[alsa-devel] crashes in namehint
aloha,
I am working on kde multimedia and we are getting a considerable amount of crash reports from x86 ubuntu and fedora users.
https://bugs.kde.org/show_bug.cgi?id=268185 http://notes.kde.org/alsa-bugs
these crashes appear to be somewhat limited to x86 with only about 2 reports seeing this happen on x86_64. most of the reports suggest that it happens at startup and in particular for applications that tend to query ALSA devices shortly after startup (in fact, out of main() via a direct call chain). there are 3 different reports of which a sigsev in strcpy and sprintf seem most concerning. both appear in try_config() which was called with a malformed `name` string.
now at least the sprintf and the strcpy crashes I can somewhat reliably reproduce on kubuntu 12.10 x86 in a virtualbox vm using the command 'kcmshell4 phonon' with phonon-backend-vlc installed and selected as default. and it appears that those are somehow related to how ubuntu does the pulseaudio integration...
in /usr/share/alsa/alsa.conf all of alsa.conf.d/* is included, then there is alsa.conf.d/pulse.conf which contains
hook_func.pulse_load_if_running { lib "libasound_module_conf_pulse.so" func "conf_pulse_hook_load_if_running" }
@hooks [ { func pulse_load_if_running files [ "/usr/share/alsa/pulse-alsa.conf" ] errors false } ]
so they load /usr/share/alsa/pulse-alsa.conf after checking PA is running. that file in turn contains the default pulse setup as seen in alsa-plugins [1]
now with that lineup I can crash the kcmshell binary about 9/10 times with the strcpy sigsev where name in try_config is 0. if I replace the conditional load in pulse.conf with an explicit one (func load) it crashes about half as often but with the sprintf sigsev in try_config (name now being out-of-bounds rather than 0). if the content of pulse-alsa.conf (i.e. the actual config) is copied into pulse.conf the binary does not crash *at all*.
quite the mysterious problem. however, since the crash disappears entirely when removing the second load (i.e. instead of alsa.conf->alsa.conf.d/pulse.conf->pulse-alsa.conf one were to use alsa.conf->alsa.conf.d/pulse.conf), I am lead to believe that this is either a problem caused by the second level of loading in general or a timing problem at large. most likely it is a combination of both where the additional load() calls introduce sufficient overhead to trigger the timing problem.
ideas/thoughts/fixes welcome :S
HS
[1] http://git.alsa-project.org/?p=alsa-plugins.git;a=blob;f=pulse/99-pulseaudio...
At Thu, 31 Jan 2013 17:06:56 +0100, Harald Sitter wrote:
aloha,
I am working on kde multimedia and we are getting a considerable amount of crash reports from x86 ubuntu and fedora users.
https://bugs.kde.org/show_bug.cgi?id=268185 http://notes.kde.org/alsa-bugs
these crashes appear to be somewhat limited to x86 with only about 2 reports seeing this happen on x86_64. most of the reports suggest that it happens at startup and in particular for applications that tend to query ALSA devices shortly after startup (in fact, out of main() via a direct call chain). there are 3 different reports of which a sigsev in strcpy and sprintf seem most concerning. both appear in try_config() which was called with a malformed `name` string.
now at least the sprintf and the strcpy crashes I can somewhat reliably reproduce on kubuntu 12.10 x86 in a virtualbox vm using the command 'kcmshell4 phonon' with phonon-backend-vlc installed and selected as default. and it appears that those are somehow related to how ubuntu does the pulseaudio integration...
in /usr/share/alsa/alsa.conf all of alsa.conf.d/* is included, then there is alsa.conf.d/pulse.conf which contains
hook_func.pulse_load_if_running { lib "libasound_module_conf_pulse.so" func "conf_pulse_hook_load_if_running" }
@hooks [ { func pulse_load_if_running files [ "/usr/share/alsa/pulse-alsa.conf" ] errors false } ]
so they load /usr/share/alsa/pulse-alsa.conf after checking PA is running. that file in turn contains the default pulse setup as seen in alsa-plugins [1]
now with that lineup I can crash the kcmshell binary about 9/10 times with the strcpy sigsev where name in try_config is 0. if I replace the conditional load in pulse.conf with an explicit one (func load) it crashes about half as often but with the sprintf sigsev in try_config (name now being out-of-bounds rather than 0). if the content of pulse-alsa.conf (i.e. the actual config) is copied into pulse.conf the binary does not crash *at all*.
