[alsa-devel] Segmentation Fault in snd_pcm_rate_hw_free()

Takashi Iwai tiwai at suse.de
Tue Aug 18 11:59:09 CEST 2015 

On Tue, 18 Aug 2015 11:51:18 +0200,
Alexandru Costache wrote:
> 
> Hi,
> 
> I was reproducing the crash that Valentin Corfu reported earlier with his
> test.
> 
> Valgrind and gdb show that
> expand_linear_s16() is somehow corrupting the area used for memory
> management by libc for rate->pareas[0].addr
> 
> More exactly, the line that seems to corrupt the heap in
> 
> static void expand_linear_s16() is:
> 
> *dst = (old_sample * old_weight + new_sample * new_weight) >> 16;
> 
> 
> As Valgrind says:
> 
> ==11161== Invalid write of size 2
> ==11161==    at 0x40A8A82: linear_expand_s16 (pcm_rate_linear.c:179)
> ==11161==    by 0x40A85A9: linear_convert (pcm_rate_linear.c:320)
> ==11161==    by 0x40A6915: do_convert (pcm_rate.c:537)
> ==11161==    by 0x40A6C7D: snd_pcm_rate_write_areas1 (pcm_rate.c:550)
> ==11161==    by 0x40A6C7D: snd_pcm_rate_commit_area (pcm_rate.c:749)
> ==11161==    by 0x40A7014: snd_pcm_rate_drain (pcm_rate.c:1105)
> ==11161==    by 0x4084511: snd_pcm_drain (pcm.c:1122)
> ==11161==    by 0x8049288: main (in /root/pcm_min_daisuke)
> ==11161==  Address 0x43d6258 is 0 bytes after a block of size 86,016 alloc'd
> ==11161==    at 0x40261B1: malloc (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==11161==    by 0x4099801: snd_pcm_mmap (pcm_mmap.c:425)
> ==11161==    by 0x4093CA7: sndrv_pcm_hw_params (pcm_params.c:2366)
> ==11161==    by 0x409A59C: snd1_pcm_generic_hw_params (pcm_generic.c:104)
> ==11161==    by 0x4091E7F: snd1_pcm_hw_params_slave (pcm_params.c:2250)
> ==11161==    by 0x40A54AC: snd_pcm_rate_hw_params (pcm_rate.c:246)
> ==11161==    by 0x4093AE3: sndrv_pcm_hw_params (pcm_params.c:2326)
> ==11161==    by 0x40ABC37: snd_pcm_plug_hw_params (pcm_plug.c:1045)
> ==11161==    by 0x4093AE3: sndrv_pcm_hw_params (pcm_params.c:2326)
> ==11161==    by 0x4084281: snd_pcm_hw_params (pcm.c:830)
> ==11161==    by 0x8048F84: main (in /root/pcm_min_daisuke)
> ==11161==
> ==11161== Invalid free() / delete / delete[] / realloc()
> ==11161==    at 0x402726D: free (in
> /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
> ==11161==    by 0x40A53C0: snd_pcm_rate_hw_free (pcm_rate.c:344)
> ==11161==    by 0x4083CDA: snd_pcm_hw_free (pcm.c:853)
> ==11161==    by 0x40A9E8D: snd_pcm_plug_hw_free (pcm_plug.c:1061)
> ==11161==    by 0x4083CDA: snd_pcm_hw_free (pcm.c:853)
> ==11161==    by 0x80492AC: main (in /root/pcm_min_daisuke)
> ==11161==  Address 0xe705004b is not stack'd, malloc'd or (recently) free'd
> 
> I'm not very familiar with alsa in general and was wondering if someone who
> knows more on it can drop a look on this one?

This is very much dependent on the setup.  Please clarify your setup
and the exact code you're using.


Takashi

More information about the Alsa-devel mailing list