[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#887640: SIGSEGVs in libcdio: double free or corruption



Hi - 

Both of these issues were addressed in libcdio 2.0.0 and that is the way I would recommend fixing. The reason we went from 1.1 to 2.x was because it was pointed out that it would better follow the guidelines of semantic version since one of the API was changed in an incompatible way. So 1.x should be deprecated. Also the library numbers have been bumped as a result. 

As I look at  Debian packages for libcdio, I think it is early enough in the packaging of the 1.x that changing to 2.0 rather than 1.x wouldn't be a big deal. Right? 

I am sorry for the hassle.


On Thu, Jan 18, 2018 at 10:07 AM, Thomas Schwinge <thomas@codesourcery.com> wrote:
Package: libcdio
Version: 1.0.0-2


Hi!

I'm attaching two patches to resolve the following two problems.


With, for example, the eponymous audio CD by Regarde les hommes tomber:

    $ gdb -q --args cd-info /dev/sr1
    [...]
    CD-TEXT for Track  7:
            TITLE: The Fall
    double free or corruption (!prev)

    Program received signal SIGABRT, Aborted.
    __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    51      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
    (gdb) bt
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff72d6cf7 in __GI_abort () at abort.c:90
    #2  0x00007ffff7317f87 in __libc_message (action="" fmt=fmt@entry=0x7ffff741dbd8 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
    #3  0x00007ffff731e27a in malloc_printerr (str=str@entry=0x7ffff741f848 "double free or corruption (!prev)") at malloc.c:5354
    #4  0x00007ffff731ffdc in _int_free (av=0x7ffff7651c20 <main_arena>, p=0x5555557614e0, have_lock=<optimized out>) at malloc.c:4281
    #5  0x00007ffff79a96b3 in cdio_generic_free (p_user_data=0x55555575f6d0) at _cdio_generic.c:111
    #6  0x00007ffff79acc6d in cdio_destroy (p_cdio=0x5555557611b0) at device.c:365
    #7  0x0000555555558c5d in myexit (cdio=<optimized out>, rc=0) at util.c:45
    #8  0x00005555555571d2 in main (argc=<optimized out>, argv=<optimized out>) at cd-info.c:1316

Reproducible with upstream release-1.0.0.  No longer reproducible with
release-1.1.0.  Bisected to be fixed by commit
2800f003aaee077f4009f525caf6c8b14a38ec47.  That one confirmed to fix the
problem with Debian's 1.0.0-2 package, too.  Patch attached for your
convenience.


With, for example, the audio CD "The Age of Cataclysm" by Cryptic
Wintermoon:

    $ gdb -q --args cd-info /dev/sr1
    [...]
    CD Analysis Report
    double free or corruption (top)

    Program received signal SIGABRT, Aborted.
    __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    51      ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht gefunden.
    (gdb) bt
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff72d6cf7 in __GI_abort () at abort.c:90
    #2  0x00007ffff7317f87 in __libc_message (action="" fmt=fmt@entry=0x7ffff741dbd8 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
    #3  0x00007ffff731e27a in malloc_printerr (str=str@entry=0x7ffff741f808 "double free or corruption (top)") at malloc.c:5354
    #4  0x00007ffff731ffac in _int_free (av=0x7ffff7651c20 <main_arena>, p=0x555555761350, have_lock=<optimized out>) at malloc.c:4273
    #5  0x00007ffff79aa937 in get_cdtext_generic (p_user_data=0x55555575f6d0) at _cdio_generic.c:300
    #6  0x000055555555861f in print_cdtext_info (i_first_track=1 '\001', i_tracks=<optimized out>, p_cdio=0x5555557611b0) at cd-info.c:437
    #7  print_analysis (ms_offset=0, cdio_iso_analysis=..., fs=1, first_data=-1, num_audio=13, i_tracks=13 '\r', i_first_track=1 '\001', p_cdio=0x5555557611b0, track_format=<optimized out>) at cd-info.c:668
    #8  0x0000555555557776 in main (argc=<optimized out>, argv=<optimized out>) at cd-info.c:1251

Reproducible with upstream release-1.0.0, and release-1.1.0.  No longer
reproducible with release-2.0.0.  Bisected to be fixed by commit
f6f9c48fb40b8a1e8218799724b0b61a7161eb1d.  That one confirmed to fix the
problem with Debian's 1.0.0-2 package, too.  Patch attached for your
convenience.


Grüße
 Thomas




Reply to: