Debian Bug report logs - #422021
SDL-mixer causes app to segfault or abort when loading multiple music files with varying number of channels.

version graph

Package: libsdl-mixer1.2; Maintainer for libsdl-mixer1.2 is Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>; Source for libsdl-mixer1.2 is src:sdl-mixer1.2 (PTS, buildd, popcon).

Reported by: Brandon Barnes <winterknight@nerdshack.com>

Date: Wed, 2 May 2007 22:48:02 UTC

Severity: important

Tags: patch

Found in versions sdl-mixer1.2/1.2.6-2, sdl-mixer1.2/1.2.6-3

Fixed in version sdl-mixer1.2/1.2.8-1

Done: Sam Hocevar (Debian packages) <sam+deb@zoy.org>

Bug is archived. No further changes may be made.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>:
Bug#422021; Package libsdl-mixer1.2. (full text, mbox, link).


Acknowledgement sent to Brandon Barnes <winterknight@nerdshack.com>:
New Bug report received and forwarded. Copy sent to Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Brandon Barnes <winterknight@nerdshack.com>
To: submit@bugs.debian.org
Subject: SDL-mixer causes app to segfault or abort when loading multiple music files with varying number of channels.
Date: Wed, 2 May 2007 15:44:39 -0700
Package: libsdl-mixer1.2
Version: 1.2.6-2
Severity: Important
Tags: patch

SDL-mixer has a bug that causes segfaults. I believe this directly
results in dozens of bug reports in debian, from packages that use
SDL-mixer. It is, however, difficult to know which repoted bugs are
dupes of this bug, and which ones are unrelated.

When you load a song in SDL-mixer, it updates a variable, md_sngchn,
which it uses to allocate memory for MP_VOICE structures. md_sngchn is a
global variable. An MP_VOICE structure is 104 bytes. A 4 channel song
is allocated half as much memory for voice structures as an 8 channel
song. md_sngchn is never updated after songs are loaded, so it always
equals the number of channels of the last song loaded.

The problem is that SDL-mixer then assumes that md_sngchn equals the
number of voice channels of the current song. In certain loops, it uses
md_sngchn to determine how much memory to write. It ends up writing
past the memory allocated for the 4 voice structures, if md_sngchn is
8. This causes segfaults. A different problem may occur when playing an
8 channel song, if the last song loaded has 4 channels.

The base problem is using global variables to excess. This problem is
compounded by using poorly named variables. SDL-mixer uses way too many
globals, and they usually have obscure names, like pf, or mf, or
md_sngchn. SDL-mixer could use a complete rewrite. Of course, as
maintainers, this is not your responsibility.

md_sngchn probably doesn't need to exist at all, since there
are ways of finding out how many channels are in the song, such as by
using pf->numchn. Here is a patch that at least partially fixes the
problem. I've still left the declaration and several uses for
md_sngchn. This is just the minimum patch required to get
penguin-command to work without segfaulting.

---- Patch begin ----
--- mplayer.c.old	2007-05-01 21:01:08.000000000 -0700
+++ mplayer.c	2007-05-01 20:02:21.000000000 -0700
@@ -1896,7 +1896,7 @@
 	SAMPLE *s;
 
 	pf->totalchn=pf->realchn=0;
-	for (mp_channel=0;mp_channel<md_sngchn;mp_channel++) {
+	for (mp_channel=0;mp_channel<pf->numchn;mp_channel++) {
 		aout=&pf->voice[mp_channel];
 		i=aout->i;
 		s=aout->s;
@@ -2630,7 +2630,7 @@
 		pf->patbrk=0;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].i=NULL;
 			pf->voice[t].s=NULL;
@@ -2655,7 +2655,7 @@
 		pf->patbrk=0;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].i=NULL;
 			pf->voice[t].s=NULL;
@@ -2682,7 +2682,7 @@
 		pf->sngpos=pos;
 		pf->vbtick=pf->sngspd;
 
-		for (t=0;t<md_sngchn;t++) {
+		for (t=0;t<pf->numchn;t++) {
 			Voice_Stop_internal(t);
 			pf->voice[t].i=NULL;
 			pf->voice[t].s=NULL;
---- End patch ----

For apps that use unpatched versions of SDL-mixer, I have a workaround
to suggest. Make sure that all songs you load have the same number of
channels.

I have already contacted upstream, and delivered to them a patch for
the latest version of SDL-mixer. I have not received a response.

-Brandon



Bug marked as found in version 1.2.6-3. Request was from Brandon <winterknight@nerdshack.com> to control@bugs.debian.org. (Sat, 18 Aug 2007 19:36:01 GMT) (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>:
Bug#422021; Package libsdl-mixer1.2. (full text, mbox, link).


Acknowledgement sent to Brandon <winterknight@nerdshack.com>:
Extra info received and forwarded to list. Copy sent to Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>. (full text, mbox, link).


Message #12 received at 422021@bugs.debian.org (full text, mbox, reply):

From: Brandon <winterknight@nerdshack.com>
To: 422021@bugs.debian.org
Subject: Still there. Patch still works.
Date: Sat, 18 Aug 2007 13:12:32 -0700
This bug is still present in the latest sdl-mixer1.2 version, 1.2.6-3.
I've been using the patch for the past several months. There are, to
the best of my knowledge, no adverse side-effects. It just makes
sdl-mixer work properly.