quite the mysterious problem. however, since the crash disappears entirely when removing the second load (i.e. instead of alsa.conf->alsa.conf.d/pulse.conf->pulse-alsa.conf one were to use alsa.conf->alsa.conf.d/pulse.conf), I am lead to believe that this is either a problem caused by the second level of loading in general or a timing problem at large. most likely it is a combination of both where the additional load() calls introduce sufficient overhead to trigger the timing problem.
ideas/thoughts/fixes welcome :S
Right now we fixed snd_device_name_hint() to be reentrant, so it's worth to check whether the latest git works for you...
Takashi
HS
[1] http://git.alsa-project.org/?p=alsa-plugins.git;a=blob;f=pulse/99-pulseaudio... _______________________________________________ Alsa-devel mailing list Alsa-devel@alsa-project.org http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
On Thu, Jan 31, 2013 at 5:22 PM, Takashi Iwai tiwai@suse.de wrote:
Right now we fixed snd_device_name_hint() to be reentrant, so it's worth to check whether the latest git works for you...
still seeing the same behavior with master unfortunately.
HS
On 31 janv. 2013, at 17:22, Takashi Iwai wrote:
At Thu, 31 Jan 2013 17:06:56 +0100, Harald Sitter wrote:
aloha,
I am working on kde multimedia and we are getting a considerable amount of crash reports from x86 ubuntu and fedora users.
<...>
Right now we fixed snd_device_name_hint() to be reentrant, so it's worth to check whether the latest git works for you...
I suppose you are referring to the patches I've just submitted for review? [1] Did you commit them yet? :o) I don't see them on the repo [2].
Thanks.
At Thu, 31 Jan 2013 19:01:48 +0100, Jérôme Forissier wrote:
On 31 janv. 2013, at 17:22, Takashi Iwai wrote:
At Thu, 31 Jan 2013 17:06:56 +0100, Harald Sitter wrote:
aloha,
I am working on kde multimedia and we are getting a considerable amount of crash reports from x86 ubuntu and fedora users.
<...>
Right now we fixed snd_device_name_hint() to be reentrant, so it's worth to check whether the latest git works for you...
I suppose you are referring to the patches I've just submitted for review? [1] Did you commit them yet? :o) I don't see them on the repo [2].
Oh, I obviously forgot to push. Now pushed out.
Harald, could you retry the alsa-lib git tree later? The topmost commit is
commit f49b2dc522a2564315c76d075203b15a39941e8a snd_device_name_hint(): do not use global snd_config.
thanks,
Takashi
On Thu, Jan 31, 2013 at 7:16 PM, Takashi Iwai tiwai@suse.de wrote:
At Thu, 31 Jan 2013 19:01:48 +0100, Jérôme Forissier wrote:
On 31 janv. 2013, at 17:22, Takashi Iwai wrote:
At Thu, 31 Jan 2013 17:06:56 +0100, Harald Sitter wrote:
aloha,
I am working on kde multimedia and we are getting a considerable
amount of
crash reports from x86 ubuntu and fedora users.
<...>
Right now we fixed snd_device_name_hint() to be reentrant, so it's worth to check whether the latest git works for you...
I suppose you are referring to the patches I've just submitted for
review? [1] Did you commit them yet? :o)
I don't see them on the repo [2].
Oh, I obviously forgot to push. Now pushed out.
Harald, could you retry the alsa-lib git tree later? The topmost commit is
commit f49b2dc522a2564315c76d075203b15a39941e8a snd_device_name_hint(): do not use global snd_config.
it works \o/
thanks guys. this is really awesome.
HS
participants (3)
-
Harald Sitter
-
Jérôme Forissier
-
Takashi Iwai