[Natty] Strange beeping sound when viewing flash video

Description of problem:
Strange sound when playing mp3 on website using flash (using Shockwave Flash 10.2 d161).
Tested and work fine on Youtube ( no strange sound )

[JC1DA@jc1da-laptop ~]$ dmesg | grep realtek
ALSA sound/pci/hda/patch_realtek.c:1358: realtek: No valid SSID, checking pincfg 0x411111f0 for NID 0x1d
ALSA sound/pci/hda/patch_realtek.c:1441: realtek: Enable default setup for auto mode as fallback

Version-Release number of selected component (if applicable):

How reproducible:
terrible sound on this site
http://mp3.zing.vn/mp3/nghe-bai-hat/Tennessee-Line-Daughtry.IW6WUFWE.html

Steps to Reproduce:
1.
2.
3.

Actual results:
terrible sound

Expected results:
good as on Fedora 13

Additional info:

Try as I might, I cannot see how this report is related to the soundtracker package. Could you elaborate on that?

sorry wrong Component

*** Bug 638678 has been marked as a duplicate of this bug. ***

Have you confirmed that F13 works the same *with the same version of flash*?

No, F13 works fine with Shockwave Flash 10.2 d161

One more things, I used RhythmBox to play mp3, flac files, it works fine ... no strange sound like on some flash websites(exclude youtube)

I am hearing similar symptoms with a different sound card (64-bit flash preview gives jumpy sound for some sites in F14, but the same flash works in F13).
lspci -vs 00:1b.0 gives
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 02)
 Subsystem: Dell Device 022f
 Flags: bus master, fast devsel, latency 0, IRQ 47
 Memory at fe9fc000 (64-bit, non-prefetchable) [size=16K]
 Capabilities: [50] Power Management version 2
 Capabilities: [60] MSI: Enable+ Count=1/1 Maskable- 64bit+
 Capabilities: [70] Express Root Complex Integrated Endpoint, MSI 00
 Capabilities: [100] Virtual Channel
 Capabilities: [130] Root Complex Link
 Kernel driver in use: HDA Intel
 Kernel modules: snd-hda-intel

I see this as well. Sounds like clipping or some really bad sample rate frequency conversion. I also use the preview 64-bit adobe flash, and it doesn't happen for everything (not local mp3 players, for example).

It doesn't seem to happen with most (all?) youtube videos, but happens commonly with other sources. The example given in comment #1 is a good example, and breaks for me too. If I had to guess, I'd think some flash audio is using a different sample rate (or bits per sample), and the conversion is buggered.

F13 worked with the same flash binary.

And yes, I'm using Intel HDA too. Probably not related, though.

00:1b.0 Audio device: Intel Corporation 5 Series/3400 Series Chipset High Definition Audio (rev 06)

Happens to me as well
Also in youtube 240p quality, not in higher, so I think might be the "bad sample rate frequency conversion" as in comment #8.

Flash 64bit version 10.2 d161

$ lspci -vs 1b
00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
 Subsystem: Lenovo Device 20f2
 Flags: bus master, fast devsel, latency 0, IRQ 50
 Memory at fc020000 (64-bit, non-prefetchable) [size=16K]
 Capabilities: <access denied>
 Kernel driver in use: HDA Intel
 Kernel modules: snd-hda-intel

Turning off power_save in snd-hda-intel seems to fix this in a quick test for me. Not sure what's causing it to be an issue in this combination.

... perhaps not. It fixed it until the next stream opened.

That being said, if I remove pulseaudio, where flash accesses the sound device directly, the audio still stutters. Assigning to the kernel for the driver.

There is a problem with the kernel driver theory. If I boot an F14 install with an F12 based kernel then I still get the broken sound.

(In reply to comment #13)
> There is a problem with the kernel driver theory. If I boot an F14 install with
> an F12 based kernel then I still get the broken sound.

Also, I did a "yum upgrade" from F13 to F14, and since I (obviously) always compile my own kernels, I can say that both the kernel and the libfrashplayer.so binary stayed constant over the upgrade - yet the problem did not exist in F13.

So while it may be somehow tied to the kernel or to libflashplayer, it is definitely something in Fedora-14 that triggers the problem.

On a suggestion from Takashi Iwai I tried to "downgrade" alsa-lib to the F13 version (I say "downgrade", because the version number seems to be the same in F13 and F14), and that didn't make any difference.

So it isn't the kernel, it's not libflashplayer.so, and it doesn't seem to be alsa-lib. If it's not pulseaudio, then what else is involved in sound generation?

The trigger of the problem is the glibc version. If I start with F13 (sounds works) and then upgrade to the F14 glibc and nscd packages the sound starts breaking up. If I downgrade to F13 glibc again the sound works again. However it isn't obvious to me why that should make a difference.

The reverse is also true. The sound is good with F13 glibc (2.12.1-4) on F14. I have been hunting through glibc versions. The sound was good with glibc-2.12.90-3 but first started sounding corrupted with glibc-2.12.90-4.

valgrind?

Created attachment 457145
Valgrind output

This is with seamonkey running the 64-bit flash plugin preview.

I see no valgrind of flash player.

What options would you suggest to capture it? I was running valgrind --trace-children=yes --leak-check=full -v seamonkey

Please trace the process that creates the sound.

Created attachment 457151
Valgrind output

seamonkey is the process that produces the sound, via the flash plugin. I am attaching a second valgrind trace, removing nspluginwrapper from the process in case that improves the trace.

Actually the sound is better when seamonkey is run under valgrind, so it is possible that the hooks valgrind puts in to do its monitoring is bypassing the problem.

Please check that there are no calls to memcpy with overlapping regions.

How can I do that?

I am also getting the issue, but only with the 64bit version of flash (either the square release or latest stable). If I use the 32bit and wrap it as per http://fedoraproject.org/wiki/Flash , either version of square or release works perfectly. Seems it happens just with the 64bit flash plugin.

I am also on hda-intel but not sure if that matters at all.
lspci -vs 1b
00:1b.0 Audio device: Intel Corporation 82801I (ICH9 Family) HD Audio Controller (rev 03)
 Subsystem: Dell Device 0233
 Flags: bus master, fast devsel, latency 0, IRQ 49
 Memory at f6adc000 (64-bit, non-prefetchable) [size=16K]
 Capabilities: <access denied>
 Kernel driver in use: HDA Intel
 Kernel modules: snd-hda-intel

I can also confirm (as in comment 25) that I only get this issue with the 64-bit version of the plugin, but using the 32-bit wrapped plugin works fine.

I also (like everyone?) have an intel card:

lspci -vs 1b
00:1b.0 Audio device: Intel Corporation 82801JI (ICH10 Family) HD Audio Controller
 Subsystem: ASUSTeK Computer Inc. Device 82fe
 Flags: bus master, fast devsel, latency 0, IRQ 45
 Memory at fe3f4000 (64-bit, non-prefetchable) [size=16K]
 Capabilities: <access denied>
 Kernel driver in use: HDA Intel
 Kernel modules: snd-hda-intel

I confirm that it works fine with the 64 bit version of flash ... 32 bit wrapped plugins just fine ...

I can confirm as well. Using a Creative card.

lspci -vs 03.0
04:03.0 Multimedia audio controller: Creative Labs CA0106 Soundblaster
 Subsystem: Creative Labs SB0570 [SB Audigy SE]
 Flags: bus master, medium devsel, latency 64, IRQ 19
 I/O ports at cca0 [size=32]
 Capabilities: <access denied>
 Kernel driver in use: CA0106
 Kernel modules: snd-ca0106

Just adding another me too (on Fedora 14). Temporarily turning off selinux and doing

LD_PRELOAD="/dev/shm/glibc-2.12.1-4/lib64/libc.so.6 /dev/shm/glibc-2.12.1-4/lib64/libpthread.so.0" chromium-browser --app=http://news.bbc.co.uk/1/hi/entertainment/8266142.stm

didn't produce the distorted sound (I used chromium so that the LD_PRELOAD environment variable would actually be passed to the flash plugin). Looking at the changelog for glibc-2.12.90-4 shows:

