Hi, ----- "Thomas Orgis" <thomas-fo...@orgis.org> wrote:
> Am Sat, 22 May 2010 03:43:28 +0400 (MSD) > schrieb William Pitcock <neno...@dereferenced.org>: > > > This is due to a memory alignment issue in the way that the struct > is packed. > > With some help from an affected user, we bisected it to mpg123 SVN > r2491. > > OK, that revision replaced aligned memory blocks that relied on > special > compiler support with manually aligned pointers, that potentially > work > on any C compiler. If there is something un-aligned, this is a > serious > bug in my code there. That was the whole point Understandable. > > > The reason why is because some of the assembly decoders and also the > reference > > decoders expect the memory to be aligned. If this is not true, it > writes to > > memory outside of the array, causing subtle heap corruption. > > Can you point out what piece of code writes to outside the array? > That > sounds like I miscalculated some buffer size. Or it was already wrong > in the old code, but for some reason there's been padding that has > hidden the issue. > So... are we talking about unaligned access or about buffer overflow? > your explanations suggests the latter. Both. I believe this is caused by a bug where the pointers appear to become realigned twice (e.g. to the next 16 bytes.) So I believe the second realignment is a bug that has always been there. It is true that the fraction blocks are "padded" in r2149, this is due to the fact that the blocks were in stack memory so they had as much padding as they pretty much wanted, provided that accesses didn't go past the stack boundary (usually 4M on i386, 16M on x86-64.) So there is a bug here, but for the time being there are two easy ways to fix this bug as far as Debian is concerned: * Reversion of r2491 (the patch supplied does that) * Adding additional padding to the code (make it 64 bytes to ensure that the block is cache-aligned) If you would like me to prepare a new patch that adds additional padding, please let me know. It appears that you made some progress in that direction on the IRC channel this morning; I was out of office until the afternoon. William -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
