sov
sov copied to clipboard
milgra
Segfault in ku_view_get_subview() - (NULL pointer dereference?)
When showing sov via echo 1 to the pipe, it now segfaults.
Tested when built from the AUR PKGBUILD from either master branch or dev branch.
This coredump was from the dev branch built from commit milgra/sov@19809ae
$ coredumpctl info 1702035
PID: 1702035 (sov)
UID: 1000 (exampleuser)
GID: 1000 (exampleuser)
Signal: 11 (SEGV)
Timestamp: Sun 2025-09-07 10:15:12 MDT (1min 29s ago)
Command Line: sov -t 500
Executable: /usr/bin/sov
Control Group: /user.slice/user-1000.slice/[email protected]/app.slice/foot-server.service
Unit: [email protected]
User Unit: foot-server.service
Slice: user-1000.slice
Owner UID: 1000 (exampleuser)
Boot ID: <...SCRUBBED...>
Machine ID: <...SCRUBBED...>
Hostname: examplehost.internal
Storage: /var/lib/systemd/coredump/core.sov.1000.ee60cef40a3046d3a7cea542a88665f0.1702035.1757261712000000.zst (present)
Size on Disk: 161.9K
Message: Process 1702035 (sov) of user 1000 dumped core.
Stack trace of thread 1702035:
#0 0x00005625c469cc00 ku_view_get_subview (/usr/bin/sov + 0x12c00)
#1 0x00005625c4691c74 gen_init (/usr/bin/sov + 0x7c74)
#2 0x00005625c46a3e76 ku_wayland_init (/usr/bin/sov + 0x19e76)
#3 0x00005625c4690815 main (/usr/bin/sov + 0x6815)
#4 0x00007fbf5fa27675 n/a (libc.so.6 + 0x27675)
#5 0x00007fbf5fa27729 __libc_start_main (libc.so.6 + 0x27729)
#6 0x00005625c4690905 _start (/usr/bin/sov + 0x6905)
ELF object binary architecture: AMD x86-64
Current Sway & Wayland related package versions on Manjaro "unstable" branch (which is roughly equivalent to current vanilla Arch Linux):
sov:1:1.11-1wlroots:0.19.0-1wayland:1.24.0-1wayland-protocols:1.45-1wlr-protocols:r107.ffb89ac-1
Expand for sov library linkage details
$ ldd /usr/bin/sov
linux-vdso.so.1 (0x00007fe41dc99000)
libwayland-client.so.0 => /usr/lib/libwayland-client.so.0 (0x00007fe41dc0a000)
libm.so.6 => /usr/lib/libm.so.6 (0x00007fe41dafc000)
libwayland-cursor.so.0 => /usr/lib/libwayland-cursor.so.0 (0x00007fe41daf2000)
libpng16.so.16 => /usr/lib/libpng16.so.16 (0x00007fe41dab8000)
libfreetype.so.6 => /usr/lib/libfreetype.so.6 (0x00007fe41d9ee000)
libGLESv2.so.2 => /usr/lib/libGLESv2.so.2 (0x00007fe41d9de000)
libxkbcommon.so.0 => /usr/lib/libxkbcommon.so.0 (0x00007fe41d982000)
libEGL.so.1 => /usr/lib/libEGL.so.1 (0x00007fe41d970000)
libwayland-egl.so.1 => /usr/lib/libwayland-egl.so.1 (0x00007fe41d96b000)
libc.so.6 => /usr/lib/libc.so.6 (0x00007fe41d600000)
libffi.so.8 => /usr/lib/libffi.so.8 (0x00007fe41d95f000)
/lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007fe41dc9b000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007fe41d946000)
libbz2.so.1.0 => /usr/lib/libbz2.so.1.0 (0x00007fe41d931000)
libharfbuzz.so.0 => /usr/lib/libharfbuzz.so.0 (0x00007fe41d4cf000)
libbrotlidec.so.1 => /usr/lib/libbrotlidec.so.1 (0x00007fe41d922000)
libGLdispatch.so.0 => /usr/lib/libGLdispatch.so.0 (0x00007fe41d8a9000)
libglib-2.0.so.0 => /usr/lib/libglib-2.0.so.0 (0x00007fe41d379000)
