*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Joseph Yasi (joe-yasi):
After upgrading to Ubuntu 19.04, I started experiencing sporadic crashes in kodi when turning my AV receiver on. Ubuntu 19.04 upgraded alsa- plugins to 1.1.8. For alsa-plugins >= 1.1.7, the ALSA jack plugin is enabled by default in /etc/alsa/conf.d/50-jack.conf. The crashes are caused by a race condition when kodi's audio engine thread is enumerating the ALSA sound devices, and the udev thread is enumerating the udev devices triggered by the sound device add from turning the AVR on. When enumerating the ALSA jack plugin device, it tries to connect to connect to jackd. Since I don't have jackd installed, it fails to connect. libjack closes the socket on error, and then closes it again in it's cleanup code. Since it's closing the same file descriptor twice, it interacts with other threads that have potentially opened file descriptors, and causes the crash. This same bug could potentially affect other multi-threaded programs that enumerate ALSA devices. Fix committed upstream: https://github.com/jackaudio/jack2/commit/dad4b5702782eef3bd66e3c3f4fefaaae3571208 ** Affects: jackd2 (Ubuntu) Importance: Low Status: Confirmed ** Affects: jackd2 (Debian) Importance: Unknown Status: Confirmed ** Tags: patch -- libjack-jackd2-0 double close on a failure to connect to jackd which causes crashes in multithreaded programs https://bugs.launchpad.net/bugs/1833479 You received this bug notification because you are a member of Debian Multimedia Maintainers, which is subscribed to the bug report. _______________________________________________ pkg-multimedia-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
