Public bug reported:
Linphone crashes at startup for me, if too many audio devices are
connected, with a message on stderr saying
free(): double free detected in tcache 2
SIGABRT / SIGIOT: Aborted
I debugged the problem and found that the crash was occurring in the
libmediastreamer_voip.so.10 shared library. Specifically, in
src/audiofilters/alsa.c alsa_card_detect(), the arrays card_names[] and
device_names[] were being overrun, because they have size
MAX_NUM_DEVICE_ID = 100 and there's no overflow check in the code. So
one array was overrunning into the other one, causing the double-free
when both arrays full of allocated things were cleaned up at the end of
the function.
(I don't have 100 audio devices! But ALSA reports multiple records for
each one, with various different details. I found that with HDMI audio
output, USB speakers, and a webcam with microphone, the array overrun
occurs; disconnecting the webcam allows Linphone to start up, but then
of course I can't use it to make calls.)
I've worked around the problem locally by installing a recompiled
version of the libmediastreamer-voip10 package in which I reset
MAX_NUM_DEVICE_ID from 100 to 1000. With that change, Linphone runs fine
and can make calls using my webcam microphone.
(My fix is a bodge, of course! A proper fix would enlarge the arrays as
needed. But I know that the affected function has been completely
rewritten in later versions of mediastreamer2, and those later versions
are already in later Ubuntu releases. So I only need that workaround
until I can upgrade from 20.04 to 22.04 next month.)
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libmediastreamer-voip10 1:2.16.1-4ubuntu2
ProcVersionSignature: Ubuntu 5.11.0-46.51~20.04.1-generic 5.11.22
Uname: Linux 5.11.0-46-generic x86_64
ApportVersion: 2.20.11-0ubuntu27.21
Architecture: amd64
CasperMD5CheckResult: skip
Date: Wed Mar 30 12:35:18 2022
InstallationDate: Installed on 2013-06-01 (3223 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
SourcePackage: mediastreamer2
UpgradeStatus: Upgraded to focal on 2020-08-31 (575 days ago)
modified.conffile..etc.default.apport: [modified]
mtime.conffile..etc.default.apport: 2013-06-02T15:20:08.886312
** Affects: mediastreamer2 (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1967122
Title:
Buffer overflow in alsa_card_detect causes linphone to crash at
startup
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mediastreamer2/+bug/1967122/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
