Bug#601663: libffado2 reads from freed memory
Dear Max, Could you analyze this again please for version 2.4.4 of FFADO or share the exact command you used to create this log? Thanks, Pander
Bug#601663: libffado2 reads from freed memory
Package: libffado2 Version: 2.0.1+svn1856-5 Severity: serious libffado2 reads a lot of values from freed or uninitialized memory. That is obviously a crash waiting to happen. See attached valgrind log file. Thread 10: Conditional jump or move depends on uninitialised value(s) at 0xAEE9C75: CycleTimerHelper::getCycleTimerTicks(unsigned long) (in /usr/lib/libffado.so.2.999.0) by 0xAEEB8A9: CycleTimerHelper::Execute() (in /usr/lib/libffado.so.2.999.0) by 0xAF15829: Util::PosixThread::ThreadHandler(void*) (in /usr/lib/libffado.so.2.999.0) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Uninitialised value was created by a heap allocation at 0x4C24DFA: operator new(unsigned long) (vg_replace_malloc.c:261) by 0xAEF0D8B: Ieee1394Service::Ieee1394Service() (in /usr/lib/libffado.so.2.999.0) by 0xAED67B0: DeviceManager::initialize() (in /usr/lib/libffado.so.2.999.0) by 0xAEDCC4A: ffado_streaming_init (in /usr/lib/libffado.so.2.999.0) by 0x431A65: ffado_open (ffado_output_plugin.c:240) by 0x42CAB2: ao_plugin_open (output_plugin.h:196) by 0x42D384: ao_open (output_thread.c:164) by 0x42E269: audio_output_task (output_thread.c:549) by 0x7A40783: g_thread_create_proxy (gthread.c:1893) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Conditional jump or move depends on uninitialised value(s) at 0xAEE9C7A: CycleTimerHelper::getCycleTimerTicks(unsigned long) (in /usr/lib/libffado.so.2.999.0) by 0xAEEB8A9: CycleTimerHelper::Execute() (in /usr/lib/libffado.so.2.999.0) by 0xAF15829: Util::PosixThread::ThreadHandler(void*) (in /usr/lib/libffado.so.2.999.0) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Uninitialised value was created by a heap allocation at 0x4C24DFA: operator new(unsigned long) (vg_replace_malloc.c:261) by 0xAEF0D8B: Ieee1394Service::Ieee1394Service() (in /usr/lib/libffado.so.2.999.0) by 0xAED67B0: DeviceManager::initialize() (in /usr/lib/libffado.so.2.999.0) by 0xAEDCC4A: ffado_streaming_init (in /usr/lib/libffado.so.2.999.0) by 0x431A65: ffado_open (ffado_output_plugin.c:240) by 0x42CAB2: ao_plugin_open (output_plugin.h:196) by 0x42D384: ao_open (output_thread.c:164) by 0x42E269: audio_output_task (output_thread.c:549) by 0x7A40783: g_thread_create_proxy (gthread.c:1893) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Conditional jump or move depends on uninitialised value(s) at 0xAEEB8DA: CycleTimerHelper::Execute() (in /usr/lib/libffado.so.2.999.0) by 0xAF15829: Util::PosixThread::ThreadHandler(void*) (in /usr/lib/libffado.so.2.999.0) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Uninitialised value was created by a heap allocation at 0x4C24DFA: operator new(unsigned long) (vg_replace_malloc.c:261) by 0xAEF0D8B: Ieee1394Service::Ieee1394Service() (in /usr/lib/libffado.so.2.999.0) by 0xAED67B0: DeviceManager::initialize() (in /usr/lib/libffado.so.2.999.0) by 0xAEDCC4A: ffado_streaming_init (in /usr/lib/libffado.so.2.999.0) by 0x431A65: ffado_open (ffado_output_plugin.c:240) by 0x42CAB2: ao_plugin_open (output_plugin.h:196) by 0x42D384: ao_open (output_thread.c:164) by 0x42E269: audio_output_task (output_thread.c:549) by 0x7A40783: g_thread_create_proxy (gthread.c:1893) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Conditional jump or move depends on uninitialised value(s) at 0xAEEB8F7: CycleTimerHelper::Execute() (in /usr/lib/libffado.so.2.999.0) by 0xAF15829: Util::PosixThread::ThreadHandler(void*) (in /usr/lib/libffado.so.2.999.0) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Uninitialised value was created by a heap allocation at 0x4C24DFA: operator new(unsigned long) (vg_replace_malloc.c:261) by 0xAEF0D8B: Ieee1394Service::Ieee1394Service() (in /usr/lib/libffado.so.2.999.0) by 0xAED67B0: DeviceManager::initialize() (in /usr/lib/libffado.so.2.999.0) by 0xAEDCC4A: ffado_streaming_init (in /usr/lib/libffado.so.2.999.0) by 0x431A65: ffado_open (ffado_output_plugin.c:240) by 0x42CAB2: ao_plugin_open (output_plugin.h:196) by 0x42D384: ao_open (output_thread.c:164) by 0x42E269: audio_output_task (output_thread.c:549) by 0x7A40783: g_thread_create_proxy (gthread.c:1893) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Conditional jump or move depends on uninitialised value(s) at 0xAEEB96F: CycleTimerHelper::Execute() (in /usr/lib/libffado.so.2.999.0) by 0xAF15829: Util::PosixThread::ThreadHandler(void*) (in /usr/lib/libffado.so.2.999.0) by 0xB4748B9: start_thread (pthread_create.c:300) by 0xCACC02C: clone (clone.S:112) Uninitialised value was created by a heap allocation at 0x4C24DFA: operator
