Your message dated Sun, 26 Jan 2025 15:28:33 -0800
with message-id <20250126152833.7fc57cc0@tigre>
and subject line Re: SIGSEGVs in libcdio: double free or corruption
has caused the Debian Bug report #887640,
regarding SIGSEGVs in libcdio: double free or corruption
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
887640: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887640
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libcdio
Version: 1.0.0-2
Hi!
I'm attaching two patches to resolve the following two problems.
With, for example, the eponymous audio CD by Regarde les hommes tomber:
$ gdb -q --args cd-info /dev/sr1
[...]
CD-TEXT for Track 7:
TITLE: The Fall
double free or corruption (!prev)
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht
gefunden.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff72d6cf7 in __GI_abort () at abort.c:90
#2 0x00007ffff7317f87 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff741dbd8 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff731e27a in malloc_printerr (str=str@entry=0x7ffff741f848
"double free or corruption (!prev)") at malloc.c:5354
#4 0x00007ffff731ffdc in _int_free (av=0x7ffff7651c20 <main_arena>,
p=0x5555557614e0, have_lock=<optimized out>) at malloc.c:4281
#5 0x00007ffff79a96b3 in cdio_generic_free (p_user_data=0x55555575f6d0) at
_cdio_generic.c:111
#6 0x00007ffff79acc6d in cdio_destroy (p_cdio=0x5555557611b0) at
device.c:365
#7 0x0000555555558c5d in myexit (cdio=<optimized out>, rc=0) at util.c:45
#8 0x00005555555571d2 in main (argc=<optimized out>, argv=<optimized out>)
at cd-info.c:1316
Reproducible with upstream release-1.0.0. No longer reproducible with
release-1.1.0. Bisected to be fixed by commit
2800f003aaee077f4009f525caf6c8b14a38ec47. That one confirmed to fix the
problem with Debian's 1.0.0-2 package, too. Patch attached for your
convenience.
With, for example, the audio CD "The Age of Cataclysm" by Cryptic
Wintermoon:
$ gdb -q --args cd-info /dev/sr1
[...]
CD Analysis Report
double free or corruption (top)
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: Datei oder Verzeichnis nicht
gefunden.
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff72d6cf7 in __GI_abort () at abort.c:90
#2 0x00007ffff7317f87 in __libc_message (action=action@entry=do_abort,
fmt=fmt@entry=0x7ffff741dbd8 "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff731e27a in malloc_printerr (str=str@entry=0x7ffff741f808
"double free or corruption (top)") at malloc.c:5354
#4 0x00007ffff731ffac in _int_free (av=0x7ffff7651c20 <main_arena>,
p=0x555555761350, have_lock=<optimized out>) at malloc.c:4273
#5 0x00007ffff79aa937 in get_cdtext_generic (p_user_data=0x55555575f6d0)
at _cdio_generic.c:300
#6 0x000055555555861f in print_cdtext_info (i_first_track=1 '\001',
i_tracks=<optimized out>, p_cdio=0x5555557611b0) at cd-info.c:437
#7 print_analysis (ms_offset=0, cdio_iso_analysis=..., fs=1,
first_data=-1, num_audio=13, i_tracks=13 '\r', i_first_track=1 '\001',
p_cdio=0x5555557611b0, track_format=<optimized out>) at cd-info.c:668
#8 0x0000555555557776 in main (argc=<optimized out>, argv=<optimized out>)
at cd-info.c:1251
Reproducible with upstream release-1.0.0, and release-1.1.0. No longer
reproducible with release-2.0.0. Bisected to be fixed by commit
f6f9c48fb40b8a1e8218799724b0b61a7161eb1d. That one confirmed to fix the
problem with Debian's 1.0.0-2 package, too. Patch attached for your
convenience.
Grüße
Thomas
>From 2800f003aaee077f4009f525caf6c8b14a38ec47 Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <[email protected]>
Date: Wed, 6 Dec 2017 09:10:51 -0500
Subject: [PATCH] Remove duplicate free...
Now that cdio_destroy cleans up after itself better
---
lib/driver/_cdio_generic.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
index 9e920bbe..e84ee314 100644
--- a/lib/driver/_cdio_generic.c
+++ b/lib/driver/_cdio_generic.c
@@ -1,5 +1,5 @@
/*
- Copyright (C) 2004-2009, 2011-2013
+ Copyright (C) 2004-2009, 2011-2013, 2017
Rocky Bernstein <[email protected]>
This program is free software: you can redistribute it and/or modify
@@ -108,7 +108,6 @@ cdio_generic_free (void *p_user_data)
if (NULL != p_env->cdtext) {
cdtext_destroy(p_env->cdtext);
- free(p_env->cdtext);
p_env->cdtext = NULL;
}
--
2.15.1
>From f6f9c48fb40b8a1e8218799724b0b61a7161eb1d Mon Sep 17 00:00:00 2001
From: "R. Bernstein" <[email protected]>
Date: Fri, 22 Dec 2017 16:06:57 -0500
Subject: [PATCH] Fix double free courtesy of Chris Clayton
---
lib/driver/_cdio_generic.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/driver/_cdio_generic.c b/lib/driver/_cdio_generic.c
index d40ac0d9..ae820d25 100644
--- a/lib/driver/_cdio_generic.c
+++ b/lib/driver/_cdio_generic.c
@@ -296,7 +296,6 @@ get_cdtext_generic (void *p_user_data)
if(len <= 0 || 0 != cdtext_data_init (p_env->cdtext, &p_cdtext_data[4], len)) {
p_env->b_cdtext_error = true;
- cdtext_destroy (p_env->cdtext);
free(p_env->cdtext);
p_env->cdtext = NULL;
}
--
2.15.1
--- End Message ---
--- Begin Message ---
Fixed since version 2.0.0, as reported in previous messages to this bug
--- End Message ---
