pkg/56800: hitting v or V during sox's play command causes a segfault

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/56800: hitting v or V during sox's play command causes a segfault
From: Onno van der Linden <o.vd.linden%quicknet.nl@localhost>
Date: Fri, 22 Apr 2022 16:20:00 +0000 (UTC)

>Number:         56800
>Category:       pkg
>Synopsis:       hitting v or V during sox's play command causes a segfault
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 22 16:20:00 +0000 2022
>Originator:     Onno van der Linden
>Release:        NetBSD 9.99.80
>Organization:
>Environment:
System: NetBSD sheep 9.99.80 NetBSD 9.99.80 (SHEEPKMS) #1: Thu Mar 4 19:16:39 CET 2021 onno@sheep:/usr/src/sys/arch/i386/compile/SHEEPKMS i386
Architecture: i386
Machine: i386
>Description:
Hitting v or V during sox's play command to decrease or increase the
volume causes a sigsegv.
>How-To-Repeat:
make sox in pkgsrc with the default option
play a music track
hit v or V on the keyboard
>Fix:
https://sourceforge.net/p/sox/code/ci/4b17639fb7591153dbd3e234eea21b1a2a29fcfa/
from more than 10 years ago changed the sun audio driver for the 14.4 release
to not use stdio (among others) while adjust_volume() in sox.c still used
fileno under the assumption that stdio was being used in the audio driver.
Calling fileno with a NULL pointer causes the sigsegv.
Replacement patches for patch-aa and patch-src_sunaudio.c below. They
make the now unused (in the audio driver's case) void *fp member of the
sox_format_t structure a pointer to the filedescriptor of the audio
device in the driver and reference it in adjust_volume() with an
additional check for NULL.

--- src/sox.c.orig	2014-10-06 04:02:30.000000000 +0200
+++ src/sox.c	2022-04-21 21:56:09.897437134 +0200
@@ -1313,7 +1313,8 @@
 #elif defined(HAVE_AUDIOIO_H)
 static void adjust_volume(int delta)
 {
-  int vol1 = 0, vol2 = 0, fd = fileno((FILE*)ofile->ft->fp);
+  int vol1 = 0, vol2 = 0, fd;
+  fd = ofile->ft->fp != NULL ? *((int *)ofile->ft->fp) : -1;
   if (fd >= 0) {
     audio_info_t audio_info;
     if (ioctl(fd, AUDIO_GETINFO, &audio_info) >= 0) {
@@ -1321,7 +1322,9 @@
       vol2 = range_limit(vol1 + delta, 0, 100);
       AUDIO_INITINFO(&audio_info);
       audio_info.play.gain = (vol2 * AUDIO_MAX_GAIN + 50) / 100;
+#if !defined(__NetBSD__)
       audio_info.output_muted = 0;
+#endif
       lsx_debug("%04x %04x", vol1, vol2);
       if (vol1 != vol2 && ioctl(fd, AUDIO_SETINFO, &audio_info) < 0)
         vol2 = vol1;
--- src/sunaudio.c.orig	2014-10-06 03:59:34.000000000 +0200
+++ src/sunaudio.c	2022-04-21 21:32:09.340445319 +0200
@@ -336,6 +336,8 @@
     pPriv->cOutput = sox_globals.bufsiz >> pPriv->sample_shift;
     pPriv->pOutput = lsx_malloc((size_t)pPriv->cOutput << pPriv->sample_shift);
 
+    ft->fp = &pPriv->device;
+
     return (SOX_SUCCESS);
 }
 
@@ -348,6 +350,7 @@
     if (pPriv->pOutput) {
         free(pPriv->pOutput);
     }
+    ft->fp = NULL;
     return SOX_SUCCESS;
 }
 
@@ -443,7 +446,7 @@
         size_t cbStride;
         int cbWritten;
 
-        cStride = cInput;
+        cStride = cInputRemaining;
         if (cStride > pPriv->cOutput) {
             cStride = pPriv->cOutput;
         }

Prev by Date: Re: pkg/56786: lang/rust fails to build on NetBSD-current
Next by Date: PR/56791 CVS commit: pkgsrc/lang/rust
Previous by Thread: Re: pkg/56335 (lang/rust fails on NetBSD/aarch64 with gcc 10.3.0)
Next by Thread: PR/56800 CVS commit: pkgsrc/audio/sox
Indexes:

Home | Main Index | Thread Index | Old Index