-Brandon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>:
Bug#422021; Package libsdl-mixer1.2. (full text, mbox, link).


Acknowledgement sent to Brandon <winterknight@nerdshack.com>:
Extra info received and forwarded to list. Copy sent to Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>. (full text, mbox, link).


Message #17 received at 422021@bugs.debian.org (full text, mbox, reply):

From: Brandon <winterknight@nerdshack.com>
To: 422021@bugs.debian.org
Subject: Here is the updated patch.
Date: Thu, 13 Sep 2007 10:58:27 -0700
[Message part 1 (text/plain, inline)]
I contacted upstream again a few weeks ago. They have incorporated it
into the latest svn. The next upstream release will probably have this
bug fixed.

If you decide to upgrade sdl-mixer to 1.2.8, here is the patch to fix
that version.

-Brandon
[sdl-mixer1.2.8.patch (text/x-patch, attachment)]

Reply sent to Sam Hocevar (Debian packages) <sam+deb@zoy.org>:
You have taken responsibility. (full text, mbox, link).


Notification sent to Brandon Barnes <winterknight@nerdshack.com>:
Bug acknowledged by developer. (full text, mbox, link).


Message #22 received at 422021-close@bugs.debian.org (full text, mbox, reply):

From: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
To: 422021-close@bugs.debian.org
Subject: Bug#422021: fixed in sdl-mixer1.2 1.2.8-1
Date: Mon, 08 Oct 2007 16:02:08 +0000
Source: sdl-mixer1.2
Source-Version: 1.2.8-1

We believe that the bug you reported is fixed in the latest version of
sdl-mixer1.2, which is due to be installed in the Debian FTP archive:

libsdl-mixer1.2-dev_1.2.8-1_amd64.deb
  to pool/main/s/sdl-mixer1.2/libsdl-mixer1.2-dev_1.2.8-1_amd64.deb
libsdl-mixer1.2_1.2.8-1_amd64.deb
  to pool/main/s/sdl-mixer1.2/libsdl-mixer1.2_1.2.8-1_amd64.deb
sdl-mixer1.2_1.2.8-1.diff.gz
  to pool/main/s/sdl-mixer1.2/sdl-mixer1.2_1.2.8-1.diff.gz
sdl-mixer1.2_1.2.8-1.dsc
  to pool/main/s/sdl-mixer1.2/sdl-mixer1.2_1.2.8-1.dsc
sdl-mixer1.2_1.2.8.orig.tar.gz
  to pool/main/s/sdl-mixer1.2/sdl-mixer1.2_1.2.8.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 422021@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sam Hocevar (Debian packages) <sam+deb@zoy.org> (supplier of updated sdl-mixer1.2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 07 Oct 2007 22:52:58 +0200
Source: sdl-mixer1.2
Binary: libsdl-mixer1.2 libsdl-mixer1.2-dev
Architecture: source amd64
Version: 1.2.8-1
Distribution: unstable
Urgency: low
Maintainer: Debian SDL packages maintainers <pkg-sdl-maintainers@lists.alioth.debian.org>
Changed-By: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Description: 
 libsdl-mixer1.2 - mixer library for Simple DirectMedia Layer 1.2
 libsdl-mixer1.2-dev - development files for SDL1.2 mixer library
Closes: 422021 437004 437793
Changes: 
 sdl-mixer1.2 (1.2.8-1) unstable; urgency=low
 .
   * New upstream release (Closes: #437004).
   * Use quilt instead of CDBS.
 .
   * debian/control:
     + Cleaned up the uploaders field.
 .
   * debian/patches/00_correct_linking.patch:
     + This patch is now irrelevant. Dropped.
 .
   * debian/patches/00_maintainer_mode.patch:
     + Upstream no longer uses automake. Dropped.
 .
   * debian/patches/03_awe_voice.patch:
     + Use the local awe_voice.h file because nothing guarantees its presence.
 .
   * debian/patches/200_channel_segfaults.diff:
     + Fix a nasty corruption bug when loading songs with varying number of
       channels (Closes: #422021). Patch courtesy of Brandon Barnes.
 .
   * debian/patches/210_dev_snd_seq.diff:
     + Autodetect /dev/sequencer or /dev/snd/seq depending on the system
       (Closes: #437793).
 .
   * debian/patches/timidity_cfg.patch:
     + Patch implemented upstream. Dropped.
Files: 
 14984aa50095fdc584ad444c7d90d2a5 919 libs optional sdl-mixer1.2_1.2.8-1.dsc
 0b5b91015d0f3bd9597e094ba67c4d65 2096559 libs optional sdl-mixer1.2_1.2.8.orig.tar.gz
 6752201aa16482ece55b877a25778b5a 78978 libs optional sdl-mixer1.2_1.2.8-1.diff.gz
 07ea9044deed56936bcdb3b3e0b876ac 172280 libs optional libsdl-mixer1.2_1.2.8-1_amd64.deb
 c357bba6946bb55f8eafc287980f9936 213058 libdevel optional libsdl-mixer1.2-dev_1.2.8-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHClBlfPP1rylJn2ERAmuDAJ9x5pqRP0mGrjnbMaR5iQV291aHVQCcCd1s
1XtyE2TNlEHX/Yp394Q+NL4=
=5iDa
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 17 Nov 2007 07:26:52 GMT) (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 11:35:04 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.