libgraphite2.so.3 => /usr/lib/libgraphite2.so.3 (0x00007fe41d884000)
libbrotlicommon.so.1 => /usr/lib/libbrotlicommon.so.1 (0x00007fe41d861000)
libpcre2-8.so.0 => /usr/lib/libpcre2-8.so.0 (0x00007fe41d2ce000)
Expand for all linked library versions
Note: Limited results to those matching [installed]
$ ldd /usr/bin/sov | awk '{ print $1 }' | xargs pacman -Fx
extra/wayland 1.23.1-2 [installed: 1.24.0-1]
usr/lib/libwayland-client.so.0
usr/lib/libwayland-client.so.0.23.1
multilib/lib32-wayland 1.23.1-1 [installed]
usr/lib32/libwayland-client.so.0
usr/lib32/libwayland-client.so.0.23.1
core/glibc 2.41+r48+g5cb575ca9a3d-1 [installed: 2.42+r17+gd7274d718e6f-1]
usr/lib/libm.so.6
core/lib32-glibc 2.41+r48+g5cb575ca9a3d-1 [installed: 2.42+r17+gd7274d718e6f-1]
usr/lib32/libm.so.6
extra/wayland 1.23.1-2 [installed: 1.24.0-1]
usr/lib/libwayland-cursor.so.0
usr/lib/libwayland-cursor.so.0.23.1
multilib/lib32-wayland 1.23.1-1 [installed]
usr/lib32/libwayland-cursor.so.0
usr/lib32/libwayland-cursor.so.0.23.1
extra/libpng 1.6.50-1 [installed]
usr/lib/libpng16.so.16
usr/lib/libpng16.so.16.50.0
multilib/lib32-libpng 1.6.50-1 [installed]
usr/lib32/libpng16.so.16
usr/lib32/libpng16.so.16.50.0
extra/freetype2 2.13.3-3 [installed]
usr/lib/libfreetype.so.6
usr/lib/libfreetype.so.6.20.2
multilib/lib32-freetype2 2.13.3-3 [installed]
usr/lib32/libfreetype.so.6
usr/lib32/libfreetype.so.6.20.2
extra/libglvnd 1.7.0-3 [installed]
usr/lib/libGLESv2.so.2
usr/lib/libGLESv2.so.2.1.0
multilib/lib32-libglvnd 1.7.0-1 [installed]
usr/lib32/libGLESv2.so.2
usr/lib32/libGLESv2.so.2.1.0
extra/libxkbcommon 1.10.0-1 [installed: 1.11.0-1]
usr/lib/libxkbcommon.so.0
usr/lib/libxkbcommon.so.0.10.0
extra/libglvnd 1.7.0-3 [installed]
usr/lib/libEGL.so.1
usr/lib/libEGL.so.1.1.0
multilib/lib32-libglvnd 1.7.0-1 [installed]
usr/lib32/libEGL.so.1
usr/lib32/libEGL.so.1.1.0
extra/wayland 1.23.1-2 [installed: 1.24.0-1]
usr/lib/libwayland-egl.so.1
usr/lib/libwayland-egl.so.1.23.1
multilib/lib32-wayland 1.23.1-1 [installed]
usr/lib32/libwayland-egl.so.1
usr/lib32/libwayland-egl.so.1.23.1
core/glibc 2.41+r48+g5cb575ca9a3d-1 [installed: 2.42+r17+gd7274d718e6f-1]
usr/lib/libc.so.6
core/lib32-glibc 2.41+r48+g5cb575ca9a3d-1 [installed: 2.42+r17+gd7274d718e6f-1]
usr/lib32/libc.so.6
core/libffi 3.5.1-1 [installed]
usr/lib/libffi.so.8
usr/lib/libffi.so.8.2.0
multilib/lib32-libffi 3.5.1-1 [installed]
usr/lib32/libffi.so.8
usr/lib32/libffi.so.8.2.0
core/zlib 1:1.3.1-2 [installed]
usr/lib/libz.so.1
usr/lib/libz.so.1.3.1
multilib/lib32-zlib 1.3.1-2 [installed]
usr/lib32/libz.so.1
usr/lib32/libz.so.1.3.1
core/bzip2 1.0.8-6 [installed]
usr/lib/libbz2.so.1.0
usr/lib/libbz2.so.1.0.8
multilib/lib32-bzip2 1.0.8-4 [installed]
usr/lib32/libbz2.so.1.0
usr/lib32/libbz2.so.1.0.8
extra/harfbuzz 11.2.1-1 [installed: 11.4.5-1]
usr/lib/libharfbuzz.so.0
usr/lib/libharfbuzz.so.0.61121.0
multilib/lib32-harfbuzz 11.2.1-1 [installed: 11.4.5-1]
usr/lib32/libharfbuzz.so.0
usr/lib32/libharfbuzz.so.0.61121.0
core/brotli 1.1.0-3 [installed]
usr/lib/libbrotlidec.so.1
