Package: gcdmaster
Version: 1:1.2.3-0.1
Severity: important
Tags: patch
Hi!
When pressing the "play" button in gcdmaster, the program segfaults with
the following backtrace:
Program received signal SIGSEGV, Segmentation fault.
__strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
31 ../sysdeps/x86_64/multiarch/../strlen.S: No such file or
directory.
in ../sysdeps/x86_64/multiarch/../strlen.S
(gdb) bt
#0 __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:31
#1 0x00007ffff040a2f6 in _sanitize_matrix (maxchannels=<value optimized out>,
matrix=0x30 <Address 0x30 out of bounds>, device=0xa1c8a0)
at audio_out.c:633
#2 0x00007ffff040a96b in _open_device (driver_id=<value optimized out>,
format=0xa1a5e0, options=0x0, file=<value optimized out>)
at audio_out.c:989
#3 0x0000000000471561 in SoundIF::start (this=0xa19960) at SoundIF-ao.cc:69
#4 0x000000000041a9df in AudioCDProject::playStart (this=0x9a2600, start=0,
end=26189519) at AudioCDProject.cc:452
#5 0x000000000041e701 in AudioCDProject::playStart (this=0x9a2600)
at AudioCDProject.cc:425
Reason:
The constructor misses to initialize the format variable properly. As
mentioned in
<http://www.xiph.org/ao/doc/ao_sample_format.html>,
it (currently) consists of the following five entries:
typedef struct {
int bits; /* bits per sample */
int rate; /* samples per second (in a single channel) */
int channels; /* number of audio channels */
int byte_format; /* Byte ordering in sample, see constants below */
char *matrix; /* channel input matrix */
} ao_sample_format;
However, gcdmaster only sets four of them:
impl_->format.bits = 16;
impl_->format.rate = 44100;
impl_->format.channels = 2;
impl_->format.byte_format = AO_FMT_NATIVE;
Obviously, matrix isn't defined. The pointer is then later accessed,
pointing to random addresses and hence triggering sigsegv.
The attached patch fixes this problem. It also does a little bit more,
it memsets the struct, so all values will be properly initialized, even
if the definition of typedef ao_sample_format will change in the future.
Justification for the chosen severity level: the bug has a major effect
on the usability of this package. Preparing a CD (pre-gaps, track
boundaries, endings a.s.o.) without being able to listen to the result
is like drawing something in Gimp without being able to actually see it.
One would have to work blindly, and this simply doesn't make sense for
such a package.
Cheerio
PS: This patch needs to be forwarded to upstream (please take care).
Until it's included in an upcoming release, also update the DEP-3 header
to point to the right bug number.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.5
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--- Begin Message ---
--- a/xdao/SoundIF-ao.cc
+++ b/xdao/SoundIF-ao.cc
@@ -22,6 +22,7 @@
#include "SoundIF.h"
#include "Sample.h"
#include "util.h"
+#include <cstring>
class SoundIFImpl
{
@@ -37,10 +38,12 @@ SoundIF::SoundIF()
impl_ = new SoundIFImpl;
impl_->driverId = ao_default_driver_id();
+ memset(&(impl_->format), 0, sizeof (ao_sample_format));
impl_->format.bits = 16;
impl_->format.rate = 44100;
impl_->format.channels = 2;
impl_->format.byte_format = AO_FMT_NATIVE;
+ impl_->format.matrix = NULL;
}
SoundIF::~SoundIF()
--- End Message ---
