[Kernel-packages] [Bug 1008600] Re: segfault in namehint API (valgrind aplay -L prints scary warnings)
it makes WebRTC completely unusable on Ubuntu 13.10 current stable release. Can anyone backport it to Saucy ? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to alsa-lib in Ubuntu. https://bugs.launchpad.net/bugs/1008600 Title: segfault in namehint API (valgrind aplay -L prints scary warnings) Status in “alsa-lib” package in Ubuntu: Fix Released Bug description: valgrind reports a lot of scary errors when run on aplay -L , it looks like the alsa snd_device_name_hint function is doing some dangerous stuff: ==30818== Memcheck, a memory error detector ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30818== Command: aplay -L ==30818== ==30818== Invalid read of size 8 ==30818==at 0x50653F0: snd_config_iterator_next (conf.c:3885) ==30818==by 0x5070732: snd_device_name_hint (namehint.c:506) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 8 ==30818==at 0x506470E: snd_config_get_id (conf.c:1578) ==30818==by 0x50706F7: snd_device_name_hint (namehint.c:508) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x558DDBA: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x55BFB98: _IO_default_xsputn (genops.c:480) ==30818==by 0x558DBED: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint (namehint.c:512)
[Kernel-packages] [Bug 1008600] Re: segfault in namehint API (valgrind aplay -L prints scary warnings)
This bug was fixed in the package alsa-lib - 1.0.27.2-3ubuntu2 --- alsa-lib (1.0.27.2-3ubuntu2) trusty; urgency=low * Fix-access-of-freed-memory-in-namehints.patch: Some applications using the namehints API might occasionally crash (LP: #1008600) -- David Henningsson david.hennings...@canonical.com Fri, 07 Feb 2014 08:33:55 +0100 ** Changed in: alsa-lib (Ubuntu) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to alsa-lib in Ubuntu. https://bugs.launchpad.net/bugs/1008600 Title: segfault in namehint API (valgrind aplay -L prints scary warnings) Status in “alsa-lib” package in Ubuntu: Fix Released Bug description: valgrind reports a lot of scary errors when run on aplay -L , it looks like the alsa snd_device_name_hint function is doing some dangerous stuff: ==30818== Memcheck, a memory error detector ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30818== Command: aplay -L ==30818== ==30818== Invalid read of size 8 ==30818==at 0x50653F0: snd_config_iterator_next (conf.c:3885) ==30818==by 0x5070732: snd_device_name_hint (namehint.c:506) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 8 ==30818==at 0x506470E: snd_config_get_id (conf.c:1578) ==30818==by 0x50706F7: snd_device_name_hint (namehint.c:508) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x558DDBA: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x55BFB98:
[Kernel-packages] [Bug 1008600] Re: segfault in namehint API (valgrind aplay -L prints scary warnings)
Thank you for the patch and for applying the fix to Trusty! Would anyone consider nominating this bug also for Saucy? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to alsa-lib in Ubuntu. https://bugs.launchpad.net/bugs/1008600 Title: segfault in namehint API (valgrind aplay -L prints scary warnings) Status in “alsa-lib” package in Ubuntu: Fix Released Bug description: valgrind reports a lot of scary errors when run on aplay -L , it looks like the alsa snd_device_name_hint function is doing some dangerous stuff: ==30818== Memcheck, a memory error detector ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30818== Command: aplay -L ==30818== ==30818== Invalid read of size 8 ==30818==at 0x50653F0: snd_config_iterator_next (conf.c:3885) ==30818==by 0x5070732: snd_device_name_hint (namehint.c:506) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 8 ==30818==at 0x506470E: snd_config_get_id (conf.c:1578) ==30818==by 0x50706F7: snd_device_name_hint (namehint.c:508) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x558DDBA: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x55BFB98: _IO_default_xsputn (genops.c:480) ==30818==by 0x558DBED: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint
[Kernel-packages] [Bug 1008600] Re: segfault in namehint API (valgrind aplay -L prints scary warnings)
** Summary changed: - valgrind aplay -L prints scary warnings + segfault in namehint API (valgrind aplay -L prints scary warnings) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to alsa-lib in Ubuntu. https://bugs.launchpad.net/bugs/1008600 Title: segfault in namehint API (valgrind aplay -L prints scary warnings) Status in “alsa-lib” package in Ubuntu: Fix Committed Bug description: valgrind reports a lot of scary errors when run on aplay -L , it looks like the alsa snd_device_name_hint function is doing some dangerous stuff: ==30818== Memcheck, a memory error detector ==30818== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==30818== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==30818== Command: aplay -L ==30818== ==30818== Invalid read of size 8 ==30818==at 0x50653F0: snd_config_iterator_next (conf.c:3885) ==30818==by 0x5070732: snd_device_name_hint (namehint.c:506) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8f8 is 40 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 8 ==30818==at 0x506470E: snd_config_get_id (conf.c:1578) ==30818==by 0x50706F7: snd_device_name_hint (namehint.c:508) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c8d0 is 0 bytes inside a block of size 72 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E94: snd_config_delete (conf.c:1850) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x558DDBA: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722: snd_device_name_hint (namehint.c:512) ==30818==by 0x403DE8: ??? (in /usr/bin/aplay) ==30818==by 0x4094A8: ??? (in /usr/bin/aplay) ==30818==by 0x556576C: (below main) (libc-start.c:226) ==30818== Address 0x5e0c820 is 0 bytes inside a block of size 8 free'd ==30818==at 0x4C2A82E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==30818==by 0x5065E8C: snd_config_delete (conf.c:1849) ==30818==by 0x5066425: parse_defs (conf.c:1200) ==30818==by 0x50667E5: snd_config_load1 (conf.c:1661) ==30818==by 0x5066A0C: config_file_open (conf.c:3403) ==30818==by 0x506827D: snd_config_hook_load (conf.c:3528) ==30818==by 0x64C8ACC: ??? ==30818==by 0x5068EBC: snd_config_hooks.constprop.26 (conf.c:3326) ==30818==by 0x50694C3: snd_config_searcha_hooks (conf.c:3127) ==30818==by 0x5069599: snd_config_searchva_hooks (conf.c:3164) ==30818==by 0x5069675: snd1_config_search_alias_hooks (conf.c:3194) ==30818==by 0x50687A1: snd_config_search_definition (conf.c:4782) ==30818== ==30818== Invalid read of size 1 ==30818==at 0x55BFB98: _IO_default_xsputn (genops.c:480) ==30818==by 0x558DBED: vfprintf (vfprintf.c:1624) ==30818==by 0x564B403: __vsprintf_chk (vsprintf_chk.c:86) ==30818==by 0x564B34C: __sprintf_chk (sprintf_chk.c:33) ==30818==by 0x506F50F: try_config (stdio2.h:34) ==30818==by 0x5070722:
