[alsa-devel] Segmentation Fault in snd_pcm_rate_hw_free()

Alexandru Costache alexandru.costache.100 at gmail.com
Tue Aug 18 11:51:18 CEST 2015 

Hi,

I was reproducing the crash that Valentin Corfu reported earlier with his
test.

Valgrind and gdb show that
expand_linear_s16() is somehow corrupting the area used for memory
management by libc for rate->pareas[0].addr

More exactly, the line that seems to corrupt the heap in

static void expand_linear_s16() is:

*dst = (old_sample * old_weight + new_sample * new_weight) >> 16;


As Valgrind says:

==11161== Invalid write of size 2
==11161==    at 0x40A8A82: linear_expand_s16 (pcm_rate_linear.c:179)
==11161==    by 0x40A85A9: linear_convert (pcm_rate_linear.c:320)
==11161==    by 0x40A6915: do_convert (pcm_rate.c:537)
==11161==    by 0x40A6C7D: snd_pcm_rate_write_areas1 (pcm_rate.c:550)
==11161==    by 0x40A6C7D: snd_pcm_rate_commit_area (pcm_rate.c:749)
==11161==    by 0x40A7014: snd_pcm_rate_drain (pcm_rate.c:1105)
==11161==    by 0x4084511: snd_pcm_drain (pcm.c:1122)
==11161==    by 0x8049288: main (in /root/pcm_min_daisuke)
==11161==  Address 0x43d6258 is 0 bytes after a block of size 86,016 alloc'd
==11161==    at 0x40261B1: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11161==    by 0x4099801: snd_pcm_mmap (pcm_mmap.c:425)
==11161==    by 0x4093CA7: sndrv_pcm_hw_params (pcm_params.c:2366)
==11161==    by 0x409A59C: snd1_pcm_generic_hw_params (pcm_generic.c:104)
==11161==    by 0x4091E7F: snd1_pcm_hw_params_slave (pcm_params.c:2250)
==11161==    by 0x40A54AC: snd_pcm_rate_hw_params (pcm_rate.c:246)
==11161==    by 0x4093AE3: sndrv_pcm_hw_params (pcm_params.c:2326)
==11161==    by 0x40ABC37: snd_pcm_plug_hw_params (pcm_plug.c:1045)
==11161==    by 0x4093AE3: sndrv_pcm_hw_params (pcm_params.c:2326)
==11161==    by 0x4084281: snd_pcm_hw_params (pcm.c:830)
==11161==    by 0x8048F84: main (in /root/pcm_min_daisuke)
==11161==
==11161== Invalid free() / delete / delete[] / realloc()
==11161==    at 0x402726D: free (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==11161==    by 0x40A53C0: snd_pcm_rate_hw_free (pcm_rate.c:344)
==11161==    by 0x4083CDA: snd_pcm_hw_free (pcm.c:853)
==11161==    by 0x40A9E8D: snd_pcm_plug_hw_free (pcm_plug.c:1061)
==11161==    by 0x4083CDA: snd_pcm_hw_free (pcm.c:853)
==11161==    by 0x80492AC: main (in /root/pcm_min_daisuke)
==11161==  Address 0xe705004b is not stack'd, malloc'd or (recently) free'd

I'm not very familiar with alsa in general and was wondering if someone who
knows more on it can drop a look on this one?

Thank you,
Alexandru

More information about the Alsa-devel mailing list