usr/lib/libbrotlidec.so.1.1.0
multilib/lib32-brotli 1.1.0-1 [installed]
usr/lib32/libbrotlidec.so.1
usr/lib32/libbrotlidec.so.1.1.0
extra/libglvnd 1.7.0-3 [installed]
usr/lib/libGLdispatch.so.0
usr/lib/libGLdispatch.so.0.0.0
multilib/lib32-libglvnd 1.7.0-1 [installed]
usr/lib32/libGLdispatch.so.0
usr/lib32/libGLdispatch.so.0.0.0
core/glib2 2.84.3-1 [installed: 2.84.4-2]
usr/lib/libglib-2.0.so.0
usr/lib/libglib-2.0.so.0.8400.3
core/glib2-devel 2.84.3-1 [installed: 2.84.4-2]
usr/share/gdb/auto-load/usr/lib/libglib-2.0.so.0.8400.3-gdb.py
multilib/lib32-glib2 2.84.3-1 [installed: 2.84.4-2]
usr/lib32/libglib-2.0.so.0
usr/lib32/libglib-2.0.so.0.8400.3
extra/graphite 1:1.3.14-5 [installed]
usr/lib/libgraphite2.so.3
usr/lib/libgraphite2.so.3.2.1
core/brotli 1.1.0-3 [installed]
usr/lib/libbrotlicommon.so.1
usr/lib/libbrotlicommon.so.1.1.0
multilib/lib32-brotli 1.1.0-1 [installed]
usr/lib32/libbrotlicommon.so.1
usr/lib32/libbrotlicommon.so.1.1.0
core/pcre2 10.45-1 [installed: 10.46-1]
usr/lib/libpcre2-8.so.0
usr/lib/libpcre2-8.so.0.14.0
multilib/lib32-pcre2 10.45-1 [installed: 10.46-1]
usr/lib32/libpcre2-8.so.0
usr/lib32/libpcre2-8.so.0.14.0
EDIT: I was able to reproduce the issue while working with some old configs in ~/.config/sov. When I move that directory so there are no CSS configs, the segfault does not happen.
I suspect that some handling of the HTML parsing might result in a NULL pointer dereference if some element is not found in the HTML or if the main.html file does not exist in the config dir.
I was able to reproduce the issue by simply renaming the main.html file (e.g. mv ~/.config/sov/html/main.html ~/.config/sov/html/main.html.bak). Then we see the following in sov's output to STDOUT/STDERR:
$ rm -f ${XDG_RUNTIME_DIR}/sovpipe && mkfifo ${XDG_RUNTIME_DIR}/sovpipe && tail -f ${XDG_RUNTIME_DIR}/sovpipe | sov -t 500 && rm -f ${XDG_RUNTIME_DIR}/sovpipe
Sway Overview v0.94 by Milan Toth ( www.milgra.com )
If you like this app try :
- Wayland Control Panel ( github.com/milgra/wcp)
- Visual Music Player (github.com/milgra/vmp)
- Multimedia File Manager (github.com/milgra/mmfm)
- SwayOS (swayos.github.io)
Games :
- Brawl (github.com/milgra/brawl)
- Cortex ( github.com/milgra/cortex )
- Termite (github.com/milgra/termite)
style path : /home/exampleuser/.config/sov
css path : /home/exampleuser/.config/sov/html/main.css
html path : /home/exampleuser/.config/sov/html/main.html
image path : /home/exampleuser/.config/sov/img
ratio : 8
anchor :
margin : 0
timeout : 500
columns : 5
holdkey : 0
use_name : false
ERROR No HTML description 11:26:40:092073 ../sov/src/kinetic_ui/ku_gen_html.c : 102
[1] 1773644 broken pipe tail -f ${XDG_RUNTIME_DIR}/sovpipe |
1773645 segmentation fault (core dumped) sov -t 500
Same stacktrace as before with gen_init() calling ku_view_get_subview() and resulting in a segfault crash. Maybe some error handling could help in the HTML parser, or checking if the file exists or not when only main.css is in ~/.config/sov/html/main.css?
