Bug 473080

Summary:	libpulse segfaults on invalidated **environ
Product:	[Fedora] Fedora	Reporter:	Josef Bacik <jbacik>
Component:	pulseaudio	Assignee:	Lennart Poettering <lpoetter>
Status:	CLOSED UPSTREAM	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	high	Docs Contact:
Priority:	high
Version:	10	CC:	ch.nolte, eddie, james, leigh123linux, lkundrak, lpoetter, oxben, pierre-bugzilla, rda, rdieter, udovdh
Target Milestone:	---
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2008-12-16 13:26:44 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Josef Bacik 2008-11-26 14:34:27 UTC

Description of problem:
Whenever I try to run xine it segfaults

Version-Release number of selected component (if applicable):
[josef@localhost ~]$ rpm -q xine
xine-0.99.5-5.fc10.x86_64
[josef@localhost ~]$ rpm -q pulseaudio
pulseaudio-0.9.13-6.fc10.x86_64


How reproducible:
Everytime

Steps to Reproduce:
1.Run Xine
2....
3.No profit
  
Actual results:
Segfault

Expected results:
No Segfault

Additional info:

[josef@localhost ~]$ gdb xine
GNU gdb Fedora (6.8-29.fc10) 
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.           
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"   
and "show warranty" for details.                                             
This GDB was configured as "x86_64-redhat-linux-gnu"...                      
(no debugging symbols found)                                                 
Missing separate debuginfos, use: debuginfo-install xine-0.99.5-5.fc10.x86_64
(gdb) run                                                                    
Starting program: /usr/bin/xine                                              
(no debugging symbols found)                                                 
(no debugging symbols found)                                                 
[Thread debugging using libthread_db enabled]                                
[New Thread 0x7f9c0049f7a0 (LWP 30312)]                                      
This is xine (X11 gui) - a free video player v0.99.5.                        
(c) 2000-2007 The xine Team.                                                 
[New Thread 0x7f9bfb5ad950 (LWP 30315)]                                      
[New Thread 0x7f9bfabac950 (LWP 30316)]                                      
[New Thread 0x7f9bf5688950 (LWP 30317)]                                      
[New Thread 0x7f9bf4450950 (LWP 30318)]                                      
[New Thread 0x7f9bf3441950 (LWP 30319)]                                      