* Fri Jul 02 2010 Andreas Schwab <email address hidden> - 2.12.90-4
- Update from master
  - Work around kernel rejecting valid absolute timestamps
  - Improve 64bit memcpy/memmove for Atom, Core 2 and Core i7
  - Fix error handling in Linux getlogin*
- Workaround assembler bug sneaking in nopl (#579838)
- Fix scope handling during dl_close
- Fix setxid race handling exiting threads

It would be interesting to know if this is happening on AMD 64 bit machine. It is interesting that previous comments suggest the 32 bit flash does not seem to be demonstrating this problem.

I used chromium to run valgrind on the flash plugin ( chromium-browser --plugin-launcher="valgrind" --app=http://news.bbc.co.uk/1/hi/entertainment/8266142.stm --no-sandbox ). Large amounts of
"Conditional jump or move depends on uninitialised value(s)"
went past but just before it started outputting sound the following came up:

==2100== Conditional jump or move depends on uninitialised value(s)
==2100== at 0x1B2E9361: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF89F92: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF8A784: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF8F8CA: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF916E0: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF5FF4A: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF61ABD: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF61AD2: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF18AC7: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF18BE4: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF80D43: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AE7126A: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100==
==2100== Thread 9:
==2100== Source and destination overlap in memcpy(0x256d7170, 0x256d7570, 1280)
==2100== at 0x4A06A3A: memcpy (mc_replace_strmem.c:497)
==2100== by 0x1B122B87: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1B1230DF: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1B1232C5: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF491F0: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1AF4AFDA: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1B06DA69: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1B06EA23: ??? (in /usr/lib64/mozilla/plugins/libflashplayer.so)
==2100== by 0x1EF26D88: write_data (flashsupport.c:872)
==2...

(I forgot to say, the machine I'm using is an Intel Core 2 laptop with an Intel Corporation N10/ICH 7 Family High Definition Audio Controller (rev 02))

(In reply to comment #29)
> Looking at the changelog for glibc-2.12.90-4 shows:
>
> * Fri Jul 02 2010 Andreas Schwab <email address hidden> - 2.12.90-4
> [...]
> - Improve 64bit memcpy/memmove for Atom, Core 2 and Core i7
> [...]
> I used chromium to run valgrind on the flash plugin [...]
> ==2100== Thread 9:
> ==2100== Source and destination overlap in memcpy(0x256d7170, 0x256d7570, 1280)
> ==2100== at 0x4A06A3A: memcpy (mc_replace_strmem.c:497)

That does look like a very possible smoking gun.

Normally, a memcpy that copies _downwards_ (like the one above) will work
perfectly well in practice, because the "natural" way to do memcpy() by making
it just copy things upwards will "just work" even for the overlapping case.

So it would be a bug to use memcpy for overlapping areas, but it would be a
bug that normally would never show up.

But if the new improved 64bit memcpy started copying things backwards, it might
cause trouble with such an overlapping memcpy user.

[ That said - why the heck would you ever do memcpy() backwards? Things like
  automatic prefetchers usually work better for the "natural" patterns, so a
  backwards memcpy is generally a bad thing to do unless you have some active
  reason for it, like doing a memmove() ]

> On a related note, is there a glibc environment flag that can be set to force a
> generic memcpy routine to run?

Indeed, that would be very interesting to see.

Andreas?

Linus is right - looking at the memcpy patch comments ( http://article.gmane.org/gmane.comp.lib.glibc.alpha/1527 ) shows it is going backwards. One of the CPU feature tests that must pass before this memcpy is used is called HAS_FAST_COPY_BACKWARD.

Sorry, the link should have been http://article.gmane.org/gmane.comp.lib.glibc.alpha/15278 .

Tell adobe.

https://bugs.adobe.com/jira/browse/FP-5739

If someone knows how to make Adobe pay more attention than usual, this would be perfect.

