Bug#679826: zsnes: segfaults on start in testing i386
Fabian Greffrath
fabian at greffrath.com
Mon Jul 2 09:15:52 UTC 2012
tags 679826 + patch
thanks
Am 02.07.2012 10:40, schrieb Fabian Greffrath:
> I have reproduced this. It crashes in src/linux/audio.c in
> SoundInit_ao() around line 195 when it calls "audio_device =
> ao_open_live(driver_id, &driver_format, 0);". The return value of
> audio_device is checked, but it does not even get this far. It crashes
> earlier, i.e. in ao_open_live() itself.
From gdb:
Program received signal SIGSEGV, Segmentation fault.
0xb7c17fc6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) bt
#0 0xb7c17fc6 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#1 0xb7e8363a in _sanitize_matrix.isra.2 () from /usr/lib/libao.so.4
#2 0xb7e8578b in _open_device () from /usr/lib/libao.so.4
#3 0x082fa947 in InitSound ()
#4 0x082fde6f in initwinvideo ()
#5 0x082fb3b4 in initvideo ()
#6 0x088a175c in regptwa ()
#7 0x0838515c in SA1tableG ()
#8 0x00000002 in ?? ()
#9 0xbffff368 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
The problem is that the matrix element of struct driver_format is
uninitialized when it is passed over to ao_open_live() and thus
_open_device(). I haven't digged through libao sources that much, but
I believe a more robust check in _sanitize_matrix() (which is where
the crash actually occurs) may be appropriate.
- Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0014-Initialize-driver_format_matrix.patch
Type: text/x-diff
Size: 512 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20120702/fe81a4dd/attachment-0001.patch>
More information about the Pkg-games-devel
mailing list