I can confirm this error. It looks like there is some iterator running, and when snd_config_search_definition runs, it changes the config tree, because there is some hook that does this. So the iterator's pointing to already freed memory.
The iterator is probably the one in the add_card function, because it repeatedly runs try_config. ** Changed in: alsa-lib (Ubuntu) Status: New => Triaged -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to alsa-lib in Ubuntu. https://bugs.launchpad.net/bugs/1008600 Title: valgrind aplay -L prints scary warnings Status in “alsa-lib” package in Ubuntu: Triaged Bug description: valgrind reports a lot of scary errors when run on aplay -L , it looks like the alsa snd_device_name_hint function is doing some dangerous stuff: ==30818== Memcheck, a memory error detector ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30818== Command: aplay -L ==30818== ==30818== Invalid read of size 8 ==30818== at 0x50653F0: snd_config_iterator_next (conf.c:3885) ==30818== by 0x5070732: snd_device_name_hint (namehint.c:506) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E94: snd_config_delete (conf.c:1850) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 8 ==30818== at 0x506470E: snd_config_get_id (conf.c:1578) ==30818== by 0x50706F7: snd_device_name_hint (namehint.c:508) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E94: snd_config_delete (conf.c:1850) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818== at 0x558DDBA: vfprintf (vfprintf.c:1624) ==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818== by 0x506F50F: try_config (stdio2.h:34) ==30818== by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818== at 0x55BFB98: _IO_default_xsputn (genops.c:480) ==30818== by 0x558DBED: vfprintf (vfprintf.c:1624) ==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818== by 0x506F50F: try_config (stdio2.h:34) ==30818== by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818== at 0x55BFBA7: _IO_default_xsputn (genops.c:479) ==30818== by 0x558DBED: vfprintf (vfprintf.c:1624) ==30818== by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818== by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818== by 0x506F50F: try_config (stdio2.h:34) ==30818== by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c822 is 2 bytes inside a block of size 8 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818== at 0x4C2E439: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x506F6BF: try_config (string3.h:105) ==30818== by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818== by 0x403DE8: ??? (in /usr/bin/aplay) ==30818== by 0x4094A8: ??? (in /usr/bin/aplay) ==30818== by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818== at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818== by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818== by 0x5066425: parse_defs (conf.c:1200) ==30818== by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818== by 0x5066A0C: config_file_open (conf.c:3403) ==30818== by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818== by 0x64C8ACC: ??? ==30818== by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818== by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818== by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818== by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818== by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== default Playback/recording through the PulseAudio sound server null Discard all samples (playback) or generate zero samples (capture) pulse PulseAudio Sound Server default Playback/recording through the PulseAudio sound server sysdefault:CARD=I82801AAICH Intel 82801AA-ICH, Intel 82801AA-ICH Default Audio Device front:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH Front speakers surround40:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH 4.0 Surround output to Front and Rear speakers surround41:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH 4.1 Surround output to Front, Rear and Subwoofer speakers surround50:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH 5.0 Surround output to Front, Center and Rear speakers surround51:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH 5.1 Surround output to Front, Center, Rear and Subwoofer speakers iec958:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH IEC958 (S/PDIF) Digital Audio Output dmix:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH Direct sample mixing device dsnoop:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH Direct sample snooping device hw:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH Direct hardware device without any conversions plughw:CARD=I82801AAICH,DEV=0 Intel 82801AA-ICH, Intel 82801AA-ICH Hardware device with all software conversions ==30818== ==30818== HEAP SUMMARY: ==30818== in use at exit: 32,284 bytes in 94 blocks ==30818== total heap usage: 16,469 allocs, 16,375 frees, 719,816 bytes allocated ==30818== ==30818== LEAK SUMMARY: ==30818== definitely lost: 0 bytes in 0 blocks ==30818== indirectly lost: 0 bytes in 0 blocks ==30818== possibly lost: 0 bytes in 0 blocks ==30818== still reachable: 32,284 bytes in 94 blocks ==30818== suppressed: 0 bytes in 0 blocks ==30818== Rerun with --leak-check=full to see details of leaked memory ==30818== ==30818== For counts of detected and suppressed errors, rerun with: -v ==30818== ERROR SUMMARY: 25 errors from 6 contexts (suppressed: 2 from 2) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/alsa-lib/+bug/1008600/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp