tags 679826 + patch
thanks
Am 02.07.2012 10:40, schrieb Fabian Greffrath:
I have reproduced this. It crashes in src/linux/audio.c in
SoundInit_ao() around line 195 when it calls "audio_device =
ao_open_live(driver_id, &driver_format, 0);". The return value of
audio_device is checked, but it does not even get this far. It crashes
earlier, i.e. in ao_open_live() itself.
From gdb:
Program received signal SIGSEGV, Segmentation fault.
0xb7c17fc6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7c17fc6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#1 0xb7e8363a in _sanitize_matrix.isra.2 () from /usr/lib/libao.so.4
#2 0xb7e8578b in _open_device () from /usr/lib/libao.so.4
#3 0x082fa947 in InitSound ()
#4 0x082fde6f in initwinvideo ()
#5 0x082fb3b4 in initvideo ()
#6 0x088a175c in regptwa ()
#7 0x0838515c in SA1tableG ()
#8 0x00000002 in ?? ()
#9 0xbffff368 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
The problem is that the matrix element of struct driver_format is
uninitialized when it is passed over to ao_open_live() and thus
_open_device(). I haven't digged through libao sources that much, but
I believe a more robust check in _sanitize_matrix() (which is where
the crash actually occurs) may be appropriate.
- Fabian
Description: Initialize driver_format.matrix with NULL;
Author: Fabian Greffrath <fabian+deb...@greffrath.com>
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679826
--- a/src/linux/audio.c
+++ b/src/linux/audio.c
@@ -170,6 +170,7 @@ static int SoundInit_ao()
driver_format.channels = StereoSound+1;
driver_format.rate = freqtab[SoundQuality = ((SoundQuality > 6) ? 1 : SoundQuality)];
driver_format.byte_format = AO_FMT_LITTLE;
+ driver_format.matrix = NULL;
if (audio_device)
{
