Bug 91618 - Soundtracker 0.6.7 crashes on start (frees invalid pointer)
Bug#: 91618 Product:  Gentoo Linux Version: unspecified Platform: x86
OS/Version: Linux Status: RESOLVED Severity: major Priority: P2
Resolution: FIXED Assigned To: sound@gentoo.org Reported By: lionsphil@dsl.pipex.com
Component: Applications
URL: 
Summary: Soundtracker 0.6.7 crashes on start (frees invalid pointer)
Keywords:  InCVS
Status Whiteboard: 
Opened: 2005-05-05 14:42 0000
Description:   Opened: 2005-05-05 14:42 0000 
Soundtracker crashes when started. The "Tip of the Day" and another window I
have been unable to catch in time flash up briefly first. The error message is
below.

Reproducible: Always
Steps to Reproduce:
1) Emerge the current version of soundtracker (see 'Additional Information' for
USE flags).
2) Run "soundtracker" from a terminal.

The command line arguments do not seem to matter: I have the same result with
none, a MOD file, "--help", and "--version".
Actual Results:  
The following error message is output to the terminal:

*** glibc detected *** free(): invalid pointer: 0xbffff2d0 ***
Aborted

Expected Results:  
No crash. ;)

Exact version and USE flags for soundtracker:
media-sound/soundtracker-0.6.7  +alsa -debug -esd -gnome +jack +nls -oss

And the following versions of/flags for alsa-lib, JACK, GTK+:
media-libs/alsa-lib-1.0.8  -doc +jack
media-plugins/alsa-jack-1.0.8
x11-libs/gtk+-1.2.10-r11 -debug +nls


Portage 2.0.51.19 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.4.
20041102-r1, 2.6.11-gentoo-r4 i686)
=================================================================
System uname: 2.6.11-gentoo-r4 i686 Mobile Intel(R) Celeron(R) CPU 1.80GHz
Gentoo Base System version 1.4.16
Python:              dev-lang/python-2.3.5 [2.3.5 (#1, Apr 30 2005, 16:52:34)]
dev-lang/python:     2.3.5
sys-apps/sandbox:    [Not Present]
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.7.9-r1, 1.8.5-r3, 1.5, 1.4_p6, 1.6.3, 1.9.4
sys-devel/binutils:  2.15.92.0.2-r7
sys-devel/libtool:   1.5.16
virtual/os-headers:  2.6.8.1-r2, 2.4.19-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CFLAGS="-O3 -march=i686 -funroll-loops -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/
X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/
dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/
config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O3 -march=i686 -funroll-loops -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoaddcvs autoconfig ccache distlocks fixpackages sandbox sfperms 
strict userpriv usersandbox"
GENTOO_MIRRORS="ftp://ftp.heanet.ie/pub/gentoo/ http://mirrors.sec.informatik.
tu-darmstadt.de/gentoo/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.uk.gentoo.org/gentoo-portage"
USE="x86 X aalib alsa apm avi bash-completion berkdb bitmap-fonts crypt cups 
curl dga divx4linux emboss fbcon flac foomaticdb fortran gdbm gif gpm gtk gtk2 
guile ipv6 jack jack-tmpfs java jikes jpeg libcaca libg++ libwww mad mikmod mmx 
mng motif mozsvg mp3 mpeg ncurses nls ogg oggvorbis opengl pam pcmcia pdflib 
perl png pnp postgres python qt quicktime readline ruby sdl slang spell sse ssl 
svg tcltk tcpd tetex tiff truetype truetype-fonts type1-fonts unicode usb
vorbis 
wmf wxwindows xml xml2 xmms xv xvid zlib userland_GNU kernel_linux libc_glibc"
Unset:  ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, 
PORTDIR_OVERLAY

------- Comment #1 From Robert Carboneau 2005-08-14 22:06:04 0000 ------- 
I'm having this problem too. You can workaround it by removing the 'alsa' USE
flag. Not ideal, I know, but at least the program will start.

Here's a backtrace:

#0  0xb788e841 in kill () at string2.h:1000
#1  0xb79f1ed1 in pthread_kill (thread=14953, signo=0) at signals.c:69
#2  0xb79f2268 in __pthread_raise (sig=-1214283788) at signals.c:200
#3  0xb788e5a4 in *__GI_raise (sig=6) at raise.c:34
#4  0xb788fbcd in *__GI_abort () at abort.c:88
#5  0xb78c0cb5 in __libc_message (do_abort=2,
    fmt=0xb796f060 "*** glibc detected *** %s: 0x%s ***\n")
    at libc_fatal.c:145
#6  0xb78ca8f6 in malloc_printerr (action=2, str=0x0, ptr=0x0)
    at malloc.c:5523
#7  0xb78c95df in _int_free (av=0xb797b9e0, mem=0xbf8a2540) at malloc.c:4233
#8  0xb78c826f in *__GI___libc_free (mem=0xbf8a2540) at malloc.c:3404
#9  0xb7b5eb06 in snd_seq_port_subscribe_free (obj=0xbf8a2540) at seq.c:2312
#10 0x08092a6d in midi_init () at midi-09x.c:310
#11 0x0806f461 in main (argc=1, argv=0xbf8a2624) at main.c:235

------- Comment #2 From Mark Aikens 2005-09-04 08:12:52 0000 ------- 
Created an attachment (id=67640) [details]
Removes an unnecessary & harmful call to snd_seq_port_subscribe_free

Here's a patch that fixes the crash on startup. It's really trivial so
hopefully a new ebuild won't take too long.

------- Comment #3 From Thomas Cort (RETIRED) 2006-01-12 12:29:15 0000 ------- 
Created an attachment (id=76936) [details]
soundtracker-0.6.7-r1.ebuild

I verified that the patch is correct. It removes a line in midi_init() in
app/midi-09x.c that free()'s a variable called "port_sub". Removing the line
doesn't cause a memory leak as the variable is allocated on the stack by the
line snd_seq_port_subscribe_alloca(&port_sub). free()'ing that memory caused
the crash. The crash doesn't happen all of the time because the line that
causes the error is in a block of code that only gets executed if
snd_seq_subscribe_port( midi_handle, port_sub) returns an error.

This ebuild applies the patch in attachement #67640. Download the patch to
soundtracker-0.6.7-invalid-free-fix.patch and put it in the files directory.

------- Comment #4 From Thomas Cort (RETIRED) 2006-04-02 11:01:11 0000 ------- 
New revision that applies the patch committed to CVS. Thanks for the patch
Mark.