[PD] Crasher bug

Roman Haefeli reduzent at gmail.com
Sun Oct 1 22:16:36 CEST 2017

Hey all

Attached patch crashes Pd, at least on Ubuntu 16.04 amd64. Pd 0.48 and
0.47-1 seems affected, but not 0.46-7. Also, I cannot make it crash
with the current 0.48 release for Windows under Wine. I couldn't test
it on macOS, but the original patch (not this reduced one) crashes on
macOS 10.11 with Pd 0.48.

The patch doesn't do anything meaningful anymore more, since I tried to
remove anything that was not needed for the crash.

With current git master, I get the following backtrace printed to the
console, as soon as I click the bang:

$ pd -stderr -nosound -open crashtest.pd 
*** Error in `pd': corrupted size vs. prev_size: 0x0000000000b5e0a0 ***
======= Backtrace: =========
======= Memory map: ========
... skipped ...

gdb backtrace:

(gdb) backtrace
#0  0x00007ffff6dcf428 in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:54
#1  0x00007ffff6dd102a in __GI_abort () at abort.c:89
#2  0x00007ffff6e117ea in __libc_message (do_abort=2, fmt=fmt at entry=0x7ffff6f2ae98 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
#3  0x00007ffff6e1adfb in malloc_printerr (ar_ptr=0x7ffff715eb20 <main_arena>, ptr=0x827c20, str=0x7ffff6f27c35 "corrupted size vs. prev_size", action=3) at malloc.c:5006
#4  _int_free (av=0x7ffff715eb20 <main_arena>, p=<optimized out>, have_lock=1) at malloc.c:4014
#5  0x00007ffff6e1d409 in _int_realloc (av=av at entry=0x7ffff715eb20 <main_arena>, oldp=oldp at entry=0x827b00, oldsize=oldsize at entry=288, nb=nb at entry=112) at malloc.c:4384
#6  0x00007ffff6e1e839 in __GI___libc_realloc (oldmem=0x827b10, bytes=96) at malloc.c:3045
#7  0x00000000004b5783 in resizebytes (old=<optimized out>, oldsize=256, newsize=<optimized out>) at m_memory.c:55
#8  0x00000000004a7ae6 in binbuf_text (x=0x7d3ba0, text=text at entry=0x7fffffffcce0 "\r\n.x7e8880 motion 39.0 78.0 0;", size=size at entry=30) at m_binbuf.c:199
#9  0x00000000004c0b15 in socketreceiver_doread (x=x at entry=0x7ef580) at s_inter.c:494
#10 0x00000000004c214c in socketreceiver_read (x=0x7ef580, fd=12) at s_inter.c:597
#11 0x00000000004c0e8e in sys_domicrosleep (microsec=<optimized out>, pollem=1) at s_inter.c:230
#12 0x00000000004c1585 in sys_microsleep (microsec=<optimized out>) at s_inter.c:254
#13 0x00000000004b9fda in m_pollingscheduler () at m_sched.c:541
#14 m_mainloop () at m_sched.c:596
#15 0x00007ffff6dba830 in __libc_start_main (main=0x414aa0 <main>, argc=6, argv=0x7fffffffe048, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe038)
    at ../csu/libc-start.c:291
#16 0x0000000000414ad9 in _start ()


-------------- next part --------------
A non-text attachment was scrubbed...
Name: crashtest.zip
Type: application/zip
Size: 1377 bytes
Desc: not available
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20171001/1fc18ee0/attachment.zip>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: This is a digitally signed message part
URL: <http://lists.puredata.info/pipermail/pd-list/attachments/20171001/1fc18ee0/attachment.sig>

More information about the Pd-list mailing list