zlib-ng: Linux x64: segfault by Unity/Mono

Replacing zlib with the zlib-ng compatibility library consistently causes a segfault in the game “Kerbal Space Program” (built on Unity 2019.4) in certain situations.

Coredump backtrace:

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007fd9344ab163 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78
#2  0x00007fd93445365e in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fd93443b902 in __GI_abort () at abort.c:79
#4  0x00007fd9350eef0f in HandleSignal(int, siginfo_t*, void*) () from /home/jonas/games/steam/steamapps/common/Kerbal Space Program/UnityPlayer.so
#5  0x00007fd8dcf51a42 in ?? () from /home/jonas/games/steam/steamapps/common/Kerbal Space Program/KSP_Data/MonoBleedingEdge/x86_64/libmonobdwgc-2.0.so
#6  0x00007fd8dce5b9f4 in ?? () from /home/jonas/games/steam/steamapps/common/Kerbal Space Program/KSP_Data/MonoBleedingEdge/x86_64/libmonobdwgc-2.0.so
#7  <signal handler called>
#8  0x00007fd9344b9d05 in __GI___libc_free (mem=0x10011) at malloc.c:3375
#9  0x00007fd9338b8964 in z_free_aligned (ptr=<optimized out>, opaque=<optimized out>, zfree=<optimized out>)
    at /usr/src/debug/zlib-ng-2.1.6-2.fc40.x86_64/zutil.c:158
#10 deflateEnd (strm=0x6fd5fa0) at /usr/src/debug/zlib-ng-2.1.6-2.fc40.x86_64/deflate.c:1018
#11 0x00007fd7bf61abfa in CloseZStream ()
   from /home/jonas/games/steam/steamapps/common/Kerbal Space Program/KSP_Data/MonoBleedingEdge/x86_64/libMonoPosixHelper.so
#12 0x00000000416daead in ?? ()
#13 0x0000000000000000 in ?? ()

(Sorry, this is a proprietary app, so several symbols do not have debug information.)

System: GNU/Linux / Fedora 40 (Beta) / Kernel 6.8.4 CPU: AMD Ryzen 7 7840HS

Please tell me what further information I can provide.

About this issue

Original URL
State: open
Created 3 months ago
Comments: 20 (6 by maintainers)

Commits related to this issue

Correct the selection of alloc/free functions for zlib. Avoids segfault when working with zlib-ng. See: https://github.com/zlib-ng/zlib-ng/issues/1708 — committed to jo-oe/mono by jo-oe 3 months ago

Most upvoted comments

Valheim is also affected by this, and is also a Unity game. I’m not sure what Unity version they use, but it seems like this could affect all Unity games?

I did try testing PR #1713 and that resolved the issue for me.

fontivan on Apr 30, 2024

I haven’t tried this, but I don’t think it would help. IIUC the problem is that GCC does alias analysis on RTL level, where casts and memcpy()s may be optimized out, but C-like rules still apply, e.g., two symbols can’t point to the same memory. I just checked a very simple example:

$ cat 1.c
extern char x[], y[];

void f(char *a, char *b) {
        char *px = x, *py = y;
        long lx, ly;
        __builtin_memcpy(&lx, &x, 8);
        __builtin_memcpy(&ly, &y, 8);
        *a = b[ly - lx];
}

$ gcc -O3 -c 1.c -fdump-rtl-all-all

and already in 1.c.255r.expand there are no traces of __builtin_memcpy().

The bug I linked is, of course, a very narrow problem related to global variables, but it shows how subtracting unrelated pointers can backfire, even if precautions are taken.

iii-i on May 3, 2024

We’re here to help people use zlib-ng… Not all issues are bugs in zlib-ng itself, but we still try to help figuring out the root cause.

mtl1979 on Apr 9, 2024