SDL3 : SIGSEGV: address not mapped to object (fault address: 0x0)

maxfx · April 9, 2025, 9:29pm

Hi,
I am porting shadps4 to FreeBSD, and i have a problem with SIGSEGV on FreeBSD.
The problem is NULL with environ variable.
This is an official bug. I think the problem is inside SDL3. Do you have any idea?

[[APP BUG]: SIGSEGV: address not mapped to object (fault address: 0x0) · Issue #2765 · shadps4-emu/shadPS4 · GitHub](Ps4 emulator)

madebr · April 10, 2025, 1:13am

It looks like the application initializes SDL in a separate thread.

The FreeBSD getenv manual calls out that combining getenv and putenv can results in undefined behavior:

SDL assumes SDL_Init is run very early in the lifetime of a process, when multithreading is not an issue.
Environment variables are notoriously tricky to use in multithreaded environments.
This is also why you see SDL_CreateEnvironment_REAL in the stacktrace: SDL is copying the environmment to avoid multithreading issues.

maxfx · April 10, 2025, 7:33am

so SDL getenv uses wrong. How to fix this problem ?

maxfx · April 10, 2025, 2:18pm

Where do you see getenv ?

maxfx · April 10, 2025, 3:21pm

frame #3: 0x00001f3449e01cdc shadps4`SDL_CreateEnvironment_REAL(populated=true) at SDL_getenv.c:129:34
   126 	        char **strings = (char **)dlsym(RTLD_DEFAULT, "environ");
   127 	        if (strings) {
   128 	            for (int i = 0; strings[i]; ++i) {
-> 129 	                char *variable = SDL_strdup(strings[i]);
   130 	                if (!variable) {
   131 	                    continue;
   132 	                }
(lldb) print strings[0]
(char *) 0x0000365a3fabfe00 "`\xae\xa2?Z6"
(lldb) print strings[1]
(char *) 0x0000365a3fa10500 "\xb8bPJ4\U0000001f"
(lldb) print *(strings)
(char *) 0x0000365a3fabfe00 "`\xae\xa2?Z6"

madebr · April 10, 2025, 3:42pm

I stand corrected. SDL does not call getenv, but uses the environ symbol.

SDL wants to clone the environment, and thus needs to iterate all keys.
SDL does this here.

maxfx · April 10, 2025, 4:11pm

Yes, but in environ variable is garbage

madebr · April 10, 2025, 4:18pm

The small program below prints all environment variables. (It works fine on Linux)

#include <SDL3/SDL.h>
int main(int argc, char *argv[]) {
    SDL_Environment *env = SDL_CreateEnvironment(true);
    char **env_vars = SDL_GetEnvironmentVariables(env);
    for (size_t i = 0; env_vars[i] != NULL; i++) {
        SDL_Log("[%d] %s", i, env_vars[i]);
    }
    SDL_free(env_vars);
    SDL_DestroyEnvironment(env);
    return 0;
}

I’ve got a few questions:

Does the program work on your system?
When copying and adapting into shadps4 (running it in the thread that calls SDL_Init), does it print sensible thins?

maxfx · April 10, 2025, 9:00pm

I have FreeBSD RELEASE 14.2 amd64.
I tried this, but without output.


#include <SDL3/SDL.h>
#include <SDL3/SDL_stdinc.h>
#include <iostream>
#include <thread>

void sdl_worker() {
    if (!SDL_SetHint(SDL_HINT_APP_NAME, "Test")) {
        std::cerr << "Failed to set SDL window hint: " << SDL_GetError() << std::endl;
    }

    if (!SDL_Init(SDL_INIT_VIDEO)) {
        std::cerr << "SDL_Init failed: " << SDL_GetError() << std::endl;
        return;
    }

    SDL_Environment *env = SDL_CreateEnvironment(true);
    if (!env) {
        std::cerr << "SDL_CreateEnvironment failed: " << SDL_GetError() << std::endl;
        SDL_Quit();
        return;
    }

    char **env_vars = SDL_GetEnvironmentVariables(env);
    if (env_vars) {
        for (size_t i = 0; env_vars[i] != NULL; ++i) {
            std::cout << "[" << i << "] " << env_vars[i] << std::endl;
        }
        SDL_free(env_vars);
    }

    SDL_DestroyEnvironment(env);
    SDL_Quit();
}

int main(int argc, char* argv[]) {
    std::thread worker(sdl_worker);;
    worker.join();

    return 0;
}

when i tried your code add to shadps4 after SDL_Init() so crash is inside SDL_Init()

madebr · April 10, 2025, 10:32pm

No output at all? Not even an error message from your added error checking?

when i tried your code add to shadps4 after SDL_Init() so crash is inside SDL_Init()

We already established it crashes inside SDL_Init (from your stack trace in the GitHub issue), so you have to run the code first (before SDL_Init).
But since it even fails to print anything when running on the main thread, don’t bother running it.

Can you please create a GitHub issue with:

links to the GitHub issue and this conservation
Result of running the last SDL_Environment c++ test code, with a complete copy-paste of stdout+stderr (don’t forget to censor PII)?

I remember there being an issue with environ on FreeBSD, but I cannot find it right now.

Add SDL_Process subsystem by Semphriss · Pull Request #10618 · libsdl-org/SDL · GitHub contains:

I asked on a #freebsd-devel why we can t access environ, and they say it s because our use of version scripts. We d need to explicitly add environ (and __progname) to the global section.

513ry · April 11, 2025, 2:22am

Just a note - SDL3/SDL.h includes SDL3/SDL_stdinc.h, so you don’t really need it there

513ry · April 11, 2025, 2:28am

Also I find myself SDL3 working weird with other thread libraries. Maybe SDL Threads will work better?

I mean, is this really related to SDL_Environment? Does not SDL3 create it also internally at initialization?

maxfx · April 11, 2025, 8:25am

The problem is inside SDL_SetHint() this is first call SDL, but i commented this code, and
the second call is SDL_Init() (shadps4). I forget for this changes. I am sorry.
I will to create github issue with this problem.

github.com/libsdl-org/SDL

[FreeBSD] [SDL3] SIGSEGV: address not mapped to object (fault address: 0x0)

opened 09:06AM - 11 Apr 25 UTC

Martinfx

Hi, i have problem with SDL3 on FreeBSD 14.2-RELEASE amd64. The problem is NULL …with environ variable. In the shadps4 run thread, and inside the thread is a call to SDL. I think the problem is inside SDL3. Do you have any idea? link to [discourse.libsdl.org](https://discourse.libsdl.org/t/sdl3-sigsegv-address-not-mapped-to-object-fault-address-0x0/59162) The code from shadps4 ``` if (!SDL_SetHint(SDL_HINT_APP_NAME, "shadPS4")) { UNREACHABLE_MSG("Failed to set SDL window hint: {}", SDL_GetError()); } if (!SDL_Init(SDL_INIT_VIDEO)) { UNREACHABLE_MSG("Failed to initialize SDL video subsystem: {}", SDL_GetError()); } SDL_InitSubSystem(SDL_INIT_AUDIO); ``` backtrace from shadps4 ``` * thread #1, name = 'shadps4', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0) frame #0: 0x000038c22f5f2d7b libc.so.7`___lldb_unnamed_symbol6249 at strlen.S:95 92 mov %rdi, %rcx 93 pxor %xmm1, %xmm1 94 and $~0xf, %rdi # align string -> 95 pcmpeqb (%rdi), %xmm1 # compare head (with junk before string) 96 mov %rcx, %rsi # string pointer copy for later 97 and $0xf, %ecx # amount of bytes rdi is past 16 byte alignment 98 pmovmskb %xmm1, %eax warning: This version of LLDB has no plugin for the language "assembler". Inspection of frame variables will be limited. (lldb) bt * thread #1, name = 'shadps4', stop reason = signal SIGSEGV: address not mapped to object (fault address: 0x0) * frame #0: 0x000038c22f5f2d7b libc.so.7`___lldb_unnamed_symbol6249 at strlen.S:95 frame #1: 0x000038b9f6c6d135 shadps4`SDL_strlen_REAL(string="") at SDL_string.c:725:12 frame #2: 0x000038b9f6c6da95 shadps4`SDL_strdup_REAL(string="") at SDL_string.c:1008:18 frame #3: 0x000038b9f6c67cdc shadps4`SDL_CreateEnvironment_REAL(populated=true) at SDL_getenv.c:129:34 frame #4: 0x000038b9f6c67bd8 shadps4`SDL_GetEnvironment_REAL at SDL_getenv.c:64:27 frame #5: 0x000038b9f6c68631 shadps4`SDL_getenv_REAL(name="SDL_APP_NAME") at SDL_getenv.c:600:39 frame #6: 0x000038b9f6b91935 shadps4`GetHintEnvironmentVariable(name="SDL_APP_NAME") at SDL_hints.c:88:26 frame #7: 0x000038b9f6b9173b shadps4`SDL_SetHintWithPriority_REAL(name="SDL_APP_NAME", value="shadPS4", priority=SDL_HINT_NORMAL) at SDL_hints.c:107:23 frame #8: 0x000038b9f6b91d32 shadps4`SDL_SetHint_REAL(name="SDL_APP_NAME", value="shadPS4") at SDL_hints.c:222:12 frame #9: 0x000038b9f6b8a2d6 shadps4`SDL_SetHint_DEFAULT(a="SDL_APP_NAME", b="shadPS4") at SDL_dynapi_procs.h:855:1 frame #10: 0x000038b9f6b74f51 shadps4`SDL_SetHint(a="SDL_APP_NAME", b="shadPS4") at SDL_dynapi_procs.h:855:1 frame #11: 0x000038b9f60808ba shadps4`Frontend::WindowSDL::WindowSDL(this=0x00003ef3ba848780, width_=1280, height_=720, controller_=0x00003ef3b8480200, window_title="shadPS4 