Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 300525 - [patch] media-libs/libmikmod crashes media-libs/sdl-mixer
Summary: [patch] media-libs/libmikmod crashes media-libs/sdl-mixer
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Sound Team
URL:
Whiteboard:
Keywords:
: 300854 (view as bug list)
Depends on:
Blocks: 297119
  Show dependency tree
 
Reported: 2010-01-11 02:07 UTC by A.C.Heron
Modified: 2012-02-07 03:50 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Testcase — an XM file packed with p7zip (sdl-mixer-crasher.7z,283.05 KB, application/octet-stream)
2010-01-11 02:14 UTC, A.C.Heron
Details
libmikmod.patch (libmikmod.patch,958 bytes, patch)
2010-01-15 18:00 UTC, Peter Volkov (RETIRED)
Details | Diff
media-libs/libmikmod-3.1.11-r6 ebuild (libmikmod-3.1.11-r6.ebuild,1.48 KB, text/plain)
2010-01-26 05:28 UTC, A.C.Heron
Details
media-libs/libmikmod-3.2.0_beta2-r2 ebuild (libmikmod-3.2.0_beta2-r2.ebuild,1.37 KB, text/plain)
2010-01-26 05:29 UTC, A.C.Heron
Details
Patch from SDL_mixer distribution to fix exit crash (libmikmod-3.1.12-exitcrash-fix.diff,874 bytes, text/plain)
2010-01-26 05:31 UTC, A.C.Heron
Details
Patch from SDL_mixer distribution to fix looping volume (libmikmod-3.1.12-loopingvolume-fix.diff,536 bytes, text/plain)
2010-01-26 05:32 UTC, A.C.Heron
Details
media-libs/libmikmod-3.2.0_beta2-r2 ebuild (libmikmod-3.2.0_beta2-r2.ebuild,1.37 KB, text/plain)
2010-01-26 05:36 UTC, A.C.Heron
Details
emerge --info (emerge --info.txt,6.82 KB, text/plain)
2010-01-30 11:11 UTC, A.C.Heron
Details
libmikmod-3.2.0_beta2-oss-err.patch (libmikmod-3.2.0_beta2-oss-err.patch,538 bytes, text/plain)
2012-02-04 21:30 UTC, Sergei Trofimovich (RETIRED)
Details

Note You need to log in before you can comment on or make changes to this bug.
Description A.C.Heron 2010-01-11 02:07:14 UTC
Certain XM and S3M files cause a segmentation fault in media-libs/sdl-mixer-1.2.11, but are played fine by media-libs/sdl-mixer-1.2.8. To reproduce, compile media-libs/sdl-mixer-1.2.11 with USE="flac mad midi mp3 timidity vorbis wav mikmod", e.g by

ebuild /usr/portage/media-libs/sdl-mixer/sdl-mixer-1.2.11.ebuild compile

Then play the attached file ofd.xm with 

/var/tmp/portage/media-libs/sdl-mixer-1.2.11/work/SDL_mixer-1.2.11/build/playmus 

You'll get a segmentation fault.

http://bugs.archlinux.org/task/17208 states that media-libs/libmikmod is responsible. I got segmentation faults witn media-libs/libmikmod versions 3.1.11-r5, 3.2.0_beta2 and 3.2.0_beta2-r1, but they succeeded with version 3.1.12, which comes in the SDL_mixer-1.2.11.tar.gz archive.
Comment 1 A.C.Heron 2010-01-11 02:14:45 UTC
Created attachment 216047 [details]
Testcase — an XM file packed with p7zip

To get segmentation fault try playing the file with playmus. Or use an example SDL_mixer program from here: http://bugs.archlinux.org/task/17208?getfile=4425
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2010-01-15 18:00:21 UTC
Created attachment 216623 [details, diff]
libmikmod.patch

I haven't tried to build with this patch, but it looks like besides security fixes and macos related fixes this are the only hunks that differ between 3.1.12 and 3.1.12.patched. Could you try to apply it for 3.2.0_beta2-r1 and check if this fixes the crash, please?
Comment 3 A.C.Heron 2010-01-15 19:43:01 UTC
Tested 3.2.0_beta2-r1. Test files played fine with the patch, nothing crashed. 