I did notice a forum post http://forums.adobe.com/thread/748698?tstart=0 which it might be worth adding a comment to if you have a suitable account to do so. It might also be explicitly pointing to the memcpy man page which says it shouldn't be used for overlapping regions so that Adobe realize they are doing something broken which just happened to work previously.

MEMCPY(3) Linux Programmer's Manual MEMCPY(3)

NAME
       memcpy - copy memory area

SYNOPSIS
       #include <string.h>

       void *memcpy(void *dest, const void *src, size_t n);

DESCRIPTION
       The memcpy() function copies n bytes from memory area src to memory
       area dest. The memory areas should not overlap. Use memmove(3) if the
       memory areas do overlap.

....

So in the kernel we have a pretty strict "no regressions" rule, and that if people depend on interfaces we exported having side effects that weren't intentional, we try to fix things so that they still work unless there is a major reason not to.

So I'm disappointed glibc just closes this as NOTABUG. There's no real reason to do the copy backwards that I can see, so doing it that way is just stupid.

But whatever. You can do a LD_PRELOAD trick to get a sane memcpy(), and it does indeed fix the sound for me. Just do something like this:

    prompt$ cat > mymemcpy.c
    #include <sys/types.h>

    void *memcpy(void *dst, const void *src, size_t size)
    {
 void *orig = dst;
 asm volatile("rep ; movsq"
  :"=D" (dst), "=S" (src)
  :"0" (dst), "1" (src), "c" (size >> 3)
  :"memory");
 asm volatile("rep ; movsb"
  :"=D" (dst), "=S" (src)
  :"0" (dst), "1" (src), "c" (size & 7)
  :"memory");
 return orig;
    }
    ^D
    prompt$ gcc -O2 -c mymemcpy.c
    prompt$ ld -G mymemcpy.o -o mymemcpy.so
    prompt$ LD_PRELOAD mymemcpy.so /opt/google/chrome/google-chrome &

and it does seem to work. Not a lot of testing, but at least TED-talks work for me again (and I tested the Daughtry thing too, although I am not convinced it sounds all that much better without the sound corruption).

The only stupidity is crap software violating well known rules that have existed forever.

(In reply to comment #39)
> The only stupidity is crap software violating well known rules that have
> existed forever.

Umm. Bugs happen. That's a fact.

You can call it "crap software" all you like, but the thing is, if memcpy doesn't warn about overlaps, there's no test coverage, and in that case even well-designed software will have bugs.

Then the question becomes one of "Why break it?"

I have yet to hear the actual _reason_ for making the change to memcpy. We know what the downside is. What's the upside?

See comment 29. This is well known.

Andreas - I know it's a well-known issue. That doesn't change anything at all. Read my comment: bugs happen.

What's the upside of breaking things? That's all I'm asking for.

The upside is (ought to be) faster memcpy, which is something that helps a lot of apps. Recent glibcs use STT_GNU_IFUNC magic to select one out of several different versions of many of the common string/memory ops as well as a few other functions, depending on what CPU is used.

Jakub:
Is there a way to force the function STT_GNU_IFUNC runs for glibc to select a different version based on an environment variable (I searched the web a few days ago but turned up nothing)?

No (except for LD_PRELOAD).
The thing is, the IFUNC decision function can be only very limited, it is called during relocation processing, so it can't rely too much on relocation processing having been performed already. And it must be very fast and thread-safe, doing getenv there would be very problematic. It usually just either tests cpuid flags or tests saved cpuid flags and vars computed from that.
Plus, each of the function usually has a different set of decisions, there is no common notion of oldest etc.

(In reply to comment #43)
> The upside is (ought to be) faster memcpy, which is something that helps a lot
> of apps.

Hey, I'm a big believer in fast memcpy's, I just don't believe that going
backwards helps performance.

In the kernel, the optimized x86 memcpy we use is actually a memmove(), because while performance is really important, so is repeatability and avoiding surprises (strictly speaking, we have two: the "rep movs" version for the case where that is supposed to be fast, and the open-coded copy version. The "rep movs" version is forwards-only and doesn't handle overlapping areas).