v0.7.1 WIP detached-head -128-NOTFOUND | CUSA06262 - LEGO® Worlds <01.00>") at sdl_window.cpp:261:10 frame #12: 0x000038b9f607191b shadps4`std::__1::__unique_if<Frontend::WindowSDL>::__unique_single std::__1::make_unique[abi:se180100]<Frontend::WindowSDL, unsigned int, unsigned int, Input::GameController*&, std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char>>&>(__args=0x000038c217e1be6c, __args=0x000038c217e1be68, __args=0x000038c217e1c8a0, __args="shadPS4 v0.7.1 WIP detached-head -128-NOTFOUND | CUSA06262 - LEGO® Worlds <01.00>") at unique_ptr.h:597:30 frame #13: 0x000038b9f606d33f shadps4`Core::Emulator::Run(this=0x000038c217e1c898, file=0x000038c217e1c9b0, args=size=0) at emulator.cpp:218:14 frame #14: 0x000038b9f5f4f79a shadps4`MainWindow::StartEmulator(this=0x00003ef3b750a000, path=(__pn_ = "/usr/home/maxfx/ps4/CUSA06262/eboot.bin")) at main_window.cpp:1492:14 frame #15: 0x000038b9f5f4cf97 shadps4`MainWindow::StartGame(this=0x00003ef3b750a000) at main_window.cpp:889:9 frame #16: 0x000038b9f5f7bac1 shadps4`QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (MainWindow::*)()>::call(this=0x000038c217e1cb40)(), MainWindow*, void**)::'lambda'()::operator()() const at qobjectdefs_impl.h:152:24 frame #17: 0x000038b9f5f7ba59 shadps4`void QtPrivate::FunctorCallBase::call_internal<void, QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (MainWindow::*)()>::call(void (MainWindow::*)(), MainWindow*, void**)::'lambda'()>(args=0x000038c217e1cd20, fn=0x000038c217e1cb40) at qobjectdefs_impl.h:65:17 frame #18: 0x000038b9f5f7ba2e shadps4`QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (MainWindow::*)()>::call(f=(shadps4`MainWindow::StartGame() at main_window.cpp:861), o=0x00003ef3b750a000, arg=0x000038c217e1cd20) at qobjectdefs_impl.h:151:13 frame #19: 0x000038b9f5f7b9bd shadps4`void QtPrivate::FunctionPointer<void (MainWindow::*)()>::call<QtPrivate::List<>, void>(f=(shadps4`MainWindow::StartGame() at main_window.cpp:861), o=0x00003ef3b750a000, arg=0x000038c217e1cd20) at qobjectdefs_impl.h:199:13 frame #20: 0x000038b9f5f7b8e6 shadps4`QtPrivate::QCallableObject<void (MainWindow::*)(), QtPrivate::List<>, void>::impl(which=1, this_=0x00003ef3b7643840, r=0x00003ef3b750a000, a=0x000038c217e1cd20, ret=0x0000000000000000) at qobjectdefs_impl.h:570:21 ``` ``` frame #3: 0x00001f3449e01cdc shadps4`SDL_CreateEnvironment_REAL(populated=true) at SDL_getenv.c:129:34 126 char **strings = (char **)dlsym(RTLD_DEFAULT, "environ"); 127 if (strings) { 128 for (int i = 0; strings[i]; ++i) { -> 129 char *variable = SDL_strdup(strings[i]); 130 if (!variable) { 131 continue; 132 } (lldb) print strings[0] (char *) 0x0000365a3fabfe00 "`\xae\xa2?Z6" (lldb) print strings[1] (char *) 0x0000365a3fa10500 "\xb8bPJ4\U0000001f" (lldb) print *(strings) (char *) 0x0000365a3fabfe00 "`\xae\xa2?Z6" ``` I tried this code on FreeBSD and no input. ``` #include <SDL3/SDL.h> #include <SDL3/SDL_stdinc.h> #include <iostream> #include <thread> void sdl_worker() { if (!SDL_SetHint(SDL_HINT_APP_NAME, "Test")) { std::cerr << "Failed to set SDL window hint: " << SDL_GetError() << std::endl; } if (!SDL_Init(SDL_INIT_VIDEO)) { std::cerr << "SDL_Init failed: " << SDL_GetError() << std::endl; return; } SDL_Environment *env = SDL_CreateEnvironment(true); if (!env) { std::cerr << "SDL_CreateEnvironment failed: " << SDL_GetError() << std::endl; SDL_Quit(); return; } char **env_vars = SDL_GetEnvironmentVariables(env); if (env_vars) { for (size_t i = 0; env_vars[i] != NULL; ++i) { std::cout << "[" << i << "] " << env_vars[i] << std::endl; } SDL_free(env_vars); } SDL_DestroyEnvironment(env); SDL_Quit(); } int main(int argc, char* argv[]) { std::thread worker(sdl_worker);; worker.join(); return 0; } ```

maxfx · April 11, 2025, 8:43am

I tried with SDL_Threads and the result is the same.