[alsa-devel] Seg. fault when using Salsa 0.0.25
Hi,
I got an application which uses Salsa 0.0.25. When I quit this application, it ends with a seg. fault.
I don't know if this is caused by my application using Salsa wrongly, or a problem in Salsa.
However, I got a fix for it.
When my application closes, "hctl_elem_event_handler" is called. And since "helem->private_data" is null, this causes a seg. fault: snd_mixer_elem_t *elem = helem->private_data; snd_mixer_t *mixer = elem->mixer;
It seems like: if (!elem) return 0; should have been before: snd_mixer_t *mixer = elem->mixer;
An easy way to fix/avoid this is to remove "snd_mixer_t *mixer = elem->mixer;" and replace "mixer" with "elem->mixer" in the function. Like this:
static int hctl_elem_event_handler(snd_hctl_elem_t *helem, unsigned int mask) { snd_mixer_elem_t *elem = helem->private_data; //MLN fix: snd_mixer_t *mixer = elem->mixer; int err;
if (!elem) return 0;
if (mask == SND_CTL_EVENT_MASK_REMOVE) { err = _snd_mixer_elem_throw_event(elem, mask); if (err < 0) return err; remove_simple_element(helem, 1); return 0; } if (mask & SND_CTL_EVENT_MASK_INFO) { remove_simple_element(helem, 0); add_simple_element(helem, elem->mixer); // MLN fix: "mixer" substituted by "elem->mixer" err = snd_mixer_elem_info(elem); if (err < 0) return err; snd_mixer_sort(elem->mixer); // MLN fix: "mixer" substituted by "elem->mixer" } if (mask & SND_CTL_EVENT_MASK_VALUE) { err = update_simple_element(helem, elem); if (err < 0) return err; if (err) { err = snd_mixer_elem_value(elem); if (err < 0) return err; } } return 0; }
Kind regards, Mogens
At Thu, 5 Nov 2009 11:32:39 +0100, Mogens Lindholdt Lauridsen wrote:
Hi,
I got an application which uses Salsa 0.0.25. When I quit this application, it ends with a seg. fault.
I don't know if this is caused by my application using Salsa wrongly, or a problem in Salsa.
However, I got a fix for it.
When my application closes, "hctl_elem_event_handler" is called. And since "helem->private_data" is null, this causes a seg. fault: snd_mixer_elem_t *elem = helem->private_data; snd_mixer_t *mixer = elem->mixer;
It seems like: if (!elem) return 0; should have been before: snd_mixer_t *mixer = elem->mixer;
Ah, a typical NULL dereference. Fixed and released as version 0.0.26 now.
thanks,
Takashi
participants (2)
-
Mogens Lindholdt Lauridsen -
Takashi Iwai