Bug#805109: libavresample2: Segfaults when trying to play certain song
Andreas Cadhalpun
andreas.cadhalpun at gmail.com
Sun Nov 15 13:12:49 UTC 2015
Control: reassign -1 cmus 2.5.0-7
Control: tags -1 - moreinfo + patch
Hi Helge,
On 15.11.2015 10:40, Helge Kreutzmann wrote:
> On Sat, Nov 14, 2015 at 10:20:29PM +0100, Andreas Cadhalpun wrote:
>> On 14.11.2015 21:08, Helge Kreutzmann wrote:
>>> I use cmus a lot and it has never crashed. However, now I can
>>> reproducibly crash cmus with a SegFault.
>>
>> Can you share the file reproducing this crash?
>
> Just did so off bug.
Thanks. With that file I could reproduce the crash.
>>> I rebuild cmus and libavresample2 with "nostrip" and ran cmus in gdb.
>>> When issuing "bt full" I get the following:
>>> (gdb) bt full
>>> #0 0x000003be29620e2b in ff_audio_data_free (a=0xc1) at
>>> /scr/build/debian/NEU-LIBA/libav-11.4/libavresample/audio_data.c:218
>>> No locals.
>>> #1 0x000003be29629db2 in avresample_close (avr=0x21) at
>>
>> This avr pointer is clearly invalid. It looks like there has been
>> a NULL pointer dereference before.
>>
>> Thus this looks like a bug in cmus, passing a reference to an invalid
>> pointer to avresample_free.
Indeed this is a bug in cmus: It doesn't initialize priv->avr.
The following patch fixes this:
---8<---
--- cmus-2.5.0.orig/ffmpeg.c
+++ cmus-2.5.0/ffmpeg.c
@@ -258,6 +258,7 @@ static int ffmpeg_open(struct input_plug
priv->input_context = ic;
priv->codec = codec;
priv->frame = av_frame_alloc();
+ priv->avr = NULL;
priv->stream_index = stream_index;
priv->input = ffmpeg_input_create();
if (priv->input == NULL) {
--->8---
With that patch applied, the crash doesn't happen anymore. However, cmus still
can't play the file, because avresample_open fails.
It seems to me that this code was never really tested and just doesn't work.
The best way forward is probably to import the current upstream version of cmus,
which uses libswresample instead of libavresample.
I don't know what to do about jessie, though.
> Please reassign if necessary.
Doing so with this mail.
Best regards,
Andreas
More information about the pkg-multimedia-maintainers
mailing list