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f9bf3441950 (LWP 30319)]    
0x00000038c6c5a3b6 in pa_init_proplist (p=0xfde510) at pulsecore/proplist-util.c:47
47          for (e = environ; *e; e++) {                                           
(gdb) list
42      #endif
43          char **e;
44                   
45          pa_assert(p);
46                       
47          for (e = environ; *e; e++) {
48                                      
49              if (pa_startswith(*e, "PULSE_PROP_")) {
50                  size_t kl = strcspn(*e+11, "=");   
51                  char *k;                           
(gdb) list
52        
53                  if ((*e)[11+kl] != '=')
54                      continue;          
55                                         
56                  if (!pa_utf8_valid(*e+11+kl+1))
57                      continue;                  
58                                                 
59                  k = pa_xstrndup(*e+11, kl);    
60                                                 
61                  if (pa_proplist_contains(p, k)) {
(gdb) print e                                        
$1 = (char **) 0x0                                   
(gdb) print environ                                  
$2 = (char **) 0x7fff084cf5a8                        
(gdb) while (*(environ++))
 >print environ
 >print *environ
 >end
$3 = (char **) 0x7fff084cf5b0
$4 = 0x7fff084d141f "KDE_MULTIHEAD=false"
$5 = (char **) 0x7fff084cf5b8            
$6 = 0x7fff084d1433 "HOSTNAME=localhost.localdomain"
$7 = (char **) 0x7fff084cf5c0                       
$8 = 0x7fff084d1452 "GPG_AGENT_INFO=/tmp/gpg-onqdUm/S.gpg-agent:2725:1"
$9 = (char **) 0x7fff084cf5c8                                          
$10 = 0x7fff084d1484 "TERM=xterm"                                      
$11 = (char **) 0x7fff084cf5d0                                         
$12 = 0x7fff084d148f "XDG_MENU_PREFIX=kde4-"                           
$13 = (char **) 0x7fff084cf5d8                                         
$14 = 0x7fff084d14a5 "SHELL=/bin/bash"                                 
$15 = (char **) 0x7fff084cf5e0                                         
$16 = 0x7fff084d14b5 "DESKTOP_STARTUP_ID="                             
$17 = (char **) 0x7fff084cf5e8                                         
$18 = 0x7fff084d14c9 "XDG_SESSION_COOKIE=7dedadd83ed11d8957a0cbd0492b141f-1227563468.82288-1252581216"
$19 = (char **) 0x7fff084cf5f0                                                                        
$20 = 0x7fff084d1519 "HISTSIZE=1000"                                                                  
$21 = (char **) 0x7fff084cf5f8                                                                        
$22 = 0x7fff084d1527 "GTK2_RC_FILES=/etc/gtk-2.0/gtkrc:/home/josef/.gtkrc-2.0::/home/josef/.kde/share/config/gtkrc-2.0"
$23 = (char **) 0x7fff084cf600                                                                                         
$24 = 0x7fff084d1588 "KONSOLE_DBUS_SERVICE=:1.63"                                                                      
$25 = (char **) 0x7fff084cf608                                                                                         
$26 = 0x7fff084d15a3 "GS_LIB=/home/josef/.fonts"                                                                       
$27 = (char **) 0x7fff084cf610                                                                                         
$28 = 0x7fff084d15bd "GTK_RC_FILES=/etc/gtk/gtkrc:/home/josef/.gtkrc::/home/josef/.kde/share/config/gtkrc"             
$29 = (char **) 0x7fff084cf618                                                                                         
$30 = 0x7fff084d1611 "WINDOWID=41943041"                                                                               
$31 = (char **) 0x7fff084cf620                                                                                         
$32 = 0x7fff084d1623 "QTDIR=/usr/lib64/qt-3.3"                                                                         
$33 = (char **) 0x7fff084cf628                                                                                         
$34 = 0x7fff084d163b "QTINC=/usr/lib64/qt-3.3/include"                                                                 
$35 = (char **) 0x7fff084cf630                                                                                         
$36 = 0x7fff084d165b "KDE_FULL_SESSION=true"                                                                           
$37 = (char **) 0x7fff084cf638                                                                                         
$38 = 0x7fff084d1671 "USER=josef"                                                                                      
$39 = (char **) 0x7fff084cf640                                                                                         
$40 = 0x7fff084d167c "LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:do=00;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;4---Type <return> to continue, or q <return> to quit---
3:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=00;32:*.tar=00;31:*.tgz=0"...
$41 = (char **) 0x7fff084cf648                                        
$42 = 0x7fff084d1abd "GNOME_KEYRING_SOCKET=/tmp/keyring-e9Ceta/socket"
$43 = (char **) 0x7fff084cf650                                        
$44 = 0x7fff084d1aed "SSH_AUTH_SOCK=/tmp/ssh-QAiNuR2453/agent.2453"   
$45 = (char **) 0x7fff084cf658                                        
$46 = 0x7fff084d1b1a "USERNAME=josef"                                 
$47 = (char **) 0x7fff084cf660                                        
$48 = 0x7fff084d1b29 "SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2889,unix/unix:/tmp/.ICE-unix/2889"
$49 = (char **) 0x7fff084cf668                                                                      
$50 = 0x7fff084d1b77 "COLUMNS=156"                                                                  
$51 = (char **) 0x7fff084cf670                                                                      
$52 = 0x7fff084d1b83 "PATH=/usr/lib64/qt-3.3/bin:/usr/kerberos/bin:/usr/lib64/ccache:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/josef/bin"                                                                                                                                                      
$53 = (char **) 0x7fff084cf678                                                                                                                              
$54 = 0x7fff084d1c0f "DESKTOP_SESSION=kde"                                                                                                                  
$55 = (char **) 0x7fff084cf680                                                                                                                              
$56 = 0x7fff084d1c23 "MAIL=/var/spool/mail/josef"                                                                                                           
$57 = (char **) 0x7fff084cf688                                                                                                                              
$58 = 0x7fff084d1c3e "_=/usr/bin/gdb"                                                                                                                       
$59 = (char **) 0x7fff084cf690                                                                                                                              
$60 = 0x7fff084d1c4d "DRY_RUN=1"                                                                                                                            
$61 = (char **) 0x7fff084cf698                                                                                                                              
$62 = 0x7fff084d1c57 "PWD=/home/josef"                                                                                                                      
$63 = (char **) 0x7fff084cf6a0                                                                                                                              
$64 = 0x7fff084d1c67 "INPUTRC=/etc/inputrc"                                                                                                                 
$65 = (char **) 0x7fff084cf6a8                                                                                                                              
$66 = 0x7fff084d1c7c "XMODIFIERS=@im=none"                                                                                                                  
$67 = (char **) 0x7fff084cf6b0                                                                                                                              
$68 = 0x7fff084d1c90 "KDE_SESSION_UID=500"                                                                                                                  
