[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 64bit fix



Jason White, le Tue 26 Oct 2010 12:08:29 +1100, a écrit :
> Samuel Thibault <sthibault@debian.org> wrote:
> > I have found the bug that was making svox crash on amd64.  It probably
> > went unnoticed on i386 by alignement chance.
> 
> I'm assuming this is the bug that caused it to crash while deallocating
> memory.

Yes, this is it. The problem was another buffer overflowing into it.

> I think a number of people would be interested in a patch for that.

It's in the svox debian repo, and attached to this mail.

> I spent about an hour with gdb trying to track it down, but with no luck - it
> definitely required an expert with Samuel's skill to find the cause.

Mmm, actually I made a page precisely on this bug, because 'watch' makes
it actually relatively easy to find, and the story is actually very
representative of my usual debugging scenarii, which I'd like my
students to get used to:

http://dept-info.labri.fr/~thibault/bug

Samuel
--- svox/pico/lib/picoapi.c.original	2010-10-25 19:06:57.000000000 +0200
+++ svox/pico/lib/picoapi.c	2010-10-25 19:07:18.000000000 +0200
@@ -90,7 +90,7 @@
         status = PICO_ERR_NULLPTR_ACCESS;
     } else {
         byte_ptr_t rest_mem;
-        picoos_uint32 rest_mem_size;
+        picoos_objsize_t rest_mem_size;
         pico_System sys;
         picoos_MemoryManager sysMM;
         picoos_ExceptionManager sysEM;
--- svox/pico/lib/picosig2.c.original	2010-10-26 00:17:18.000000000 +0200
+++ svox/pico/lib/picosig2.c	2010-10-26 00:17:19.000000000 +0200
@@ -568,7 +568,7 @@
     for (nI = 1; nI < m1; nI++) {
         XXr[nI] = c1[nI] << shift;
     }
-    i = sizeof(picoos_int32) * (PICODSP_FFTSIZE + 1 - m1);
+    i = sizeof(picoos_int32) * (PICODSP_FFTSIZE - m1);
     picoos_mem_set(XXr + m1, 0, i);
     dfct_nmf(m4, XXr); /* DFCT directly in fixed point */
 

Reply to: