On Thu, May 27, 2021 at 02:58:35PM -0400, Brad Smith wrote:
> Able to take a look at this when you have some free time?
>
>
Thanks for the tests; the problem is present in 3.0.12 as well: an
use-after-free caused by calls to the mute/volume functions after the
handle is freed.
OK?
If you've a good contact upstream, it's worth showing them the diff, i
can submit it as well, if you prefer.
Index: Makefile
===================================================================
RCS file: /cvs/ports/x11/vlc/Makefile,v
retrieving revision 1.248
diff -u -p -u -p -r1.248 Makefile
--- Makefile 3 Apr 2021 11:15:46 -0000 1.248
+++ Makefile 31 May 2021 19:28:06 -0000
@@ -7,7 +7,7 @@ V= 3.0.12
DISTNAME= vlc-${V}
PKGNAME-main= ${DISTNAME}
PKGNAME-jack= vlc-jack-${V}
-REVISION-main= 0
+REVISION-main= 1
CATEGORIES= x11
MASTER_SITES= https://download.videolan.org/pub/videolan/vlc/${V}/
EXTRACT_SUFX= .tar.xz
Index: patches/patch-modules_audio_output_sndio_c
===================================================================
RCS file: patches/patch-modules_audio_output_sndio_c
diff -N patches/patch-modules_audio_output_sndio_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-modules_audio_output_sndio_c 31 May 2021 19:28:06 -0000
@@ -0,0 +1,18 @@
+$OpenBSD$
+
+Set volume/mute function pointers when handle is freed, to ensure
+sio_setvol() is not called on a freed handle. Fixes crashes when
+volume is adjusted while playback is stopped.
+
+Index: modules/audio_output/sndio.c
+--- modules/audio_output/sndio.c.orig
++++ modules/audio_output/sndio.c
+@@ -208,6 +208,8 @@ static void Stop (audio_output_t *aout)
+ {
+ aout_sys_t *sys = aout->sys;
+
++ aout->volume_set = NULL;
++ aout->mute_set = NULL;
+ sio_close (sys->hdl);
+ }
+
> -------- Forwarded Message --------
> Subject: Re: UPDATE: VLC 3.0.14
> Date: Wed, 19 May 2021 15:01:49 +0200
> From: Mark Patruck <[email protected]>
> To: Brad Smith <[email protected]>
>
>
> On 5/18/21 7:55 AM, Mark Patruck wrote:
>
> On 5/16/21 6:13 PM, Brad Smith wrote:
>
> Here is an update to VLC 3.0.14.
>
>
> Builds and runs fine on amd64, thanks Brad.
>
>
> When trying to change the volume w/o anything playing, vlc segfaults
>
> andromeda$ egdb vlc vlc.core
> GNU gdb (GDB) 7.12.1
> Copyright (C) 2017 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law. Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "x86_64-unknown-openbsd6.9".
> Type "show configuration" for configuration details.
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/gdb/bugs/>.
> Find the GDB manual and other documentation resources online at:
> <http://www.gnu.org/software/gdb/documentation/>.
> For help, type "help".
> Type "apropos word" to search for commands related to "word"...
> Reading symbols from vlc...(no debugging symbols found)...done.
> [New process 606403]
> [New process 441084]
> [New process 437178]
> [New process 271279]
> [New process 323988]
> [New process 125106]
> [New process 110377]
> [New process 226383]
> [New process 547555]
> [New process 326511]
> [New process 112519]
> [New process 367734]
> [New process 515407]
> [New process 113809]
> [New process 237060]
> [New process 362179]
> [New process 166899]
> [New process 615971]
> Core was generated by `vlc'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x000002106e86a0e5 in sio_setvol (hdl=0x2108a1eec00, ctl=90) at
> /usr/src/lib
> /libsndio/sio.c:503
> 503 /usr/src/lib/libsndio/sio.c: No such file or directory.
> [Current thread is 1 (process 606403)]
> (gdb) bt full
> #0 0x000002106e86a0e5 in sio_setvol (hdl=0x2108a1eec00, ctl=90) at
> /usr/src/lib
> /libsndio/sio.c:503
> No locals.
> #1 0x00000210e35a712b in MuteSet () from /usr/local/lib/vlc/plugins/
> audio_output/libsndio_plugin.so
> No symbol table info available.
> #2 0x00000210fd686d58 in aout_OutputUnlock () from /usr/local/lib/
> libvlccore.so.4.0
> No symbol table info available.
> #3 0x00000210fd687694 in aout_MuteSet () from /usr/local/lib/libvlccore.so.4.0
> No symbol table info available.
> #4 0x00000210fd652614 in playlist_MuteSet () from /usr/local/lib/
> libvlccore.so.4.0
> No symbol table info available.
> #5 0x00000211302eead2 in SoundWidget::userUpdateVolume(int) () from
> /usr/local/
> lib/vlc/plugins/gui/libqt_plugin.so
> No symbol table info available.
> #6 0x00000210bfd068ae in void doActivate<false>(QObject*, int, void**) () from
> /usr/local/lib/libQt5Core.so.3.0
> No symbol table info available.
> #7 0x00000210bfcfe171 in QMetaObject::activate(QObject*, QMetaObject const*,
> int, void**) () from /usr/local/lib/libQt5Core.so.3.0
> No symbol table info available.
> #8 0x000002113035ba5b in SoundWidget::valueReallyChanged(int) () from /usr/
> local/lib/vlc/plugins/gui/libqt_plugin.so
> No symbol table info available.
> #9 0x00000210bfd068ae in void doActivate<false>(QObject*, int, void**) () from
> /usr/local/lib/libQt5Core.so.3.0
> No symbol table info available.
> #10 0x00000210bfcfe171 in QMetaObject::activate(QObject*, QMetaObject const*,
> int, void**) () from /usr/local/lib/libQt5Core.so.3.0
> No symbol table info available.
> #11 0x00000211458b9cb2 in QAbstractSlider::valueChanged(int) () from
> /usr/local
> /lib/libQt5Widgets.so.3.0
> No symbol table info available.
> #12 0x00000211458b8dc8 in QAbstractSlider::setValue(int) () from
> /usr/local/lib
> /libQt5Widgets.so.3.0
> No symbol table info available.
> #13 0x00000211303373b0 in SoundSlider::mousePressEvent(QMouseEvent*) () from /
> usr/local/lib/vlc/plugins/gui/libqt_plugin.so
> No symbol table info available.
> #14 0x00000211457827c9 in QWidget::event(QEvent*) () from /usr/local/lib/
> libQt5Widgets.so.3.0
> No symbol table info available.
> ....
> ....
>
>
>
>
> -Mark
>
>
>
>
>
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/x11/vlc/Makefile,v
> retrieving revision 1.248
> diff -u -p -u -p -r1.248 Makefile
> --- Makefile 3 Apr 2021 11:15:46 -0000 1.248
> +++ Makefile 16 May 2021 15:41:58 -0000
> @@ -3,11 +3,10 @@
> COMMENT-main= VideoLAN client; multimedia player
> COMMENT-jack= JACK audio output module for VLC
> -V= 3.0.12
> +V= 3.0.14
> DISTNAME= vlc-${V}
> PKGNAME-main= ${DISTNAME}
> PKGNAME-jack= vlc-jack-${V}
> -REVISION-main= 0
> CATEGORIES= x11
> MASTER_SITES=
> https://download.videolan.org/pub/videolan/vlc/${V}/
> EXTRACT_SUFX= .tar.xz
> @@ -34,13 +33,13 @@ WANTLIB-main= EGL GL ICE Qt5Core Qt5Gui
> ffi fontconfig freetype fribidi gbm gcrypt gdk-3
> gdk_pixbuf-2.0 \
> gio-2.0 glapi glib-2.0 gmodule-2.0 gmp gnutls gobject-2.0 \
> gpg-error graphite2 gsm gthread-2.0 gtk-3 harfbuzz \
