-devel @1.3.0-5552_0 (active)

My application is reading events from SDL like this:

   SDL_Event event;
   SDL_PollEvent(&event);

here is parts of the GDB backtrace:

(gdb) bt
#0 0x0000000101ea5358 in SDL_SendKeyboardKey ()
#1 0x0000000101efbe51 in Cocoa_HandleKeyEvent ()
#2 0x0000000101efac1e in Cocoa_PumpEvents ()
#3 0x0000000101ea4195 in SDL_PumpEvents ()
#4 0x0000000101ea45a5 in SDL_WaitEventTimeout ()

I can provide more info if needed …

Cocoa_HandleKeyEvent has been changed a little bit to adapt the
Unicode text input model, however, from what I have seen in the
code it is still unclear why it will cause the crash in
SDL_SendKeyboardKey. My guess is some keyboard index has not been
initialized. It will be really helpful if you can reduce your app
into a minimal example that can reproduce the same crash and
attach this example here.

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily
unavailable, due to optimizations>, event=<value temporarily unavailable,
due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at
src/video/cocoa/SDL_cocoaevents.m:213
#3 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#4 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

/alfred

  • Jiang

SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

5

Hi,On Wed, Feb 24, 2010 at 6:09 PM, Alfred E. Heggestad wrote:

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 ?0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 ? ? ? ? ? ? event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 ?0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 ?0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily
unavailable, due to optimizations>, event=<value temporarily unavailable,
due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 ?0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at
src/video/cocoa/SDL_cocoaevents.m:213
#3 ?0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#4 ?0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

Thank you for this investigation, the attached patch should fix the crash.

However, that’s just part of the solution, because normally when a keyboard
event is received, it should always has a focused window (otherwise it won’t
be able to receive such event), so the problem is why you received this
event without any focused window. Probably there is a bug in window focus
handling, but I am not sure. Still, it will be helpful if you can send us
a minimal sample.

6

Hi,

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily
unavailable, due to optimizations>, event=<value temporarily unavailable,
due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at
src/video/cocoa/SDL_cocoaevents.m:213
#3 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#4 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

Thank you for this investigation, the attached patch should fix the crash.

thanks, I already did that locally, and now it does not crash :slight_smile:

However, that’s just part of the solution, because normally when a keyboard
event is received, it should always has a focused window (otherwise it won’t
be able to receive such event), so the problem is why you received this
event without any focused window. Probably there is a bug in window focus
handling, but I am not sure. Still, it will be helpful if you can send us
a minimal sample.

it might also be that I am using the SDL API in a wrong way, either
from different threads or similar…

I had a new crash, also caused by a NULL pointer deref:

#0 SDL_OnWindowFocusLost (window=0x1003583c0) at src/video/SDL_video.c:1427
1427 if (display->gamma && _this->SetDisplayGammaRamp) {

(gdb) print display
$1 = (SDL_VideoDisplay *) 0x0

(gdb) bt
#0 SDL_OnWindowFocusLost (window=0x1003583c0) at src/video/SDL_video.c:1427
#1 0x00000001010f2c1b in SDL_SendWindowEvent (window=0x1003583c0, windowevent=<value temporarily unavailable, due to optimizations>, data1=0, data2=0) at src/events/SDL_windowevents.c:141
#2 0x00000001010f15df in SDL_SetKeyboardFocus (index=0, window=0x101863480) at src/events/SDL_keyboard.c:672
#3 0x00007fff81b2a85a in _nsnote_callback ()
#4 0x00007fff85041e3a in __CFXNotificationPost ()
#5 0x00007fff8502e3e8 in _CFXNotificationPostNotification ()
#6 0x00007fff81b217c4 in -[NSNotificationCenter postNotificationName:object:userInfo:] ()
#7 0x00007fff865f0254 in -[NSWindow becomeKeyWindow] ()
#8 0x00007fff8674c554 in _NXShowKeyAndMain ()
#9 0x00007fff8662824c in -[NSApplication sendEvent:] ()
#10 0x0000000101146c5f in Cocoa_PumpEvents (_this=0x100337660) at src/video/cocoa/SDL_cocoaevents.m:221
#11 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#12 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830, timeout=0) at src/events/SDL_events.c:404
#13 0x00000001007cfe66 in event_handler (arg=0x0) at modules/sdl/sdl.c:140