I dunno. I just tested my stupid "mymemcpy.so" against the glibc memcpy() on the particular kind of memcpy that valgrid reports (16-byte aligned 1280-byte memcpy).

I did both cached (same block over and over) and non-cached (a million blocks in sequence).

For the cached case my stupid LD_PRELOAD version was consistently a bit faster.

The noise on the non-cached case was larger, but the glibc memcpy may have been faster. I say "may have been" because it went both ways: I did ten runs, and my LD_PRELOAD one still won 6 out of those 10 runs, but the noise was large enough that I will allow that I'm not going to guarantee anything.

Do I have a point? I bothered to _measure_ the speed, and according to my measurements, glibc wasn't any faster than my trivial version and was likely slower. But I only tested two cases.

Regardless, it boils down to: we know the glibc change resulted in problems for real users. We do _not_ know that it helped anything at all.

And in the end, the big question is simple:

Are you seriously going to do a Fedora-14 release with a known non-working flash player?

Then, of course, there is the wacked out side effects STT_GNU_IFUNC has
when you are running a process in a virtual machine and try to live migrate
it to a slightly different architecture host :-). Glibc is trying to be
too clever for anyone's good.

(In reply to comment #47)

I doubt that is much of a problem in practice, since it's presumably done once at process startup, so live migration at worst just means that you might have the slightly differently optimized version running.

And if you depend on actual semantic issues (ie "does this machine support SSE4"), then that just means that you'd better live migrate between machines that are sufficiently similar for that to all work.

So no, I don't think live migration is likely to be a big issue. Not compared to "flash doesn't work right".

(In reply to comment #38)
> prompt$ gcc -O2 -c mymemcpy.c
> prompt$ ld -G mymemcpy.o -o mymemcpy.so
> prompt$ LD_PRELOAD mymemcpy.so /opt/google/chrome/google-chrome &

For anyone that is having issues following this, change
prompt$ LD_PRELOAD mymemcpy.so /opt/google/chrome/google-chrome &
to
prompt$ LD_PRELOAD=mymemcpy.so /opt/google/chrome/google-chrome &

A note:
I myself did have issues using this fix, I got 6 instances of this error message:
ERROR: ld.so: object 'mymemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.

(In reply to comment #49)
I had no issues compiling it, no real clues (for me, a non-programmer).
Running 2.6.35.6-48.fc14.x86_64, glibc-2.12.90-18

Try something like this:
LD_PRELOAD=/full/path/to/mymemcpy.so /opt/google/chrome/google-chrome &

or for firefox:
LD_PRELOAD=/full/path/to/mymemcpy.so /usr/bin/firefox &

(In reply to comment #49)
>
> I myself did have issues using this fix, I got 6 instances of this error
> message:
> ERROR: ld.so: object 'mymemcpy.so' from LD_PRELOAD cannot be preloaded:
> ignored.

Try giving it the whole absolute pathname.

I should really have cut-and-pasted my actual command lines rather than try to
write them out and getting them wrong. My actual command line was really

  LD_PRELOAD=/home/torvalds/mymemcpy.so /opt/google/chrome/google-chrome &

but you'd obviously have to fix that "/home/torvalds" part to match where-ever
you end up installing that .so file.

The nicest alternative might be to just install that mymemcpy.so into the
google chrome directory, and add the LD_PRELOAD to the wrapper shell script
that google chrome already uses for the xdg binaries and the ffmpeg library.

And obviously something similar should work for firefox. I just happen to use
chrome, so I gave the directions (approximate as they were) for the thing I
tried.

No guarantees. It was a really quick hack.

(In reply to comment #52)
> Try giving it the whole absolute pathname.
That was it :-) Works great for me. Thanks Linus!

So, here's how to bypass the bug (without downgrading glibc), using Google Chrome.

Follow the instructions in comment #38 except for the last intruction, replace:
prompt$ LD_PRELOAD mymemcpy.so /opt/google/chrome/google-chrome &
with
prompt$ LD_PRELOAD=$(pwd)/mymemcpy.so /opt/google/chrome/google-chrome &

Verified that this fix works for Firefox as well.