However, will it work on systems with only ALSA and without OSS?
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2010-01-15 20:39:42 UTC
*** Bug 300854 has been marked as a duplicate of this bug. ***
Comment 5 Rafał Mużyło 2010-01-15 23:36:01 UTC
@comment 2: the patches inside zip archive in sdl-mixer
tarball do have minimal documentation.
You've actually merged two of them
- one was a crasher, other was named "volume fix while looping".

On unrelated note: while it may be works vs works,
I still consider that patch, that carries esd.m4 macro
to DISABLE esd an odd solution.
Comment 6 A.C.Heron 2010-01-26 05:28:31 UTC
Created attachment 217441 [details]
media-libs/libmikmod-3.1.11-r6 ebuild

With patches from 3.1.12 to fix looping volume and exit crash.
Comment 7 A.C.Heron 2010-01-26 05:29:18 UTC
Created attachment 217443 [details]
media-libs/libmikmod-3.2.0_beta2-r2 ebuild

With patches from 3.1.12 to fix looping volume and exit crash.
Comment 8 A.C.Heron 2010-01-26 05:31:09 UTC
Created attachment 217444 [details]
Patch from SDL_mixer distribution to fix exit crash

This is the patch, that fixes crashes on XM files.
Comment 9 A.C.Heron 2010-01-26 05:32:20 UTC
Created attachment 217445 [details]
Patch from SDL_mixer distribution to fix looping volume

Another patch from the same source. Just in case.
Comment 10 A.C.Heron 2010-01-26 05:36:23 UTC
Created attachment 217447 [details]
media-libs/libmikmod-3.2.0_beta2-r2 ebuild

Forgot to mark architectures as unstable.
Comment 11 A.C.Heron 2010-01-26 05:42:01 UTC
Both ebuilds are similar to 3.1.11-r5 and 3.2.0-beta2-r1 but incorporate 2
patches from SDL_mixer distribution. Both worked fine on the test XM file.

Now my question is: are you going to add those patches and ebuilds to the
portage tree anytime soon? Because if you don't I'll try to send those to
Sunrise.
Comment 12 Peter Volkov (RETIRED) gentoo-dev 2010-01-27 12:02:51 UTC
A.C.Heron, Could you attach emerge --info, please? All my attempts to reproduce issue fail so far. Music is played and no segfault occurs. And what puzzles me, patch description (you attached here) states, that it fixes 'it fixes a segfault on exiting a program which disabled MOD music during its execution'. How could you disable mod execution in playmus? That said, I just want to know what we fix here...

(In reply to comment #5)
> On unrelated note: while it may be works vs works,
> I still consider that patch, that carries esd.m4 macro
> to DISABLE esd an odd solution.

Rafał, why? Upstream just forgot to package esd.m4 macro and we just put it back (it is suggested in autoconf documentation to bundle all .m4 files together with tarbal). While it's possible to simplify it greatly (since we don't need any esd detection), solution to carry esd.m4 is correct too.
Comment 13 A.C.Heron 2010-01-30 11:11:21 UTC
Created attachment 217908 [details]
emerge --info

Did you try to reproduce the bug with sdl-mixer-1.2.11 or 1.2.8? For some reason 1.2.8 works fine with unpatched libmikmod. Did you try the attached file? MOD files seem to work fine for me, I get crashes on XM and S3M. 

Another thing: most of the time I check if sdl-mixer works by running INSTEAD quest engine: http://bugs.gentoo.org/show_bug.cgi?id=285086 with the game http://instead-games.googlecode.com/files/instead-cat-1.2.zip It plays ofd.xm on the second page. Now I tried build/playmus with the patched libmikmod and it again crashed on ofd.xm. The rest of XM and S3M files played fine, though.
Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev 2012-01-29 08:13:47 UTC
Here on amd64 (via padsp) it crashes instantly on anything i try to play.

