[Mac OS] SDL2 applications crash if USB joystick attached (Speedlink Competition Pro)

[RobinSergeant]

After upgrading to a new Mac Mini M4 I encountered segmentation faults running MAME with my Speedlink Competition Pro joystick attached. The same joystick worked fine with my Fedora Linux machine and old Intel Mac.

After some investigation I've pinned this down to SDL and the following simple test application exhibits the same behaviour using SDL2 version 2.32.0:

int main()
{
  std::cout << "Calling SDL_init\n";
  if (SDL_Init(SDL_INIT_JOYSTICK) < 0)
  {
    std::cout << "Could not initialize\n";
    return 1;
  }
  else
  {
    std::cout << "init OK\n";
  }

  if (SDL_NumJoysticks() == 0)
  {
    std::cout << "No joysticks found\n";
    return 1;
  }
  std::cout << SDL_NumJoysticks() << " joysticks found" << std::endl;
}

With the joystick attached it crashes inside SDL_Init() due to what looks like memory corruption.

I also found that the Amiga emulator FS-UAE works fine. As this is bundled with a much older framework I tried using SDL2 version 2.0.20. With this old version both my test application and MAME work fine. Therefore, this looks like a possible regression error, but I don't know when it was introduced.

Please see original MAME issue report from 2023:

mamedev/mame#11568

Here is my test application stack trace in case that helps:

test(3025,0x1fade8840) malloc: Heap corruption detected, free list is damaged at 0x6000039f8060
*** Incorrect guard value: 36170086427328512
test(3025,0x1fade8840) malloc: *** set a breakpoint in malloc_error_break to debug
Process 3025 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
    frame #0: 0x000000019143f720 libsystem_kernel.dylib`__pthread_kill + 8
libsystem_kernel.dylib`__pthread_kill:
->  0x19143f720 <+8>:  b.lo   0x19143f740    ; <+40>
    0x19143f724 <+12>: pacibsp 
    0x19143f728 <+16>: stp    x29, x30, [sp, #-0x10]!
    0x19143f72c <+20>: mov    x29, sp
Target 0: (test) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = signal SIGABRT
  * frame #0: 0x000000019143f720 libsystem_kernel.dylib`__pthread_kill + 8
    frame #1: 0x0000000191477f70 libsystem_pthread.dylib`pthread_kill + 288
    frame #2: 0x0000000191384908 libsystem_c.dylib`abort + 128
    frame #3: 0x000000019128de38 libsystem_malloc.dylib`malloc_vreport + 896
    frame #4: 0x00000001912b6458 libsystem_malloc.dylib`malloc_zone_error + 100
    frame #5: 0x00000001912a5774 libsystem_malloc.dylib`nanov2_guard_corruption_detected + 44
    frame #6: 0x00000001912a5734 libsystem_malloc.dylib`nanov2_allocate_outlined + 460
    frame #7: 0x00000001912a4468 libsystem_malloc.dylib`nanov2_calloc_type + 568
    frame #8: 0x000000019119698c libxpc.dylib`_xpc_alloc + 40
    frame #9: 0x000000019118308c libxpc.dylib`_xpc_dictionary_unpack_value_and_vend + 44
    frame #10: 0x000000019117d690 libxpc.dylib`_xpc_dictionary_look_up + 160
    frame #11: 0x0000000191183330 libxpc.dylib`vproc_swap_complex + 224
    frame #12: 0x00000001911831e0 libxpc.dylib`vproc_swap_string + 64
    frame #13: 0x0000000191524ea8 CoreFoundation`__CFXNotificationCenterSetupConnection + 88
    frame #14: 0x000000019151f2ec CoreFoundation`_CFXNotificationCenterCreate + 352
    frame #15: 0x0000000191524e40 CoreFoundation`__CFNotificationCenterGetDistributedCenter_block_invoke + 36
    frame #16: 0x00000001912c55b4 libdispatch.dylib`_dispatch_client_callout + 20
    frame #17: 0x00000001912c6e00 libdispatch.dylib`_dispatch_once_callout + 32
    frame #18: 0x0000000191524e18 CoreFoundation`CFNotificationCenterGetDistributedCenter + 116
    frame #19: 0x00000001926de9cc Foundation`+[NSDistributedNotificationCenter notificationCenterForType:] + 176
    frame #20: 0x00000001950abea0 AppKit`+[NSEvent initialize] + 56
    frame #21: 0x00000001910aabac libobjc.A.dylib`CALLING_SOME_+initialize_METHOD + 24
    frame #22: 0x00000001910aa854 libobjc.A.dylib`initializeNonMetaClass + 692
    frame #23: 0x00000001910c8a3c libobjc.A.dylib`initializeAndMaybeRelock(objc_class*, objc_object*, locker_mixin<lockdebug::lock_mixin<objc_lock_base_t>>&, bool) + 164
    frame #24: 0x00000001910a9f98 libobjc.A.dylib`lookUpImpOrForward + 304
    frame #25: 0x00000001910a9b84 libobjc.A.dylib`_objc_msgSend_uncached + 68
    frame #26: 0x00000001001933b0 KeyboardAndMouseSupport`-[GCKeyboardAndMouseManagerImpl initWithQueue:] + 392
    frame #27: 0x00000001aa73baa4 GameController`+[GCKeyboardAndMouseManager managerWithQueue:] + 104
    frame #28: 0x00000001aa7be85c GameController`-[_GCControllerManager(Legacy) _legacy_init] + 144
    frame #29: 0x00000001aa730760 GameController`-[_GCControllerManager init] + 272
    frame #30: 0x00000001aa7761f0 GameController`-[_GCControllerManagerAppClient init] + 52
    frame #31: 0x00000001aa730550 GameController`__38+[_GCControllerManager sharedInstance]_block_invoke + 48
    frame #32: 0x00000001912c55b4 libdispatch.dylib`_dispatch_client_callout + 20
    frame #33: 0x00000001912c6e00 libdispatch.dylib`_dispatch_once_callout + 32
    frame #34: 0x00000001aa73051c GameController`+[_GCControllerManager sharedInstance] + 80
    frame #35: 0x00000001aa75923c GameController`+[GCController controllers] + 44
    frame #36: 0x00000001004b1ea8 SDL2`___lldb_unnamed_symbol3276 + 128
    frame #37: 0x00000001004ddc3c SDL2`___lldb_unnamed_symbol3774 + 292
    frame #38: 0x000000010052c988 SDL2`___lldb_unnamed_symbol4907 + 504
    frame #39: 0x0000000100002f64 test`main at joystick.cpp:9:7
    frame #40: 0x00000001910f8274 dyld`start + 2840

[slouken]

Are you able to git bisect it on the SDL2 branch?

[RobinSergeant]

I guess I would need to keep trying different releases first to find out when it broke. So far all I've tried is 2.30.10, 2.32.0 and 2.0.20. I don't have time to look tonight but can try next week if nobody has tracked it down by then.

[slouken]

Thanks!