Ubuntu
libx11 package

Thread unsafe access to internal linked list, breaks Origin games in Wine

Bug #1062534 reported by Alessandro Pignotti
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
xlibs
Unknown
Medium
libx11 (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

In file src/xlibi18n/lcConv.c the following linked list head is defined

static XlcConverterList conv_list = NULL;

Which is then modified by _XlcSetConverter and get_converter in a non thread-safe manner. Inside get_converter the list is reorderder to increase the efficiency of looking up the same element the next time, but this is especially dangerous since a seemingly read-only method is actually modifying the data.

Modifying the list in such thread unsafe manner does case the list to become garbled in some workloads and causes infinite loops when the get_converter is invoked. The solution I suggest is to add a mutex or spinlock around accesses to the linked list, I would it myself but I'm not sure about what is the usual mutex implementation for this project.

Tags: patch
Revision history for this message
In , Alessandro Pignotti (a-pignotti) wrote :

In file src/xlibi18n/lcConv.c the following linked list head is defined

static XlcConverterList conv_list = NULL;

Which is then modified by _XlcSetConverter and get_converter in a non thread-safe manner. Inside get_converter the list is reorderder to increase the efficiency of looking up the same element the next time, but this is especially dangerous since a seemingly read-only method is actually modifying the data.

Modifying the list in such thread unsafe manner does case the list to become garbled in some workloads and causes infinite loops when the get_converter is invoked. The solution I suggest is to add a mutex or spinlock around accesses to the linked list, I would it myself but I'm not sure about what is the usual mutex implementation for this project.

Bug Watch Updater (bug-watch-updater)
Changed in xlibs:
importance: Unknown → Medium
status: Unknown → Confirmed
Revision history for this message
In , Alessandro Pignotti (a-pignotti) wrote :

Also the following definitions:

static XlcDatabaseList _db_list = (XlcDatabaseList)NULL;

in file src/xlibi18n/lcDB.c is affected by the similar issues.

It looks like the localization support inside libx11 is generally not thread safe.

Revision history for this message
In , Scott Ritchie (scottritchie) wrote :

It should be noted that this is causing a lockup on the Origin game client under Wine, making a good chunk of games unplayable.

Revision history for this message
Scott Ritchie (scottritchie) wrote : Re: Type unsafe access to internal linked list, breaks Origin games in Wine

This bug affects the Origin games downloader in Wine, rendering a great swath of games unplayable.

Changed in libx11 (Ubuntu):
status: New → Confirmed
summary: - Type unsafe access to internal linked list
+ Type unsafe access to internal linked list, breaks Origin games in Wine
Revision history for this message
Alessandro Pignotti (a-pignotti) wrote :

I've realized that I've made a typo in the type. The problem is with _thread_ safety, not type safety of course.

summary: - Type unsafe access to internal linked list, breaks Origin games in Wine
+ Thread unsafe access to internal linked list, breaks Origin games in
+ Wine
Revision history for this message
Alessandro Pignotti (a-pignotti) wrote :

I'm attaching two internal pacthes that we use to fix the issue. They should be consider hacks to make the problem more clear.

Revision history for this message
Alessandro Pignotti (a-pignotti) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "0001-Improve-thread-safety-of-localization.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Bryce Harrington (bryce)
Changed in libx11 (Ubuntu):
assignee: nobody → Canonical X.org (canonical-x)
status: Confirmed → Triaged
importance: Undecided → High
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

you should post patches on xorg-devel@ and discuss the bug on the upstream bugtracker, if you want this to get forward

Changed in libx11 (Ubuntu):
assignee: Canonical X.org (canonical-x) → nobody
importance: High → Medium
Revision history for this message
In , Pavel Řezníček (cigydd-5) wrote :

Created attachment 130584
A hack to improve the thread safety of the libX11 localization

Originally posted here: https://bugs.launchpad.net/ubuntu/+source/libx11/+bug/1062534 by Alessandro Pignotti

Revision history for this message
In , Pavel Řezníček (cigydd-5) wrote :

Created attachment 130585
A hack to remove an optimization that is thread unsafe

Originally posted here: https://bugs.launchpad.net/ubuntu/+source/libx11/+bug/1062534 by Alessandro Pignotti

Revision history for this message
In , Pavel Řezníček (cigydd-5) wrote :

Appended two patches from Alessandro Pignotti originally posted on the Ubuntu Bugzilla. They may or may not still be valid.

According to Alessandro's words, "They should be considered hacks to make the problem more clear."

Trying to attract some attention to this bug because I face it on a regular basis playing Lord of the Rings Online on Wine still after 5 years a patch has been proposed.

I'm a bit experienced in programming but only in Pascal and Python so I'm trying to find someone more experienced who could possibly fix it. If nobody responds, maybe I'll try to fix it myself…

Revision history for this message
In , Gitlab-migration (gitlab-migration) wrote :

-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/xorg/lib/libx11/issues/24.

Bug Watch Updater (bug-watch-updater)
Changed in xlibs:
status: Confirmed → Unknown
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.