I tried here with trunk/externals/maxlib/history.c and attached
history-test.pd patch, crashed:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6aad862 in history_float (x=0x831a80, f=<value optimised out>)
at history.c:153
153 else x->x_average = x->x_input[x->x_inpointer];
(gdb) bt
#0 0x00007ffff6aad862 in history_float (x=0x831a80, f=<value optimised
out>)
at history.c:153
#1 0x000000000046a69f in outlet_float ()
#2 0x000000000046ab69 in outlet_bang ()
#3 0x00000000004b8e04 in ?? ()
#4 0x00000000004761ed in m_mainloop ()
#5 0x000000000047aaf5 in sys_main ()
#6 0x00007ffff6ccec4d in __libc_start_main (main=<value optimised out>,
argc=<value optimised out>, ubp_av=<value optimised out>,
init=<value optimised out>, fini=<value optimised out>,
rtld_fini=<value optimised out>, stack_end=0x7fffffffe238)
at libc-start.c:226
#7 0x0000000000412f99 in _start ()
(gdb) print x->x_inpointer
$1 = 4728264212663500800
I'm guessing that the array overrun dumped some garbage in the
x_inpointer field, which then exploded...
with the s/>/>=/ patch to line ~155 (see below) I didn't manage to crash
it, but I also don't know if the output was correct...
Claude
On 24/10/10 01:05, Brian Neltner wrote:
Thanks Claude for your help.
I will personally just be switching to mavg instead of history for now
since I need to be confident it will work. Is there someone I can notify
who maintains the history external who would be interested in knowing
about the bug?
Brian
On Sun, 2010-10-24 at 00:38 +0100, Claude Heiland-Allen wrote:
Yes, in the absence of symbol information from 'history.pd_linux', I
would guess that it is these lines that are the problem:
http://pure-data.svn.sourceforge.net/viewvc/pure-data/branches/pd-extended/0.42/externals/maxlib/history.c?revision=13589&view=markup#l155
155 if(++x->x_inpointer> MAX_ARG)
156 {
157 x->x_inpointer = 0;
158 }
Possibly it should be>= instead of>, otherwise the code might end up
reading/writing past the end of the 0-indexed arrays of size MAX_ARG,
causing all kinds of memory corruption and random crashes, but I don't
suggest making the change without checking whether it is correct - the
code doesn't have any comments indicating the data invariants.
#N canvas 0 0 450 300 10;
#X obj 160 96 random 10000;
#X floatatom 161 148 5 0 0 0 - - -;
#X obj 161 72 metro 1;
#X obj 161 44 tgl 15 0 empty empty empty 17 7 0 10 -262144 -1 -1 0
1;
#X obj 160 124 history 0.2;
#X connect 0 0 4 0;
#X connect 2 0 0 0;
#X connect 3 0 2 0;
#X connect 4 0 1 0;
_______________________________________________
Pd-dev mailing list
Pd-dev@iem.at
http://lists.puredata.info/listinfo/pd-dev
