/usr/lib/ladspa/csladspa.so calls free() on something it shouldn't

Question

/usr/lib/ladspa/csladspa.so calls free() on something it shouldn't

bhechinger opened this issue 6 years ago · comments

If I have the cslapspa package installed on 18.04 (this has been reported on 17.10 as well) it causes many apps to crash (Hydrogen, LMMS, Non-Mixer, Ardour, etc) with this message:

free(): invalid pointer
Aborted (core dumped)

Looking at the corefile stacktrace I see this:

#0  0x00007f608bd5ae97 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007f608bd5c801 in __GI_abort () at abort.c:79
#2  0x00007f608bda5897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7f608bed2b9a "%s\n")
    at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007f608bdac90a in malloc_printerr (str=str@entry=0x7f608bed0d88 "free(): invalid pointer") at malloc.c:5350
#4  0x00007f608bdb3e1c in _int_free (have_lock=0, p=0x7ffe225dfa1e, av=0x7f608c107c40 <main_arena>) at malloc.c:4157
#5  0x00007f608bdb3e1c in __GI___libc_free (mem=0x7ffe225dfa2e) at malloc.c:3124
#6  0x00007f605ecdc320 in  () at /usr/lib/ladspa/csladspa.so
#7  0x00007f605ecdc542 in ladspa_descriptor () at /usr/lib/ladspa/csladspa.so
#8  0x000000000054787e in H2Core::Effects::getPluginList() ()
#9  0x0000000000548a8f in H2Core::Effects::Effects() ()
#10 0x0000000000548afb in H2Core::Effects::create_instance() ()
#11 0x000000000056d864 in H2Core::audioEngine_init() ()
#12 0x000000000056dd10 in H2Core::Hydrogen::Hydrogen() ()
#13 0x000000000056deb5 in H2Core::Hydrogen::create_instance() ()
#14 0x000000000046d2cb in main ()

So it looks like ladspa_descriptor() is to blame.

vlazzarini · Answer 1 · Tue Jun 05 2018 23:15:17 GMT+0800 (China Standard Time)

Is this using the latest code? There was a bug in csladspa.cpp, where delete was called on a stack variable, but this has been fixed a while ago.

Brian Hechinger · Answer 2 · Wed Jun 06 2018 00:30:37 GMT+0800 (China Standard Time)

This is what's currently on Ubuntu 18.04:

csladspa/bionic 1:6.10.0~dfsg-1 amd64
  LADSPA plugin for Csound

vlazzarini · Answer 3 · Wed Jun 06 2018 18:22:02 GMT+0800 (China Standard Time)

That code contained the fix. I'll look again to see if I can find anything else.

vlazzarini · Answer 4 · Wed Jun 06 2018 18:34:03 GMT+0800 (China Standard Time)

I've found it and committed a fix.

Brian Hechinger · Answer 5 · Wed Jun 06 2018 20:02:21 GMT+0800 (China Standard Time)

Will this get merged into 6.11 or will we need to wait for 6.12 to be cut? Just need to know so I can start bugging the Ubuntu maintainers to update.

vlazzarini · Answer 6 · Thu Jun 07 2018 16:25:03 GMT+0800 (China Standard Time)

There have been changes in the Csound project organisation and from 6.11, csladspa is being kept as a separate repository, and released independently. I have now made the first release of csladspa in this configuration, keeping the versioning in sync with Csound (6.11.1 to indicate the bugfix which was not there in a earlier tag). So you can point them here now

https://github.com/csound/csladspa/releases/tag/6.11.1

Brian Hechinger · Answer 7 · Fri Jun 08 2018 04:13:33 GMT+0800 (China Standard Time)

Great, I'll let them know, thanks!