kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #43993
[Bug 1008600] Re: segfault in namehint API (valgrind aplay -L prints scary warnings)
This bug was fixed in the package alsa-lib - 1.0.27.2-3ubuntu2
---------------
alsa-lib (1.0.27.2-3ubuntu2) trusty; urgency=low
* Fix-access-of-freed-memory-in-namehints.patch:
Some applications using the namehints API might
occasionally crash (LP: #1008600)
-- David Henningsson <david.henningsson@xxxxxxxxxxxxx> Fri, 07 Feb 2014 08:33:55 +0100
** Changed in: alsa-lib (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to alsa-lib in Ubuntu.
https://bugs.launchpad.net/bugs/1008600
Title:
segfault in namehint API (valgrind aplay -L prints scary warnings)
Status in “alsa-lib” package in Ubuntu:
Fix Released
Bug description:
valgrind reports a lot of scary errors when run on aplay -L , it looks
like the alsa snd_device_name_hint function is doing some dangerous
stuff:
==30818== Memcheck, a memory error detector
==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==30818== Command: aplay -L
==30818==
==30818== Invalid read of size 8
==30818== at 0x50653F0: snd_config_iterator_next (conf.c:3885)
==30818== by 0x5070732: snd_device_name_hint (namehint.c:506)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E94: snd_config_delete (conf.c:1850)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
==30818== Invalid read of size 8
==30818== at 0x506470E: snd_config_get_id (conf.c:1578)
==30818== by 0x50706F7: snd_device_name_hint (namehint.c:508)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E94: snd_config_delete (conf.c:1850)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
==30818== Invalid read of size 1
==30818== at 0x558DDBA: vfprintf (vfprintf.c:1624)
==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
==30818== by 0x506F50F: try_config (stdio2.h:34)
==30818== by 0x5070722: snd_device_name_hint (namehint.c:512)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E8C: snd_config_delete (conf.c:1849)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
==30818== Invalid read of size 1
==30818== at 0x55BFB98: _IO_default_xsputn (genops.c:480)
==30818== by 0x558DBED: vfprintf (vfprintf.c:1624)
==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
==30818== by 0x506F50F: try_config (stdio2.h:34)
==30818== by 0x5070722: snd_device_name_hint (namehint.c:512)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E8C: snd_config_delete (conf.c:1849)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
==30818== Invalid read of size 1
==30818== at 0x55BFBA7: _IO_default_xsputn (genops.c:479)
==30818== by 0x558DBED: vfprintf (vfprintf.c:1624)
==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86)
==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33)
==30818== by 0x506F50F: try_config (stdio2.h:34)
==30818== by 0x5070722: snd_device_name_hint (namehint.c:512)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c822 is 2 bytes inside a block of size 8 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E8C: snd_config_delete (conf.c:1849)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
==30818== Invalid read of size 1
==30818== at 0x4C2E439: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x506F6BF: try_config (string3.h:105)
==30818== by 0x5070722: snd_device_name_hint (namehint.c:512)
==30818== by 0x403DE8: ??? (in /usr/bin/aplay)
==30818== by 0x4094A8: ??? (in /usr/bin/aplay)
==30818== by 0x556576C: (below main) (libc-start.c:226)
==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd
==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==30818== by 0x5065E8C: snd_config_delete (conf.c:1849)
==30818== by 0x5066425: parse_defs (conf.c:1200)
==30818== by 0x50667E5: snd_config_load1 (conf.c:1661)
==30818== by 0x5066A0C: config_file_open (conf.c:3403)
==30818== by 0x506827D: snd_config_hook_load (conf.c:3528)
==30818== by 0x64C8ACC: ???
==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326)
==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127)
==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164)
==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194)
==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782)
==30818==
default
Playback/recording through the PulseAudio sound server
null
Discard all samples (playback) or generate zero samples (capture)
pulse
PulseAudio Sound Server
default
Playback/recording through the PulseAudio sound server
sysdefault:CARD=I82801AAICH
Intel 82801AA-ICH, Intel 82801AA-ICH
Default Audio Device
front:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
Front speakers
surround40:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
4.0 Surround output to Front and Rear speakers
surround41:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
4.1 Surround output to Front, Rear and Subwoofer speakers
surround50:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
5.0 Surround output to Front, Center and Rear speakers
surround51:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
5.1 Surround output to Front, Center, Rear and Subwoofer speakers
iec958:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
IEC958 (S/PDIF) Digital Audio Output
dmix:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
Direct sample mixing device
dsnoop:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
Direct sample snooping device
hw:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
Direct hardware device without any conversions
plughw:CARD=I82801AAICH,DEV=0
Intel 82801AA-ICH, Intel 82801AA-ICH
Hardware device with all software conversions
==30818==
==30818== HEAP SUMMARY:
==30818== in use at exit: 32,284 bytes in 94 blocks
==30818== total heap usage: 16,469 allocs, 16,375 frees, 719,816 bytes allocated
==30818==
==30818== LEAK SUMMARY:
==30818== definitely lost: 0 bytes in 0 blocks
==30818== indirectly lost: 0 bytes in 0 blocks
==30818== possibly lost: 0 bytes in 0 blocks
==30818== still reachable: 32,284 bytes in 94 blocks
==30818== suppressed: 0 bytes in 0 blocks
==30818== Rerun with --leak-check=full to see details of leaked memory
==30818==
==30818== For counts of detected and suppressed errors, rerun with: -v
==30818== ERROR SUMMARY: 25 errors from 6 contexts (suppressed: 2 from 2)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/alsa-lib/+bug/1008600/+subscriptions