(gdb) print _this
$2 = (SDL_VideoDevice *) 0x100337660

/alfredOn 2/25/10 3:08 AM, Jjgod Jiang wrote:

On Wed, Feb 24, 2010 at 6:09 PM, Alfred E. Heggestad<@Alfred_E_Heggestad> wrote:

7

hello!
has the patch been commited yet?
thanks :slight_smile:
VittorioOn Thu, Feb 25, 2010 at 10:50 AM, Alfred E. Heggestad wrote:

On 2/25/10 3:08 AM, Jjgod Jiang wrote:

Hi,

On Wed, Feb 24, 2010 at 6:09 PM, Alfred E. Heggestad wrote:

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily
unavailable, due to optimizations>, event=<value temporarily unavailable,
due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at
src/video/cocoa/SDL_cocoaevents.m:213
#3 0x00000001010f0175 in SDL_PumpEvents () at
src/events/SDL_events.c:370
#4 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

Thank you for this investigation, the attached patch should fix the crash.

thanks, I already did that locally, and now it does not crash :slight_smile:

However, that’s just part of the solution, because normally when a

keyboard
event is received, it should always has a focused window (otherwise it
won’t
be able to receive such event), so the problem is why you received this
event without any focused window. Probably there is a bug in window focus
handling, but I am not sure. Still, it will be helpful if you can send us
a minimal sample.

it might also be that I am using the SDL API in a wrong way, either
from different threads or similar…

I had a new crash, also caused by a NULL pointer deref:

#0 SDL_OnWindowFocusLost (window=0x1003583c0) at
src/video/SDL_video.c:1427
1427 if (display->gamma && _this->SetDisplayGammaRamp) {

(gdb) print display
$1 = (SDL_VideoDisplay *) 0x0

(gdb) bt
#0 SDL_OnWindowFocusLost (window=0x1003583c0) at
src/video/SDL_video.c:1427
#1 0x00000001010f2c1b in SDL_SendWindowEvent (window=0x1003583c0,
windowevent=<value temporarily unavailable, due to optimizations>, data1=0,
data2=0) at src/events/SDL_windowevents.c:141
#2 0x00000001010f15df in SDL_SetKeyboardFocus (index=0,
window=0x101863480) at src/events/SDL_keyboard.c:672
#3 0x00007fff81b2a85a in _nsnote_callback ()
#4 0x00007fff85041e3a in __CFXNotificationPost ()
#5 0x00007fff8502e3e8 in _CFXNotificationPostNotification ()
#6 0x00007fff81b217c4 in -[NSNotificationCenter
postNotificationName:object:userInfo:] ()
#7 0x00007fff865f0254 in -[NSWindow becomeKeyWindow] ()
#8 0x00007fff8674c554 in _NXShowKeyAndMain ()
#9 0x00007fff8662824c in -[NSApplication sendEvent:] ()
#10 0x0000000101146c5f in Cocoa_PumpEvents (_this=0x100337660) at
src/video/cocoa/SDL_cocoaevents.m:221
#11 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#12 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404
#13 0x00000001007cfe66 in event_handler (arg=0x0) at modules/sdl/sdl.c:140

(gdb) print _this
$2 = (SDL_VideoDevice *) 0x100337660

/alfred

SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org

8

I’ve opened a bug, so we can track it down
http://bugzilla.libsdl.org/show_bug.cgi?id=960

bye
VittorioOn Sat, Feb 27, 2010 at 1:43 AM, Vittorio G. <vitto.giova at yahoo.it> wrote:

hello!
has the patch been commited yet?
thanks :slight_smile:
Vittorio

On Thu, Feb 25, 2010 at 10:50 AM, Alfred E. Heggestad wrote:

On 2/25/10 3:08 AM, Jjgod Jiang wrote:

Hi,

On Wed, Feb 24, 2010 at 6:09 PM, Alfred E. Heggestad wrote:

I have reproduced the problem, now with SDL compiled from svn trunk,
revision 5555. this time with more symbols:

#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
812 event.key.windowID = keyboard->focus->id;
(gdb)
(gdb) print keyboard
$1 = (SDL_Keyboard *) 0x10086b000
(gdb) print keyboard->focus
$2 = (SDL_Window *) 0x0
(gdb) bt
#0 0x00000001010f1338 in SDL_SendKeyboardKey (index=0, state=1 ‘\001’,
scancode=SDL_SCANCODE_LGUI) at src/events/SDL_keyboard.c:812
#1 0x0000000101147e51 in Cocoa_HandleKeyEvent (_this=<value temporarily
unavailable, due to optimizations>, event=<value temporarily
unavailable,
due to optimizations>) at src/video/cocoa/SDL_cocoakeyboard.m:329
#2 0x0000000101146c1e in Cocoa_PumpEvents (_this=0x1003345b0) at
src/video/cocoa/SDL_cocoaevents.m:213
#3 0x00000001010f0175 in SDL_PumpEvents () at
src/events/SDL_events.c:370
#4 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404

as you can see from the GDB trace, the keyboard->focus is NULL and
being de-referenced.

Thank you for this investigation, the attached patch should fix the
crash.

thanks, I already did that locally, and now it does not crash :slight_smile:

However, that’s just part of the solution, because normally when a

keyboard
event is received, it should always has a focused window (otherwise it
won’t
be able to receive such event), so the problem is why you received this
event without any focused window. Probably there is a bug in window focus
handling, but I am not sure. Still, it will be helpful if you can send us
a minimal sample.

it might also be that I am using the SDL API in a wrong way, either
from different threads or similar…

I had a new crash, also caused by a NULL pointer deref:

#0 SDL_OnWindowFocusLost (window=0x1003583c0) at
src/video/SDL_video.c:1427
1427 if (display->gamma && _this->SetDisplayGammaRamp) {

(gdb) print display
$1 = (SDL_VideoDisplay *) 0x0

(gdb) bt
#0 SDL_OnWindowFocusLost (window=0x1003583c0) at
src/video/SDL_video.c:1427
#1 0x00000001010f2c1b in SDL_SendWindowEvent (window=0x1003583c0,
windowevent=<value temporarily unavailable, due to optimizations>, data1=0,
data2=0) at src/events/SDL_windowevents.c:141
#2 0x00000001010f15df in SDL_SetKeyboardFocus (index=0,
window=0x101863480) at src/events/SDL_keyboard.c:672
#3 0x00007fff81b2a85a in _nsnote_callback ()
#4 0x00007fff85041e3a in __CFXNotificationPost ()
#5 0x00007fff8502e3e8 in _CFXNotificationPostNotification ()
#6 0x00007fff81b217c4 in -[NSNotificationCenter
postNotificationName:object:userInfo:] ()
#7 0x00007fff865f0254 in -[NSWindow becomeKeyWindow] ()
#8 0x00007fff8674c554 in _NXShowKeyAndMain ()
#9 0x00007fff8662824c in -[NSApplication sendEvent:] ()
#10 0x0000000101146c5f in Cocoa_PumpEvents (_this=0x100337660) at
src/video/cocoa/SDL_cocoaevents.m:221
#11 0x00000001010f0175 in SDL_PumpEvents () at src/events/SDL_events.c:370
#12 0x00000001010f0585 in SDL_WaitEventTimeout (event=0x7fff5fbff830,
timeout=0) at src/events/SDL_events.c:404
#13 0x00000001007cfe66 in event_handler (arg=0x0) at modules/sdl/sdl.c:140

(gdb) print _this
$2 = (SDL_VideoDevice *) 0x100337660

/alfred

SDL mailing list
SDL at lists.libsdl.org
http://lists.libsdl.org/listinfo.cgi/sdl-libsdl.org