544486 – media-sound/pavucontrol-2.0-r1: crash in mainwindow.cc:496::read_callback()

Bug 544486 - media-sound/pavucontrol-2.0-r1: crash in mainwindow.cc:496::read_callback()

Summary: media-sound/pavucontrol-2.0-r1: crash in mainwindow.cc:496::read_callback()

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Sound Team

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2015-03-25 17:05 UTC by Mihai Donțu
Modified:	2015-09-24 18:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
fix a NULL dereference in read_callback() (pavucontrol-2.0-r2.ebuild,1.10 KB, text/plain) 2015-03-25 17:06 UTC, Mihai Donțu	Details
fix a NULL dereference in read_callback() (the real one) (pavucontrol-2.0-yet-another-startup-crash.patch,828 bytes, patch) 2015-03-25 17:07 UTC, Mihai Donțu	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mihai Donțu 2015-03-25 17:05:32 UTC

On my installation with pulseaudio 6.0, pavucontrol crashes on startup. Here's a short gdb session

 $ gdb pavucontrol                  
GNU gdb (Gentoo 7.9 vanilla) 7.9
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.gentoo.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from pavucontrol...Reading symbols from /usr/lib64/debug//usr/bin/pavucontrol.debug...done.
done.
(gdb) run
Starting program: /usr/bin/pavucontrol 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
[New Thread 0x7ffff5bc0700 (LWP 30438)]
[New Thread 0x7ffff711a700 (LWP 30437)]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000425500 in read_callback (s=0xa5b000, length=4, userdata=0x8c2040) at mainwindow.cc:496
496     mainwindow.cc: No such file or directory.
(gdb) f 0
#0  0x0000000000425500 in read_callback (s=0xa5b000, length=4, userdata=0x8c2040) at mainwindow.cc:496
496     in mainwindow.cc
(gdb) p data
$1 = (const void *) 0x0
(gdb) p length
$2 = 4

It would appear that 'pa_stream_peek()' can return success and NULL in data, as per the documentation:
http://freedesktop.org/software/pulseaudio/doxygen/stream_8h.html#ac2838c449cde56e169224d7fe3d00824

The code in mainwindow.cc::read_callback() does not handle this situation. Attached is a patch which takes care of this too.


Reproducible: Always

Steps to Reproduce:
1. install pulseaudio 6.0
2. install pavucontrol 2.0-r1
3. start pavucontrol
Actual Results:  
Segmentation fault

Expected Results:  
The program should start OK

Comment 1 Mihai Donțu 2015-03-25 17:06:12 UTC

Created attachment 399754 [details]
fix a NULL dereference in read_callback()

Comment 2 Mihai Donțu 2015-03-25 17:07:51 UTC

Created attachment 399756 [details, diff]
fix a NULL dereference in read_callback() (the real one)

The first file attached is bogus. This is the correct one.

Comment 3 Pacho Ramos gentoo-dev

2015-09-24 18:38:33 UTC

fixed in 3.0