Just replace
LD_PRELOAD=$(pwd)/mymemcpy.so /opt/google/chrome/google-chrome &
with
LD_PRELOAD=$(pwd)/mymemcpy.so /usr/bin/firefox &

(Make sure you've shutdown all running copies of firefox before doing this)

I'm sure thousands of people will find their way here, so, here's a quicky. To bypass this issue (which is an issue in Adobe Flash), you may run the below "fix" brought forth in comment #38

1. Cut and paste this into a prompt:
---Cut below---
cat > $HOME/Downloads/linusmemcpy.c <<EOF
#include <sys/types.h>

void *memcpy(void *dst, const void *src, size_t size)
{
void *orig = dst;
asm volatile("rep ; movsq"
:"=D" (dst), "=S" (src)
:"0" (dst), "1" (src), "c" (size >> 3)
:"memory");
asm volatile("rep ; movsb"
:"=D" (dst), "=S" (src)
:"0" (dst), "1" (src), "c" (size & 7)
:"memory");
return orig;
}
EOF
cd $HOME/Downloads
gcc -O2 -c linusmemcpy.c
ld -G linusmemcpy.o -o linusmemcpy.so
---Stop cutting here---

2. Shutdown any running copies of your webbrowser.

3. Until a Adobe has fixed their Flash player, start your webbrowser as below:

For Firefox users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/firefox &

For Google Chrome users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /opt/google/chrome/google-chrome &

(In reply to comment #38)

Thank you for this neat workaround. Flash is now as happy as can be expected. In spite of the NOTABUG, hopefully the glibc developers or Fedora will come up with a more permanent solution because if we have to wait for Adobe to fix flash, hell in several dimensions will have frozen over multiple times.

Bypass fixed my problem as well, thanks!

For Firefox users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/firefox &

For Google Chrome users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /opt/google/chrome/google-chrome &

and for opera users?

LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera &

LD_PRELOAD works for me an FF. Thanks, Linus.

Tag.

This fix does not work for me.

[1037][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.

If you're running with SELinux, you'd need to set the file context on the shared object correctly.

chcon --reference=/lib64/libc.so.6 <your file>

This still does not work for me after:

chcon --reference=/lib64/libc.so.6 <your file>

What exactly is this code doing?

(In reply to comment #61)
> This fix does not work for me.
>
>
> [1037][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object
> '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded:
> ignored.
> ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> cannot be preloaded: ignored.
> ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> cannot be preloaded: ignored.
> ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> cannot be preloaded: ignored.
> ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> cannot be preloaded: ignored.

Make sure linusmemcpy.so is in /home/neil/Downloads, otherwise copy it there or type the right path.

LD_PRELOAD=/full/path/to/linusmymemcpy.so /usr/bin/opera &

(In reply to comment #64)
> (In reply to comment #61)
> > This fix does not work for me.
> >
> >
> > [1037][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object
> > '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded:
> > ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
>
> Make sure linusmemcpy.so is in /home/neil/Downloads, otherwise copy it there or
> type the right path.
>
> LD_PRELOAD=/full/path/to/linusmymemcpy.so /usr/bin/opera &

Everything is where it should be:

[1102][neil@neil-laptop:~/Downloads]$ locate linusmemcpy.so
/home/neil/Downloads/linusmemcpy.so
[1102][neil@neil-laptop:~/Downloads]$ chcon --reference=/lib64/libc.so.6 /home/neil/Downloads/linusmemcpy.so
[1102][neil@neil-laptop:~/Downloads]$ LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera &
[2] 14013
[1] Done LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera
[1103][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.

Sorry to be a pain. My system doesn't seem like this. This does work great for Firefox though. It's just Opera.

(In reply to comment #63)
> This still does not work for me after:
>
> chcon --reference=/lib64/libc.so.6 <your file>

Just to be clear, replace '<your file>' with the path to your shared object (in your case /home/neil/Downloads/linusmemcpy.so ... change as necessary.)