$69 = (char **) 0x7fff084cf6b8                                                                                                                              
$70 = 0x7fff084d1ca4 "GNOME_KEYRING_PID=2451"                                                                                                               
$71 = (char **) 0x7fff084cf6c0                                                                                                                              
$72 = 0x7fff084d1cbb "LANG=en_US.UTF-8"                                                                                                                     
$73 = (char **) 0x7fff084cf6c8                                                                                                                              
$74 = 0x7fff084d1ccc "KDE_IS_PRELINKED=1"                                                                                                                   
$75 = (char **) 0x7fff084cf6d0                                                                                                                              
$76 = 0x7fff084d1cdf "GDM_LANG=en_US.UTF-8"                                                                                                                 
---Type <return> to continue, or q <return> to quit---                                                                                                      
$77 = (char **) 0x7fff084cf6d8                                                                                                                              
$78 = 0x7fff084d1cf4 "KDEDIRS=/usr"                                                                                                                         
$79 = (char **) 0x7fff084cf6e0                                                                                                                              
$80 = 0x7fff084d1d01 "LINES=39"                                                                                                                             
$81 = (char **) 0x7fff084cf6e8                                                                                                                              
$82 = 0x7fff084d1d0a "KONSOLE_DBUS_SESSION=/Sessions/8"                                                                                                     
$83 = (char **) 0x7fff084cf6f0                                                                                                                              
$84 = 0x7fff084d1d2b "GDMSESSION=kde"                                                                                                                       
$85 = (char **) 0x7fff084cf6f8                                                                                                                              
$86 = 0x7fff084d1d3a "SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass"                                                                                   
$87 = (char **) 0x7fff084cf700                                                                                                                              
$88 = 0x7fff084d1d6d "HOME=/home/josef"                                                                                                                     
$89 = (char **) 0x7fff084cf708                                                                                                                              
$90 = 0x7fff084d1d7e "SHLVL=3"                                                                                                                              
$91 = (char **) 0x7fff084cf710                                                                                                                              
$92 = 0x7fff084d1d86 "COLORFGBG=15;0"                                                                                                                       
$93 = (char **) 0x7fff084cf718                                                                                                                              
$94 = 0x7fff084d1d95 "KDE_SESSION_VERSION=4"                                                                                                                
$95 = (char **) 0x7fff084cf720                                                                                                                              
$96 = 0x7fff084d1dab "LANGUAGE=en_US"                                                                                                                       
$97 = (char **) 0x7fff084cf728                                                                                                                              
$98 = 0x7fff084d1dba "XCURSOR_THEME=default"                                                                                                                
$99 = (char **) 0x7fff084cf730                                                                                                                              
$100 = 0x7fff084d1dd0 "LOGNAME=josef"                                                                                                                       
$101 = (char **) 0x7fff084cf738                                                                                                                             
$102 = 0x7fff084d1dde "CVS_RSH=ssh"                                                                                                                         
$103 = (char **) 0x7fff084cf740                                                                                                                             
$104 = 0x7fff084d1dea "QTLIB=/usr/lib64/qt-3.3/lib"                                                                                                         
$105 = (char **) 0x7fff084cf748                                                                                                                             
$106 = 0x7fff084d1e06 "XDG_DATA_DIRS=/usr/share/kde-settings/kde-profile/default/share:/usr/local/share:/usr/share"                                         
$107 = (char **) 0x7fff084cf750                                                                                                                             
$108 = 0x7fff084d1e62 "DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-YRb8IIUDka,guid=0571bdc2f6f0e27d31c23049492b21cc"
$109 = (char **) 0x7fff084cf758
$110 = 0x7fff084d1ec4 "LESSOPEN=|/usr/bin/lesspipe.sh %s"
$111 = (char **) 0x7fff084cf760
$112 = 0x7fff084d1ee6 "DISPLAY=:0.0"
$113 = (char **) 0x7fff084cf768
$114 = 0x7fff084d1ef3 "PROFILEHOME="
---Type <return> to continue, or q <return> to quit---
$115 = (char **) 0x7fff084cf770
$116 = 0x7fff084d1f00 "QT_PLUGIN_PATH=/usr/lib64/kde4/plugins:/home/josef/.kde/lib64/kde4/plugins/:/usr/lib64/kde4/plugins/"
$117 = (char **) 0x7fff084cf778
$118 = 0x7fff084d1f65 "GTK_IM_MODULE=gtk-im-context-simple"
$119 = (char **) 0x7fff084cf780
$120 = 0x7fff084d1f89 "DISABLE_IMSETTINGS=1"
$121 = (char **) 0x7fff084cf788
$122 = 0x7fff084d1f9e "G_BROKEN_FILENAMES=1"
$123 = (char **) 0x7fff084cf790
$124 = 0x7fff084d1fb3 "XAUTHORITY=/var/run/gdm/auth-for-josef-Ojq5CR/database"
$125 = (char **) 0x7fff084cf798
$126 = 0x0
(gdb) bt
#0  0x00000038c6c5a3b6 in pa_init_proplist (p=0xfde510) at pulsecore/proplist-util.c:47
#1  0x00000038c6c0cb69 in setup_complete_callback (pd=0xfe65a0, command=2, tag=1, t=0xfe62a0, userdata=0xfde420) at pulse/context.c:464
#2  0x00000038c6c48b81 in run_action (pd=0xfe65a0, r=0xfe1ca0, command=2, ts=0xfe62a0) at pulsecore/pdispatch.c:183
#3  0x00000038c6c48eb3 in pa_pdispatch_run (pd=0xfe65a0, packet=0xfe6270, creds=0xfe64c0, userdata=0xfde420) at pulsecore/pdispatch.c:234
#4  0x00000038c6c0c1aa in pstream_packet_callback (p=0xfe6370, packet=0xfe6270, creds=0xfe64c0, userdata=0xfde420) at pulse/context.c:323
#5  0x00000038c6c4c715 in do_read (p=0xfe6370) at pulsecore/pstream.c:816
#6  0x00000038c6c49d48 in do_something (p=0xfe6370) at pulsecore/pstream.c:184
#7  0x00000038c6c49f57 in io_callback (io=0xfe6220, userdata=0xfe6370) at pulsecore/pstream.c:213
#8  0x00000038c6c3b706 in callback (m=0xfde118, e=0xfe6140, fd=19, f=PA_IO_EVENT_INPUT, userdata=0xfe6220) at pulsecore/iochannel.c:119
#9  0x00000038c6c1a1e7 in dispatch_pollfds (m=0xfde0c0) at pulse/mainloop.c:683
#10 0x00000038c6c1aea2 in pa_mainloop_dispatch (m=0xfde0c0) at pulse/mainloop.c:896
#11 0x00000038c6c1b027 in pa_mainloop_iterate (m=0xfde0c0, block=1, retval=0x0) at pulse/mainloop.c:926
#12 0x00000038c6c1b08a in pa_mainloop_run (m=0xfde0c0, retval=0x0) at pulse/mainloop.c:941
#13 0x00000038c6c2a0a2 in thread (userdata=0xfddea0) at pulse/thread-mainloop.c:90
#14 0x00000038c6c5b201 in internal_thread_func (userdata=0xfde240) at pulsecore/thread-posix.c:72
#15 0x0000003916a073da in start_thread () from /lib64/libpthread.so.0
#16 0x0000003915ee627d in clone () from /lib64/libc.so.6