> - hogweed icudata icui18n icuio icuuc idn2 jpeg lcms2 \
> - lz4 lzma matroska mp3lame nettle nfs notify ogg opus \
> - p11-kit pango-1.0 pangocairo-1.0 pangoft2-1.0 pcre \
> - pcre2-16 pixman-1 placebo png postproc protobuf-lite \
> - rsvg-2 smb2 sndio soxr speex speexdsp ssl swresample \
> - swscale tag tar tasn1 theoradec theoraenc tiff unistring \
> - usbhid vorbis vorbisenc vpx webp x264 x265 xcb xcb-composite
> \
> + hogweed icudata icui18n icuuc idn2 jpeg lcms2 lz4 lzma \
> + matroska mp3lame nettle nfs notify ogg opus p11-kit \
> + pango-1.0 pangocairo-1.0 pangoft2-1.0 pcre pcre2-16 \
> + pixman-1 placebo png postproc protobuf-lite rsvg-2 \
> + smb2 sndio soxr speex speexdsp ssl swresample swscale \
> + tag tar tasn1 theoradec theoraenc tiff unistring usbhid \
> + vorbis vorbisenc vpx webp x264 x265 xcb xcb-composite \
> xcb-dri2 xcb-dri3 xcb-glx xcb-keysyms xcb-present xcb-randr
> \
> xcb-render xcb-shm xcb-sync xcb-xfixes xcb-xv xml2 \
> xshmfence xvidcore z zstd ${WANTLIB-common}
> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/x11/vlc/distinfo,v
> retrieving revision 1.44
> diff -u -p -u -p -r1.44 distinfo
> --- distinfo 23 Jan 2021 09:50:09 -0000 1.44
> +++ distinfo 16 May 2021 15:43:03 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (vlc-3.0.12.tar.xz) = 7/RY84qSEmCU9E8iY8K/LHze8nG0gZLQ/
> nsXJjiM+Hk=
> -SIZE (vlc-3.0.12.tar.xz) = 25997468
> +SHA256 (vlc-3.0.14.tar.xz) =
> Sbk+WzPeqjcGDmskqYIAytcMQHlH8U6yqLagxk2FNaY=
> +SIZE (vlc-3.0.14.tar.xz) = 26424968
> Index: patches/patch-src_posix_thread_c
> ===================================================================
> RCS file: /home/cvs/ports/x11/vlc/patches/patch-src_posix_thread_c,v
> retrieving revision 1.5
> diff -u -p -u -p -r1.5 patch-src_posix_thread_c
> --- patches/patch-src_posix_thread_c 3 Apr 2021 11:15:46 -0000
> 1.5
> +++ patches/patch-src_posix_thread_c 29 Apr 2021 15:38:01 -0000
> @@ -1,8 +1,7 @@
> $OpenBSD: patch-src_posix_thread_c,v 1.5 2021/04/03 11:15:46 sthen
> Exp $
> -- Make use of clock_gettime() on OpenBSD. Until we have per-process
> - timers and can enable _POSIX_TIMERS in unistd.h.
> -- Make use of _SC_NPROCESSORS_ONLN.
> +Make use of clock_gettime() on OpenBSD. Until we have per-process
> +timers and can enable _POSIX_TIMERS in unistd.h.
> Index: src/posix/thread.c
> --- src/posix/thread.c.orig
> @@ -25,12 +24,3 @@ Index: src/posix/thread.c
> struct timespec ts;
> vlc_clock_setup ();
> -@@ -712,6 +712,8 @@ unsigned vlc_GetCPUCount(void)
> - count = sysconf (_SC_NPROCESSORS_ONLN);
> - free (cpulist);
> - return count ? count : 1;
> -+#elif defined(_SC_NPROCESSORS_ONLN)
> -+ return sysconf(_SC_NPROCESSORS_ONLN);
> - #elif defined(_SC_NPROCESSORS_CONF)
> - return sysconf(_SC_NPROCESSORS_CONF);
> - #else
>
>
>
>
>
> --
> Mark Patruck ( mark at wrapped.cx )
> GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51
>
> https://www.wrapped.cx
>
