[alsa-devel] Segmentation Fault in snd_pcm_rate_hw_free()

Takashi Iwai tiwai at suse.de
Tue Aug 4 17:15:42 CEST 2015 

On Tue, 04 Aug 2015 17:02:26 +0200,
Valentin Corfu wrote:
> 
> 
> 
> On 04.08.2015 17:53, Takashi Iwai wrote:
> > On Tue, 04 Aug 2015 16:08:30 +0200,
> > Valentin Corfu wrote:
> >> Hello ALSA developers,
> >>
> >> I observed one segmentation fault in snd_pcm_rate_hw_free() function,
> >> with the following BT:
> >>
> >> (gdb) up
> >> #1  0xb7554cc1 in raise (sig=6) at
> >> ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> >> 64        return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
> >> (gdb)
> >> #2  0xb75580ee in abort () at abort.c:92
> >> 92            raise (SIGABRT);
> >> (gdb)
> >> #3  0xb758a7dd in __libc_message (do_abort=2,
> >>       fmt=0xb766053c "*** glibc detected *** %s: %s: 0x%s ***\n")
> >>       at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
> >> 189           abort ();
> >> (gdb)
> >> #4  0xb7594a71 in malloc_printerr (action=<value optimized out>,
> >>       str=<value optimized out>, ptr=0x969ae98) at malloc.c:6283
> >> 6283          __libc_message (action & 2,
> >> (gdb)
> >> #5  0xb759636b in _int_free (av=<value optimized out>, p=0x969ae90)
> >>       at malloc.c:4795
> >> 4795          malloc_printerr (check_action, errstr, chunk2mem(p));
> >> (gdb)
> >> #6  0xb75994bd in __libc_free (mem=0x969ae98) at malloc.c:3738
> >> 3738      _int_free(ar_ptr, p);
> >> (gdb)
> >> #7  0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341
> >> 341                     free(rate->pareas[0].addr);
> > Could you check the content of rate->pareas[0] via gdb?
> (gdb) frame 7
> #7  0xb76f3a81 in snd_pcm_rate_hw_free (pcm=0x9685d78) at pcm_rate.c:341
> 341                     free(rate->pareas[0].addr);
> (gdb) print rate->pareas[0]
> $1 = {addr = 0x969ae98, first = 0, step = 16}
> (gdb) print rate->pareas[0].addr
> $2 = (void *) 0x969ae98

And accessing to pareas[0].addr is OK?  This is a temporary sample
buffer allocated in alsa-lib rate plugin.


> >> (gdb)
> >> #8  0xb76d045b in snd_pcm_hw_free (pcm=0x9685d78) at pcm.c:858
> >> 858             err = pcm->ops->hw_free(pcm->op_arg);
> >> (gdb)
> >> #9  0xb76f826e in snd_pcm_plug_hw_free (pcm=0x96856b0) at pcm_plug.c:1046
> >> 1046            int err = snd_pcm_hw_free(slave);
> >> (gdb)
> >> #10 0xb76d045b in snd_pcm_hw_free (pcm=0x96856b0) at pcm.c:858
> >> 858             err = pcm->ops->hw_free(pcm->op_arg);
> >> (gdb)
> >> #11 0x080492ad in main ()
> >>
> >>
> >> Could you please give me some hints how to solve this issue?
> >>
> >> I can provide you more info or the test application, if needed.
> >> I can see the issue every time, and I also checked with latest version
> >> of alsa-lib but I got the same results.
> > I don't know of such an error, so far.
> > It smells like some memory corruption to me.
> >
> > If a test case is a simple code, tracking the bug would be easy...
> I have paste it here:
> http://pastebin.com/WJDTz6cE

It works fine on my system.  How is your PCM setup?  Does the same
problem occur for "plughw" PCM, too?  Also, no external PCM rate
plugin is involved?


Takashi

More information about the Alsa-devel mailing list