- padsp bb-aalib (from package app-misc/bb)
- padsp mikmod some-uni-file

> ==22098== Command: mikmod a94final.uni bluevalley.uni lf myst2.uni mystique.uni serenity.uni symphonic.uni
> ==22098== Parent PID: 22097
> ==22098== 
> ==22098== Invalid write of size 2
> ==22098==    at 0x5067031: VC1_WriteSamples (virtch.c:622)
> ==22098==    by 0x5067294: VC1_WriteBytes (virtch_common.c:270)
> ==22098==    by 0x506A017: VC_WriteBytes (virtch_common.c:153)
> ==22098==    by 0x5047A6F: OSS_Update (drv_oss.c:332)
> ==22098==    by 0x505C12E: MikMod_Update (mdriver.c:305)
> ==22098==    by 0x413478: do_update (mplayer.c:61)
> ==22098==    by 0x413613: MP_Start (mplayer.c:137)
> ==22098==    by 0x4081B3: player_timeout (mikmod.c:819)
> ==22098==    by 0x40CDEC: win_main_iteration (mwindow.c:1045)
> ==22098==    by 0x40CEF5: win_run (mwindow.c:1071)
> ==22098==    by 0x408DF5: main (mikmod.c:1082)
> ==22098==  Address 0x9bfd350 is 0 bytes after a block of size 16,384 alloc'd
> ==22098==    at 0x4C28639: calloc (vg_replace_malloc.c:566)
> ==22098==    by 0x505B47D: _mm_malloc (mmalloc.c:40)
> ==22098==    by 0x5047CF4: OSS_Init_internal (drv_oss.c:248)
> ==22098==    by 0x504806E: OSS_Init (drv_oss.c:290)
> ==22098==    by 0x505CA99: _mm_init (mdriver.c:543)
> ==22098==    by 0x505CB27: MikMod_Init (mdriver.c:561)
> ==22098==    by 0x40848E: Player_SetConfig (mikmod.c:457)
> ==22098==    by 0x408D7D: main (mikmod.c:1063)
... [ spams with it a bit, and then crashes ] ..
> ==22098== Process terminating with default action of signal 11 (SIGSEGV)
> ==22098==  General Protection Fault
> ==22098==    at 0x506698C: VC1_WriteSamples (virtch.c:437)
> ==22098==    by 0x5067294: VC1_WriteBytes (virtch_common.c:270)
> ==22098==    by 0x506A017: VC_WriteBytes (virtch_common.c:153)
> ==22098==    by 0x5047A6F: OSS_Update (drv_oss.c:332)
> ==22098==    by 0x505C12E: MikMod_Update (mdriver.c:305)
> ==22098==    by 0x413478: do_update (mplayer.c:61)
> ==22098==    by 0x413613: MP_Start (mplayer.c:137)
> ==22098==    by 0x4081B3: player_timeout (mikmod.c:819)
> ==22098==    by 0x40CDEC: win_main_iteration (mwindow.c:1045)
> ==22098==    by 0x40CEF5: win_run (mwindow.c:1071)
> ==22098==    by 0x408DF5: main (mikmod.c:1082)

Looks like an ordinary heap structure corruption.
May be padsp bug though.
Comment 15 Sergei Trofimovich (RETIRED) gentoo-dev 2012-02-04 21:30:30 UTC
Created attachment 300927 [details]
libmikmod-3.2.0_beta2-oss-err.patch

Workaround to make things work for me.
Looks like a padsp wrapper bug (if it
intercepts OSS ioctl). I'll dig it more tomorrow.

It fixes both mikmod and app-misc/bb for me.
Comment 16 Sergei Trofimovich (RETIRED) gentoo-dev 2012-02-04 22:04:41 UTC
(In reply to comment #15)
> Created attachment 300927 [details]
> libmikmod-3.2.0_beta2-oss-err.patch
> 
> Workaround to make things work for me.
> Looks like a padsp wrapper bug (if it
> intercepts OSS ioctl). I'll dig it more tomorrow.
> 
> It fixes both mikmod and app-misc/bb for me.

With PADSP_DEBUG=3 I see:
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=262144, fragments=16
> utils/padsp.c: SNDCTL_DSP_GETOSPACE
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=-16385, fragments=-1
> utils/padsp.c: SNDCTL_DSP_GETOSPACE
> utils/padsp.c: pa_stream_writable_size(): Bad state
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=-16385, fragments=-1
> utils/padsp.c: SNDCTL_DSP_GETOSPACE
> utils/padsp.c: pa_stream_writable_size(): Bad state
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=-16385, fragments=-1
> utils/padsp.c: SNDCTL_DSP_GETOSPACE
> utils/padsp.c: pa_stream_writable_size(): Bad state
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=-16385, fragments=-1
> utils/padsp.c: SNDCTL_DSP_GETOSPACE
> utils/padsp.c: fragsize=16384, fragstotal=16, bytes=262144, fragments=16

So padsp really sends -1 to the user. Is it padsp bug or libmikmod deficiency?
Comment 17 Sergei Trofimovich (RETIRED) gentoo-dev 2012-02-05 19:40:03 UTC
> > utils/padsp.c: fragsize=16384, fragstotal=16, bytes=-16385, fragments=-1
> > utils/padsp.c: SNDCTL_DSP_GETOSPACE
> > utils/padsp.c: fragsize=16384, fragstotal=16, bytes=262144, fragments=16
> 
> So padsp really sends -1 to the user. Is it padsp bug or libmikmod deficiency?

Upstream issue: https://bugs.freedesktop.org/show_bug.cgi?id=45643

@sound: ok to commit workaround libmikmod-3.2.0_beta2-oss-err.patch
at least to prevent crash on current padsp?
Comment 18 Samuli Suominen (RETIRED) gentoo-dev 2012-02-05 20:05:16 UTC
(In reply to comment #17)
> @sound: ok to commit workaround libmikmod-3.2.0_beta2-oss-err.patch
> at least to prevent crash on current padsp?

sure, but it would be better if rest of the issues raised in this bug (and attached patches) were reviewed and applied too at the same time.
and all patches affecting runtime go to both slots, like the PA one.

thanks!
Comment 19 Sergei Trofimovich (RETIRED) gentoo-dev 2012-02-06 21:50:36 UTC
> sure, but it would be better if rest of the issues raised in this bug (and
> attached patches) were reviewed and applied too at the same time.
> and all patches affecting runtime go to both slots, like the PA one.

Yeah, they look fine. Pushed to both slots (found some CVE fixes as well):

> *libmikmod-3.1.12-r1 (06 Feb 2012)
> *libmikmod-3.2.0_beta2-r3 (06 Feb 2012)
> 
>   06 Feb 2012; Sergei Trofimovich <slyfox@gentoo.org>
>   +files/libmikmod-3.2.0_beta2-CVE-2009-3995-3996.patch,
>   +files/libmikmod-3.2.0_beta2-CVE-2010-2546-2971.patch,
>   +files/libmikmod-3.2.0_beta2-fix-unload-crash.patch,
>   +files/libmikmod-3.2.0_beta2-fix-vol-crash.patch,
>   +files/libmikmod-3.2.0_beta2-pa-workaround.patch, +libmikmod-3.1.12-r1.ebuild,
>   +libmikmod-3.2.0_beta2-r3.ebuild:
>   Fixed sdl-mixer crash (bug #300525 reported by A.C.Heron and fixed by pva).
>   Fixed CVE-2009-3995, CVE-2009-3996 CVE-2010-2546 CVE-2010-2971 (security
>   bug #335892 by Stefan Behte fixes are pulled from upstream, redhat and suse).
>   Added workaround to avoid crash when libmikmod ran under padsp pulseaudio
>   wrapper.

Thanks!
Comment 20 Nikos Chantziaras 2012-02-07 00:04:14 UTC
sdl-mixer now supports libmodplug. It's the recommended backend for MOD files instead of libmikmod. It should probably be made the default, but right now the ebuild doesn't even have a USE flag for it.
Comment 21 Rafał Mużyło 2012-02-07 01:12:34 UTC
(In reply to comment #20)
> sdl-mixer now supports libmodplug. It's the recommended backend for MOD files
> instead of libmikmod. It should probably be made the default, but right now the
> ebuild doesn't even have a USE flag for it.

Huh ?
sdl-mixer-1.2.12.ebuild:
IUSE="...mikmod modplug..."
Comment 22 Nikos Chantziaras 2012-02-07 03:50:37 UTC
(In reply to comment #21)
> (In reply to comment #20)
> > sdl-mixer now supports libmodplug. It's the recommended backend for MOD files
> > instead of libmikmod. It should probably be made the default, but right now the
> > ebuild doesn't even have a USE flag for it.
> 
> Huh ?
> sdl-mixer-1.2.12.ebuild:
> IUSE="...mikmod modplug..."

Oops. No idea why I didn't see it. Sorry.

One thing that bugs me though, is that neither is enabled by default. Users don't know which one to pick, and unless they go read the SDL_mixer dev mailing list, they won't know that modplug is the recommended choice.