[PD-dev] [maxlib/history] segfault
Claude Heiland-Allen
claudiusmaximus at goto10.org
Sun Oct 24 02:40:52 CEST 2010
I tried here with trunk/externals/maxlib/history.c and attached
history-test.pd patch, crashed:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6aad862 in history_float (x=0x831a80, f=<value optimised out>)
at history.c:153
153 else x->x_average = x->x_input[x->x_inpointer];
(gdb) bt
#0 0x00007ffff6aad862 in history_float (x=0x831a80, f=<value optimised
out>)
at history.c:153
#1 0x000000000046a69f in outlet_float ()
#2 0x000000000046ab69 in outlet_bang ()
#3 0x00000000004b8e04 in ?? ()
#4 0x00000000004761ed in m_mainloop ()
#5 0x000000000047aaf5 in sys_main ()
#6 0x00007ffff6ccec4d in __libc_start_main (main=<value optimised out>,
argc=<value optimised out>, ubp_av=<value optimised out>,
init=<value optimised out>, fini=<value optimised out>,
rtld_fini=<value optimised out>, stack_end=0x7fffffffe238)
at libc-start.c:226
#7 0x0000000000412f99 in _start ()
(gdb) print x->x_inpointer
$1 = 4728264212663500800
I'm guessing that the array overrun dumped some garbage in the
x_inpointer field, which then exploded...
with the s/>/>=/ patch to line ~155 (see below) I didn't manage to crash
it, but I also don't know if the output was correct...
Claude
On 24/10/10 01:05, Brian Neltner wrote:
> Thanks Claude for your help.
>
> I will personally just be switching to mavg instead of history for now
> since I need to be confident it will work. Is there someone I can notify
> who maintains the history external who would be interested in knowing
> about the bug?
>
> Brian
>
> On Sun, 2010-10-24 at 00:38 +0100, Claude Heiland-Allen wrote:
>>
>> Yes, in the absence of symbol information from 'history.pd_linux', I
>> would guess that it is these lines that are the problem:
>>
>> http://pure-data.svn.sourceforge.net/viewvc/pure-data/branches/pd-extended/0.42/externals/maxlib/history.c?revision=13589&view=markup#l155
>>
>> 155 if(++x->x_inpointer> MAX_ARG)
>> 156 {
>> 157 x->x_inpointer = 0;
>> 158 }
>>
>> Possibly it should be>= instead of>, otherwise the code might end up
>> reading/writing past the end of the 0-indexed arrays of size MAX_ARG,
>> causing all kinds of memory corruption and random crashes, but I don't
>> suggest making the change without checking whether it is correct - the
>> code doesn't have any comments indicating the data invariants.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: history-test.pd
URL: <http://lists.puredata.info/pipermail/pd-dev/attachments/20101024/9a619fea/attachment.txt>
More information about the Pd-dev
mailing list