Re: [PATCH] conf: fix memory leak on the error path in parse_args()
Having a little trouble which bisected to this patch.
First noticed it's causing Chromium to crash out one of its subprocesses (stack trace below)
Can actually be replicated with a simple "aplay -L":
aplay: conf.c:2207: snd_config_delete: Assertion `config' failed. Aborted (core dumped)
Program received signal SIGABRT, Aborted. 0x00007ffff7984c7b in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7984c7b in raise () from /lib64/libc.so.6 #1 0x00007ffff7965548 in abort () from /lib64/libc.so.6 #2 0x00007ffff796542f in __assert_fail_base.cold () from /lib64/libc.so.6 #3 0x00007ffff7975fc2 in __assert_fail () from /lib64/libc.so.6 #4 0x00007ffff7cce7e2 in snd_config_delete (config=<optimized out>) at conf.c:2207 #5 0x00007ffff7cd004d in parse_args (subs=0x6c66f0, str=<optimized out>, str@entry=0x641fa5 "CARD=Layla3G,DEV=0", defs=<optimized out>) at conf.c:5172 #6 0x00007ffff7cd0c31 in snd_config_expand (config=0x6594a0, root=root@entry=0x639330, args=args@entry=0x641fa5 "CARD=Layla3G,DEV=0", private_data=private_data@entry=0x0, result=result@entry=0x7fffffffdf80) at conf.c:5227 #7 0x00007ffff7cd13e2 in snd_config_search_definition (config=config@entry=0x639330, base=base@entry=0x40cf74 "pcm", name=name@entry=0x641fa0 "plug:CARD=Layla3G,DEV=0", result=result@entry=0x7fffffffdf80) at conf.c:5312 #8 0x00007ffff7cd8154 in try_config (config=config@entry=0x639330, list=list@entry=0x7fffffffe260, base=0x40cf74 "pcm", name=<optimized out>) at namehint.c:269 #9 0x00007ffff7cd8e8a in add_card (config=<optimized out>, rw_config=0x639330, list=list@entry=0x7fffffffe260, card=0) at namehint.c:488 #10 0x00007ffff7cd9410 in snd_device_name_hint (card=0, card@entry=-1, iface=<optimized out>, iface@entry=0x40cf74 "pcm", hints=hints@entry=0x7fffffffe308) at namehint.c:639 #11 0x000000000040442b in pcm_list () at aplay.c:339 #12 0x000000000040a638 in main (argc=2, argv=0x7fffffffe5c8) at aplay.c:824
I saw "namehint" in the stack; I'm using this fragment of asoundrc (it's the only way to get chosen ALSA devices available in Chrome) but it seems to be unrelated; commenting it out and the assertion still fails. I haven't had time to look any deeper.
namehint.pcm [ "layla1|Layla: Microphone input 1" "layla2|Layla: Microphone input 2" "layla12|Layla: Microphone inputs 1,2" "layla34|Layla: Line inputs 3,4 (DJ mixer)" "layla|Layla: Analogue inputs 1,2,3,4" "plug:shure|Shure X2U: Microphone input" "plug:dj1|Audio 8 DJ: Input 1 (Left deck)" "plug:dj2|Audio 8 DJ: Input 2 (Right deck)" "plug:local|Local audio bus" ]
On Wed, 17 Mar 2021 16:44:20 +0100, Mark Hills wrote:
Having a little trouble which bisected to this patch.
First noticed it's causing Chromium to crash out one of its subprocesses (stack trace below)
Can actually be replicated with a simple "aplay -L":
aplay: conf.c:2207: snd_config_delete: Assertion `config' failed. Aborted (core dumped)
That patch seems to have a few flaws. Could you check the patch below covers it?
thanks,
Takashi
--- a/src/conf.c +++ b/src/conf.c @@ -5080,6 +5080,8 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) const char *new = str; const char *tmp; char *val = NULL; + + sub = NULL; err = parse_arg(&new, &varlen, &val); if (err < 0) goto _err; @@ -5104,6 +5106,7 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) err = snd_config_search(subs, var, &sub); if (err >= 0) snd_config_delete(sub); + sub = NULL; err = snd_config_search(def, "type", &typ); if (err < 0) { _invalid_type: @@ -5169,7 +5172,8 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) err = snd_config_add(subs, sub); if (err < 0) { _err: - snd_config_delete(sub); + if (sub) + snd_config_delete(sub); free(val); return err; }
On Wed, 17 Mar 2021, Takashi Iwai wrote:
On Wed, 17 Mar 2021 16:44:20 +0100, Mark Hills wrote:
Having a little trouble which bisected to this patch.
First noticed it's causing Chromium to crash out one of its subprocesses (stack trace below)
Can actually be replicated with a simple "aplay -L":
aplay: conf.c:2207: snd_config_delete: Assertion `config' failed. Aborted (core dumped)
That patch seems to have a few flaws. Could you check the patch below covers it?
Thanks. Yes, the patch builds ok and resolves my two test cases (aplay and chromium). That's the only testing I've done so far.
--- a/src/conf.c +++ b/src/conf.c @@ -5080,6 +5080,8 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) const char *new = str; const char *tmp; char *val = NULL;
sub = NULL;@@ -5104,6 +5106,7 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) err = snd_config_search(subs, var, &sub); if (err >= 0) snd_config_delete(sub);
sub = NULL;@@ -5169,7 +5172,8 @@ static int parse_args(snd_config_t *subs, const char *str, snd_config_t *defs) err = snd_config_add(subs, sub); if (err < 0) { _err:
snd_config_delete(sub);
if (sub)snd_config_delete(sub); free(val); return err;
participants (2)
-
Mark Hills -
Takashi Iwai