Bug#584605: audacity: Backtrace, as requested...

Adrian Knoth adi at drcomp.erfurt.thur.de
Sun Jun 13 10:46:04 UTC 2010 

On Sat, Jun 12, 2010 at 10:34:22PM -0400, Dave Witbrodt wrote:

> Looking at the values of "j" (826) and "cnt" (4294967274) at the time
> of the crash, they look out of the ballpark to me.  This is the loop
> being iterated (in lib-src/portmixer/src/px_linux_alsa.c) which hits
> those values:

> 
>          else if (snd_mixer_selem_is_enum_capture(elem)) {
>             unsigned int cnt = snd_mixer_selem_get_enum_items(elem);
>             unsigned int j;
> 
>             for (j = 0; j < cnt; j++) {
>                char iname[256];
>                snd_mixer_selem_get_enum_item_name(elem, j, sizeof(iname), iname);
(..)
>                   break;
>                }
>                i++;
>             }
> 
> The huge value for "cnt" suggests that
> snd_mixer_selem_get_enum_items() is returning a negative number here,
> but upstream has coded this function to store the return value in an
> unsigned int (and not bother to check it!).

Exactly.

> Looking for some documentation, I found:
> 
>     http://www.alsa-project.org/alsa-doc/alsa-lib/group___simple_mixer.html#g23600e756612dca7ea8329994590fa19
> 
> 	int  snd_mixer_selem_get_enum_items  (snd_mixer_elem_t  *elem)	

> 	Returns:
> 	    the number of enumerated items, otherwise a negative error code 
> 
> Oops!  This thing can return negative numbers, but upstream thought it
> wouldn't happen.

Thank you so much. Best bug report I've ever seen. Really. ;)

> If I can provide more information, test any patches, or be of help in some
> other way just let me know.

Find attached a quick fix. Untested, but it basically does what you've
suggested: don't run the loop when cnt is negative.

Does it fix the problem?


TIA

-- 
mail: adi at thur.de  	http://adi.thur.de	PGP/GPG: key via keyserver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: audacity-crash.patch
Type: text/x-diff
Size: 920 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20100613/04711574/attachment.patch>

More information about the pkg-multimedia-maintainers mailing list