Bug 130968

Summary: sox segfaults after run
Product: [Fedora] Fedora Reporter: Paul Nasrat <nobody+pnasrat>
Component: soxAssignee: Thomas Woerner <twoerner>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: byte
Target Milestone: ---   
Target Release: ---   
Hardware: powerpc   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-08-26 15:35:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 121179    

Description Paul Nasrat 2004-08-26 08:54:27 UTC 
Description of problem:

[root@imac ~]# gdb /usr/bin/sox
GNU gdb Red Hat Linux (6.1post-1.20040607.22rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and
you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for
details.
This GDB was configured as "ppc-redhat-linux-gnu"...Using host
libthread_db libr ary "/lib/tls/libthread_db.so.1".
 
(gdb) run  -v 2 /usr/share/system-config-soundcard/sound-sample.wav -t
ossdsp /d ev/audio
Starting program: /usr/bin/sox -v 2
/usr/share/system-config-soundcard/sound-sam ple.wav -t ossdsp /dev/audio
 
Program received signal SIGSEGV, Segmentation fault.
_int_free (av=0xffc581c, mem=0x7ffffbe4) at malloc.c:4215
4215          nextsize = chunksize(nextchunk);
(gdb)


Version-Release number of selected component (if applicable):

kernel-2.6.8-1.526
glibc-2.3.3-46
sox-12.17.5-1

How reproducible:

Always

Steps to Reproduce:
1. sox  -v 2 /usr/share/system-config-soundcard/sound-sample.wav -t
ossdsp /d ev/audio
  
Actual results:

Sound plays then segfault

Expected results:

No segfault

Additional info:

Confirmed on two seperate ppc boxes, x86 does not seem to have this
issue.
Comment 1 Paul Nasrat 2004-08-26 09:53:42 UTC 
ef:
  Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens
<bruce>
 
ElectricFence Aborting: free(7ffffbd3): address not from malloc().

valgrind snippet:

==25804== Invalid free() / delete / delete[]
==25804==    at 0xFE9903C: free (vg_replace_malloc.c:186)
==25804==    by 0x100173A0: (within /usr/bin/sox)
==25804==    by 0x10004430: (within /usr/bin/sox)
==25804==    by 0xF83F824: __libc_start_main (in /lib/libc-2.3.3.so)
==25804==  Address 0x7FFFFB2B is on thread 1's stack
...

==25804== malloc/free: 7 allocs, 8 frees, 48736 bytes allocated.

Double free?
Comment 2 Thomas Woerner 2004-08-26 15:35:10 UTC 
No, the problem was a free on an unset pointer in the wav file handler.

Fixed in rawhide in rpm sox-12.17.5-2, or newer.