Ubuntu
csound package

csladspa 1:5.17.6~dfsg-1 breaks ausdacity and ardour

Bug #1001975 reported by Hans-Dominik
This bug report is a duplicate of:  Bug #990683: csladspa breaks ausdacity and ardour. Edit Remove
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
csound (Ubuntu)
New
Undecided
Unassigned

Bug Description

when installing csladspa i ubuntu precise audacity and ardour starts with segfault

#audacity
...
Cannot connect to server socket err = Verbindungsaufbau abgelehnt
Cannot connect to server socket
jack server is not running or cannot be started
Speicherzugriffsfehler (Speicherabzug geschrieben) --> Segfault

valgrind trace of audacity:

....

==31007== Address 0x8f46bb0 is 12 bytes after a block of size 220 alloc'd
==31007== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==31007== by 0x4586B3B: wxStringBase::AllocBuffer(unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4586BD3: wxStringBase::InitWith(wchar_t const*, unsigned int, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4586C5C: wxStringBase::wxStringBase(void const*, void const*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4588C23: wxString::Shrink() (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A70F: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x8F46663: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA4E8: __wcslen_sse2 (wcslen-sse2.S:101)
==31007== by 0x45888A3: wxStringBase::compare(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4589142: wxString::Cmp(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458B220: wxArrayString::Add(wxString const&, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x835AA86: LoadLadspaPlugins() (LoadLadspa.cpp:151)
==31007== by 0x9628653: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA4A2: __wcslen_sse2 (wcslen-sse2.S:77)
==31007== by 0x5528354: __vswprintf_chk (vswprintf_chk.c:63)
==31007== by 0x45A1DAD: wxVsnprintf(wchar_t*, unsigned int, wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A6B8: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x9694353: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA4E8: __wcslen_sse2 (wcslen-sse2.S:101)
==31007== by 0x5528354: __vswprintf_chk (vswprintf_chk.c:63)
==31007== by 0x45A1DAD: wxVsnprintf(wchar_t*, unsigned int, wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A6B8: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x9694353: ???
==31007==
==31007== Invalid read of size 8
==31007== at 0x54CA4B3: __wcslen_sse2 (wcslen-sse2.S:84)
==31007== by 0x45888A3: wxStringBase::compare(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4589142: wxString::Cmp(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458B220: wxArrayString::Add(wxString const&, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x835AA86: LoadLadspaPlugins() (LoadLadspa.cpp:151)
==31007== by 0x9694353: ???
==31007== Address 0x9111ad8 is 152 bytes inside a block of size 156 alloc'd
==31007== at 0x402BE68: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==31007== by 0x4586B3B: wxStringBase::AllocBuffer(unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4586BD3: wxStringBase::InitWith(wchar_t const*, unsigned int, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4586C5C: wxStringBase::wxStringBase(void const*, void const*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4588C23: wxString::Shrink() (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A70F: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x9694353: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA48F: __wcslen_sse2 (wcslen-sse2.S:71)
==31007== by 0x5528354: __vswprintf_chk (vswprintf_chk.c:63)
==31007== by 0x45A1DAD: wxVsnprintf(wchar_t*, unsigned int, wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A6B8: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x969326B: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA48F: __wcslen_sse2 (wcslen-sse2.S:71)
==31007== by 0x45888A3: wxStringBase::compare(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4589142: wxString::Cmp(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458B220: wxArrayString::Add(wxString const&, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x835AA86: LoadLadspaPlugins() (LoadLadspa.cpp:151)
==31007== by 0x5F16383: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA478: __wcslen_sse2 (wcslen-sse2.S:64)
==31007== by 0x45888A3: wxStringBase::compare(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x4589142: wxString::Cmp(wchar_t const*) const (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458B220: wxArrayString::Add(wxString const&, unsigned int) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x835AA86: LoadLadspaPlugins() (LoadLadspa.cpp:151)
==31007== by 0x96BE4C3: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA478: __wcslen_sse2 (wcslen-sse2.S:64)
==31007== by 0x4588D29: wxString::UngetWriteBuf() (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A703: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x963A2AB: ???
==31007==
==31007== Conditional jump or move depends on uninitialised value(s)
==31007== at 0x54CA507: __wcslen_sse2 (wcslen-sse2.S:113)
==31007== by 0x5528354: __vswprintf_chk (vswprintf_chk.c:63)
==31007== by 0x45A1DAD: wxVsnprintf(wchar_t*, unsigned int, wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A6B8: wxString::PrintfV(wchar_t const*, char*) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x458A81B: wxString::Format(wchar_t const*, ...) (in /usr/lib/i386-linux-gnu/libwx_baseu-2.8.so.0.8.0)
==31007== by 0x98B0723: ???
==31007==
==31007== Invalid read of size 1
==31007== at 0x402EC7D: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==31007== by 0xC314583: ??? (in /usr/lib/ladspa/csladspa.so)
==31007== by 0xC314B79: ladspa_descriptor (in /usr/lib/ladspa/csladspa.so)
==31007== by 0x835A978: LoadLadspaPlugins() (LoadLadspa.cpp:146)
==31007== by 0xA102EC3: ???
==31007== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==31007==
==31007==
==31007== Process terminating with default action of signal 11 (SIGSEGV)
==31007== Access not within mapped region at address 0x0
==31007== at 0x402EC7D: __strcpy_chk (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==31007== by 0xC314583: ??? (in /usr/lib/ladspa/csladspa.so)
==31007== by 0xC314B79: ladspa_descriptor (in /usr/lib/ladspa/csladspa.so)
==31007== by 0x835A978: LoadLadspaPlugins() (LoadLadspa.cpp:146)
==31007== by 0xA102EC3: ???
==31007== If you believe this happened as a result of a stack
==31007== overflow in your program's main thread (unlikely but
==31007== possible), you can try to increase the size of the
==31007== main thread stack using the --main-stacksize= flag.
==31007== The main thread stack size used in this run was 8388608.
==31007==
==31007== HEAP SUMMARY:
==31007== in use at exit: 3,968,396 bytes in 27,240 blocks
==31007== total heap usage: 300,242 allocs, 273,002 frees, 83,901,326 bytes allocated
==31007==
==31007== LEAK SUMMARY:
==31007== definitely lost: 1,397 bytes in 8 blocks
==31007== indirectly lost: 4,160 bytes in 214 blocks
==31007== possibly lost: 1,450,864 bytes in 10,294 blocks
==31007== still reachable: 2,511,975 bytes in 16,724 blocks
==31007== suppressed: 0 bytes in 0 blocks
==31007== Rerun with --leak-check=full to see details of leaked memory
==31007==
==31007== For counts of detected and suppressed errors, rerun with: -v
==31007== Use --track-origins=yes to see where uninitialised values come from
==31007== ERROR SUMMARY: 64802 errors from 195 contexts (suppressed: 0 from 0)

Tags: patch segfault
Revision history for this message
Ronald J. Wright (logiconcepts819) wrote :

I was also having trouble launching Audacity until I found a fix. Apparently, the problem boiled down to the unsafe use of the strcpy function in the csladspa frontend (line 417 in csound-5.17.6~dfsg/frontends/csladspa/csladspa.cpp). The segmentation fault that caused Audacity to crash occurred because the program was attempting to copy a NULL return value from the getenv function to a character array. Now, with the fix applied, the copy operation is performed only if the getenv function returned a non-NULL value. Also, the strcpy function has been replaced with the safer strncpy function. You can view the fix that I found at http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=72c5b0c9fbdf5a686196292211d0dabd3b384c0f. Attached is the patch that may fix your issue.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "fix_csladspa_sigsegv.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.