faad segfaults on amd64 due to incorrect pointer size

Bug #665802 reported by Rocko on 2010-10-24
20
This bug affects 3 people
Affects Status Importance Assigned to Milestone
faad2 (Debian)
Fix Released
Unknown
faad2 (Ubuntu)
Medium
Unassigned
Lucid
Medium
Unassigned

Bug Description

When I run faad on amd64 with the command line "faad -b 2 -f 2 -q -w AAC2AC3Temp.aac" (-b 2 indicating 24 bit output), I get a segmentation fault in fwrite. The same command on the same data works fine in a 32 bit system.

The problem is due to the write_audio_24bit() function in frontend/audio.c, which uses a long* pointer (ie which is 8 bytes on amd64 but only 4 on x86):

static int write_audio_24bit(audio_file *aufile, void *sample_buffer,
                             unsigned int samples)
{
    int ret;
    unsigned int i;
    long *sample_buffer24 = (long*)sample_buffer;
    char *data = malloc(samples*aufile->bits_per_sample*sizeof(char)/8);

Changing the definition of sample_buffer24 to make it an int* fixes the problem.

The function write_audio_32bit needs a similar change and stops the segfault happening if you use "-b 3" for 32 bit samples. (There is also similar code in aacDECdrop/audio.c but I'm not sure where that is used.)

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: faad 2.7-4
Uname: Linux 2.6.36-iwlwifi-unify-scan x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
CheckboxSubmission: 1bd8e90541d49b96c13cbfcc9baf103b
CheckboxSystem: d00f84de8a555815fa1c4660280da308
Date: Sun Oct 24 15:21:17 2010
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Alpha amd64 (20100224.1)
ProcEnviron:
 LANG=en_AU.utf8
 SHELL=/bin/bash
SourcePackage: faad2

Related branches

Rocko (rockorequin) wrote :
Rocko (rockorequin) wrote :

This patch (against faad 2.7 from sourceforge) stops the segfault. I tested it works on a 32 bit platform as well (as it should since int pointers are 4 bytes long on both LP64 and ILP32 platforms).

tags: added: patch
tags: added: patch-forwarded-debian
Changed in faad2 (Ubuntu):
importance: Undecided → Medium
Changed in faad2 (Ubuntu):
status: New → Triaged
tags: added: patch-forwarded-upstream
Changed in faad2 (Debian):
status: Unknown → Confirmed
Changed in faad2 (Debian):
status: Confirmed → Fix Released
Changed in faad2 (Ubuntu):
status: Triaged → In Progress
assignee: nobody → Alessio Treglia (quadrispro)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package faad2 - 2.7-6ubuntu1

---------------
faad2 (2.7-6ubuntu1) natty; urgency=low

  [ Angel Abad <email address hidden> ]
  * Merge from debian unstable (LP: #680474). Remaining changes:
    - debian/patches/fix_ftbfs_with_gcc4.5.patch
      + Correctly declare lrintf in libfaad/common.h to avoid a conflict of
        declaration in mathcalls.h to fix FTBFS on i386

  [ Bhavani Shankar <email address hidden> ]
  * Remove useless chunk from the patch I created above to fix FTBFS
    which happened due to my mistake. Sigh!

faad2 (2.7-6) unstable; urgency=high

  [ Alessio Treglia ]
  * Fix segmentation fault in faad due to an incorrect pointer size
    (Closes: #603807, LP: #665802).
  * Add gbp config file.

  [ Andres Mejia ]
  * Revert changes in 2.7-5. Upload of 2.7-5 was unintentionally done.
  * Refresh patches.
 -- Angel Abad <email address hidden> Tue, 23 Nov 2010 13:48:21 +0100

Changed in faad2 (Ubuntu):
status: In Progress → Fix Released
Tomas Herfert (herfik) wrote :

Hello,
it seems the same bug is in Ubuntu 10.04 (LTS).
Would it be possible to fix it also there?
Or should I create a new bug?

Thanks

Changed in faad2 (Ubuntu Lucid):
importance: Undecided → Medium
Changed in faad2 (Ubuntu):
assignee: Alessio Treglia (quadrispro) → nobody
Rolf Leggewie (r0lf) wrote :

lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix".

Changed in faad2 (Ubuntu Lucid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.