← Back to team overview

kernel-packages team mailing list archive

  1. kernel-packages team
  2. Mailing list archive
  3. Message #14712

[Bug 1008600] Re: valgrind aplay -L prints scary warnings

  Thread PreviousDate PreviousThread Next 
I can confirm this error. It looks like there is some iterator running, and when snd_config_search_definition runs, it changes the config tree, because there is some hook that does this.
So the iterator's pointing to already freed memory.

The iterator is probably the one in the add_card function, because it
repeatedly runs try_config.

** Changed in: alsa-lib (Ubuntu)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to alsa-lib in Ubuntu.
https://bugs.launchpad.net/bugs/1008600

Title:
  valgrind aplay -L prints scary warnings

Status in “alsa-lib” package in Ubuntu:
  Triaged

Bug description:
  valgrind reports a lot of scary errors when run on aplay -L , it looks
  like the alsa snd_device_name_hint function is doing some dangerous
  stuff:

  ==30818== Memcheck, a memory error detector
  ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
  ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
  ==30818== Command: aplay -L
  ==30818== 
  ==30818== Invalid read of size 8
  ==30818==    at 0x50653F0: snd_config_iterator_next (conf.c:3885)
  ==30818==    by 0x5070732: snd_device_name_hint (namehint.c:506)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E94: snd_config_delete (conf.c:1850)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  ==30818== Invalid read of size 8
  ==30818==    at 0x506470E: snd_config_get_id (conf.c:1578)
  ==30818==    by 0x50706F7: snd_device_name_hint (namehint.c:508)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E94: snd_config_delete (conf.c:1850)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  ==30818== Invalid read of size 1
  ==30818==    at 0x558DDBA: vfprintf (vfprintf.c:1624)
  ==30818==    by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
  ==30818==    by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
  ==30818==    by 0x506F50F: try_config (stdio2.h:34)
  ==30818==    by 0x5070722: snd_device_name_hint (namehint.c:512)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E8C: snd_config_delete (conf.c:1849)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  ==30818== Invalid read of size 1
  ==30818==    at 0x55BFB98: _IO_default_xsputn (genops.c:480)
  ==30818==    by 0x558DBED: vfprintf (vfprintf.c:1624)
  ==30818==    by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
  ==30818==    by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
  ==30818==    by 0x506F50F: try_config (stdio2.h:34)
  ==30818==    by 0x5070722: snd_device_name_hint (namehint.c:512)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E8C: snd_config_delete (conf.c:1849)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  ==30818== Invalid read of size 1
  ==30818==    at 0x55BFBA7: _IO_default_xsputn (genops.c:479)
  ==30818==    by 0x558DBED: vfprintf (vfprintf.c:1624)
  ==30818==    by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
  ==30818==    by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
  ==30818==    by 0x506F50F: try_config (stdio2.h:34)
  ==30818==    by 0x5070722: snd_device_name_hint (namehint.c:512)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c822 is 2 bytes inside a block of size 8 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E8C: snd_config_delete (conf.c:1849)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  ==30818== Invalid read of size 1
  ==30818==    at 0x4C2E439: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x506F6BF: try_config (string3.h:105)
  ==30818==    by 0x5070722: snd_device_name_hint (namehint.c:512)
  ==30818==    by 0x403DE8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x4094A8: ??? (in /usr/bin/aplay)
  ==30818==    by 0x556576C: (below main) (libc-start.c:226)
  ==30818==  Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
  ==30818==    at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
  ==30818==    by 0x5065E8C: snd_config_delete (conf.c:1849)
  ==30818==    by 0x5066425: parse_defs (conf.c:1200)
  ==30818==    by 0x50667E5: snd_config_load1 (conf.c:1661)
  ==30818==    by 0x5066A0C: config_file_open (conf.c:3403)
  ==30818==    by 0x506827D: snd_config_hook_load (conf.c:3528)
  ==30818==    by 0x64C8ACC: ???
  ==30818==    by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
  ==30818==    by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
  ==30818==    by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
  ==30818==    by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
  ==30818==    by 0x50687A1: snd_config_search_definition (conf.c:4782)
  ==30818== 
  default
      Playback/recording through the PulseAudio sound server
  null
      Discard all samples (playback) or generate zero samples (capture)
  pulse
      PulseAudio Sound Server
  default
      Playback/recording through the PulseAudio sound server
  sysdefault:CARD=I82801AAICH
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Default Audio Device
  front:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Front speakers
  surround40:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      4.0 Surround output to Front and Rear speakers
  surround41:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      4.1 Surround output to Front, Rear and Subwoofer speakers
  surround50:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      5.0 Surround output to Front, Center and Rear speakers
  surround51:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      5.1 Surround output to Front, Center, Rear and Subwoofer speakers
  iec958:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      IEC958 (S/PDIF) Digital Audio Output
  dmix:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Direct sample mixing device
  dsnoop:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Direct sample snooping device
  hw:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Direct hardware device without any conversions
  plughw:CARD=I82801AAICH,DEV=0
      Intel 82801AA-ICH, Intel 82801AA-ICH
      Hardware device with all software conversions
  ==30818== 
  ==30818== HEAP SUMMARY:
  ==30818==     in use at exit: 32,284 bytes in 94 blocks
  ==30818==   total heap usage: 16,469 allocs, 16,375 frees, 719,816 bytes allocated
  ==30818== 
  ==30818== LEAK SUMMARY:
  ==30818==    definitely lost: 0 bytes in 0 blocks
  ==30818==    indirectly lost: 0 bytes in 0 blocks
  ==30818==      possibly lost: 0 bytes in 0 blocks
  ==30818==    still reachable: 32,284 bytes in 94 blocks
  ==30818==         suppressed: 0 bytes in 0 blocks
  ==30818== Rerun with --leak-check=full to see details of leaked memory
  ==30818== 
  ==30818== For counts of detected and suppressed errors, rerun with: -v
  ==30818== ERROR SUMMARY: 25 errors from 6 contexts (suppressed: 2 from 2)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-lib/+bug/1008600/+subscriptions
  Thread PreviousDate PreviousThread Next