I just added this to the mpg123 tracker item: I managed to reproduce a crash (no report of double free(), but a segfault during free()) on a VM install of debian testing, with mpg123 from unstable.
The funny thing is that I observe the debian mpg123 binary crashing with the debian libmpg123 and a self-built one from vanilla upstream sources, but vice versa the self-built mpg123 binary is _not_ crashing with either lib. The offending free() call does happen in libmpg123, it's the cleanup during mpg123_delete(). I have no idea so far what shold be wrong here... everything looks right. Mpg123 allocates rawdecwin = 0xb930ee30 ... and at the end wants to free rawdecwin = 0xb930ee30. What special trick is there going on with the packaged binary that it triggers a segfault at the free()? Valgrind also has nothing to complain. The essence of the two log files I attached there is that the crash occurs on a regular and for all I can tell valid call to free() with a pointer that was returned from malloc() before. There must be some other mess up with glibc's internals. Can you repeat what I did: 1. Download the vanilla sources: http://mpg123.org/current 2. Build that (no need for devel packages, libc is enough) cd mpg123-1.12.1 && ./configure --prefix=some_place && make && make install 3. Download test file from mpg123 repo: http://mpg123.org/cgi-bin/viewvc.cgi/test/regression/drum.mp3 4. run some_place/mpg123 --cpu generic -o dummy drum.mp3 5. run mpg123 --cpu generic -o dummy drum.mp3 6. Use LD_LIBRARY_PATH run each binary with each library, LD_LIBRARY_PATH=some_place/lib mpg123 ... For me, every call with the packaged /usr/bin/mpg123 crashes after decoding the file, every call with the self-built one succeeds. Explanations welcome. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