Comment 1 Rex Dieter 2008-11-26 18:16:53 UTC

See also:
xine-lib-pulseaudio: bug #470686
xine: https://bugzilla.rpmfusion.org/show_bug.cgi?id=125

Comment 2 Lennart Poettering 2008-12-08 22:49:02 UTC

Is this possibly related to using/having installed those closed source Real codecs? 

They do weird shit with environ**:

src/libreal/real_common.h:  char **__environ __attribute__((weak, alias("environ")));

While libpulse certainly shouldn't crash when environ is NULL I think this should be fixed in Xine too, it shouldn't invalidate **environ like that.

Comment 3 Lennart Poettering 2008-12-08 22:53:10 UTC

*** Bug 470686 has been marked as a duplicate of this bug. ***

Comment 4 Josef Bacik 2008-12-09 13:47:12 UTC

I have the rpmfusion codecs installed if thats what you are asking.

Comment 5 Lennart Poettering 2008-12-09 14:54:28 UTC

Dunno what "rpmfusion codecs" is. Do they include the RealNetwork CODECs or not?

Comment 6 Rex Dieter 2008-12-09 14:58:46 UTC

rpmfusion does not distribute those, afaik.

Comment 7 udo 2008-12-09 15:12:09 UTC

I have the same issue. What info can I provide about codecs? How?
I do use rpmfusion.

Who will take action to resolve this issue?
Over here root does also see the symptom.

Comment 8 Lennart Poettering 2008-12-16 13:26:44 UTC

This has now been fixed upstream. I will upload a new version of PA including this patch to F10 and Rawhide shortly.