Bug#601659: Double free bug in libffado2

Max Kellermann max at duempel.org
Thu Oct 28 07:38:18 UTC 2010 

Package: libffado2                                                             
Version: 2.0.1+svn1856-5                                                       
Severity: serious                                                           

While trying to write a ffado output plugin, MPD crashed with the
following double free bug (backtrace shows it's inside libraw1394, but
my guess is that libffado calls libraw1394 with an invalid pointer):

ERROR: messagebuffer not initialized: 1250648744531: Error (IsoHandlerManager.cpp)[1289] ~IsoHandler: BUG: Handler still running!
ERROR: messagebuffer not initialized: 1250648744570: Error (IsoHandlerManager.cpp)[1289] ~IsoHandler: BUG: Handler still running!
*** glibc detected *** /usr/src/squeeze-mpd/src/mpd: double free or corruption (!prev): 0x0000000001736870 ***
[...]
Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7fffdcabd710 (LWP 5297)]
0x00007fffefedc165 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
(gdb) bt
#0  0x00007fffefedc165 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x00007fffefedef70 in *__GI_abort () at abort.c:92
#2  0x00007fffeff1227b in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>)
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#3  0x00007fffeff1bad6 in malloc_printerr (action=3, str=0x7fffeffd2ac8 "double free or corruption (!prev)", 
    ptr=<value optimized out>) at malloc.c:6267
#4  0x00007fffeff2084c in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3739
#5  0x00007fffed587ff1 in raw1394_destroy_handle () from /usr/lib/libraw1394.so.11
#6  0x00007ffff1a79a75 in IsoHandlerManager::IsoHandler::disable() () from /usr/lib/libffado.so.2
#7  0x00007ffff1a7b99b in IsoHandlerManager::IsoTask::updateShadowMapHelper() () from /usr/lib/libffado.so.2
#8  0x00007ffff1a7bed2 in IsoHandlerManager::IsoTask::Execute() () from /usr/lib/libffado.so.2
#9  0x00007ffff1a9b82a in Util::PosixThread::ThreadHandler(void*) () from /usr/lib/libffado.so.2
#10 0x00007ffff15848ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#11 0x00007fffeff7902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#12 0x0000000000000000 in ?? ()

More information about the pkg-multimedia-maintainers mailing list