pkgsrc-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
pkg/49929: play from audio/sox can hit sigsegv
>Number: 49929
>Category: pkg
>Synopsis: play from audio/sox can hit sigsegv
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 25 18:45:00 +0000 2015
>Originator: Onno van der Linden
>Release: NetBSD 7.99.15
>Organization:
>Environment:
System: NetBSD sheep 7.99.15 NetBSD 7.99.15 (SHEEP) #0: Sat May 9 08:11:50 MEST 2015 onno@sheep:/usr/src/sys/arch/i386/compile/SHEEP i386
Architecture: i386
Machine: i386
>Description:
play from audio/sox (14.4.2) package can hit a sigsegv
>How-To-Repeat:
$ ls -al x.wav
-rw-r--r-- 1 onno wheel 8240 May 25 15:39 x.wav
$ file x.wav
x.wav: RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
And with the default buffer size of 8192 and some additional
debug output in sunwrite() (sunaudio.c:444) I get:
$ play -q x.wav
cInput=4098 cInputRemaining=4098 cOutput=4096
cInput=4098 cInputRemaining=2 cOutput=4096
cInput=4098 cInputRemaining=4294963202 cOutput=4096
cInput=4098 cInputRemaining=4294959106 cOutput=4096
cInput=4098 cInputRemaining=4294955010 cOutput=4096
[ ... ]
Memory fault (core dumped)
Turns out that osswrite() (oss.c:356) has the same
bug. Fixes below have been sent upstream to the sox-devel
mailinglist.
Onno
>Fix:
--- src/oss.c.orig 2015-05-25 17:12:12.000000000 +0200
+++ src/oss.c 2015-05-25 17:15:28.000000000 +0200
@@ -369,7 +369,7 @@
size_t cbStride;
int cbWritten;
- cStride = cInput;
+ cStride = cInputRemaining;
if (cStride > pPriv->cOutput) {
cStride = pPriv->cOutput;
}
--- src/sunaudio.c.orig 2015-05-25 17:16:43.000000000 +0200
+++ src/sunaudio.c 2015-05-25 17:13:19.000000000 +0200
@@ -442,7 +442,7 @@
size_t cbStride;
int cbWritten;
- cStride = cInput;
+ cStride = cInputRemaining;
if (cStride > pPriv->cOutput) {
cStride = pPriv->cOutput;
}
Home |
Main Index |
Thread Index |
Old Index