> What exactly is this code doing?

Setting the SELinux context so that it's treated as a shared object with code as opposed to just a normal file.

(In reply to comment #64)
> (In reply to comment #61)
> > This fix does not work for me.
> >
> >
> > [1037][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object
> > '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded:
> > ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
> > ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD
> > cannot be preloaded: ignored.
>
> Make sure linusmemcpy.so is in /home/neil/Downloads, otherwise copy it there or
> type the right path.
>
> LD_PRELOAD=/full/path/to/linusmymemcpy.so /usr/bin/opera &

Everything is where it should be:

[1102][neil@neil-laptop:~/Downloads]$ locate linusmemcpy.so
/home/neil/Downloads/linusmemcpy.so
[1102][neil@neil-laptop:~/Downloads]$ chcon --reference=/lib64/libc.so.6 /home/neil/Downloads/linusmemcpy.so
[1102][neil@neil-laptop:~/Downloads]$ LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera &
[2] 14013
[1] Done LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera
[1103][neil@neil-laptop:~/Downloads]$ ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object '/home/neil/Downloads/linusmemcpy.so' from LD_PRELOAD cannot be preloaded: ignored.

Sorry to be a pain. My system doesn't seem like this. This does work great for Firefox though. It's just Opera.

AAArrrrggg. Sorry about the double post. To be perfectly clear on my end, this is the exact command I am issuing:

chcon --reference=/lib64/libc.so.6 ~/Downloads/linusmemcpy.c

the exact location of linusmemcpy.c is /home/neil/Downloads

and the exact command to launch Opera:

LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/opera &

And by "What exactly is this code doing?" I was referring to the contents of linusmemcpy.c. I understand the SELinux issue.

Neil:
file `which opera`

If it's a script which plays with LD_LIBRARY_PATH this may be why you are struggling to get it working.

(In reply to comment #69)
> Neil:
> file `which opera`
>
> If it's a script which plays with LD_LIBRARY_PATH this may be why you are
> struggling to get it working.

[1843][neil@neil-laptop:~]$ file `which opera`
/usr/bin/opera: POSIX shell script text executable

The contents of said "POSIX shell script" are:

#!/bin/sh
export OPERA_DIR=${OPERA_DIR:-/usr/share/opera}
exec /usr/lib/opera/opera "$@"

This is just a shell script that points to "/usr/lib/opera/opera"? I'm not quite sure I get the reason behind this.

I appreciate all the assistance. I'll just have to wait for the official update. If I really can't handle the sound I'll just use FF for the time being.

*sigh*...why does Opera always have to be so damn difficult?...

Add:

export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so

to the Opera shell script so it looks like:

#!/bin/sh
export OPERA_DIR=${OPERA_DIR:-/usr/share/opera}
export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so
exec /usr/lib/opera/opera "$@"

That should do the trick.

(In reply to comment #71)
> Add:
>
> export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so
>
> to the Opera shell script so it looks like:
>
> #!/bin/sh
> export OPERA_DIR=${OPERA_DIR:-/usr/share/opera}
> export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so
> exec /usr/lib/opera/opera "$@"
>
> That should do the trick.

THAT DID IT! Thank you so much. I should have thought to try that. I shall share this wealth of knowledge.

So this bug is marked NOTABUG, yet on the adobe forum, it's still asserted that the bug is in glibc (obviously not strictly correct but that's the conclusion there).

I don't see any bug report in the adobe bug database against flash:

https://bugs.adobe.com/jira/secure/IssueNavigator.jspa?header=FP

Seems like a bug should have been officially submitted to adobe before this bug report got moved to NOTABUG.

It's great that there is a workaround, but expecting all fedora 14 users to compile and maintain their own memcpy until adobe realizes what is wrong is not a very good situation.

64bit Fedora 14 is pretty much broken on machines with
SSE4.2. I ran into random crashes with 64bit Fedora 14 on
Intel Core i7. It turns out that 64bit strncasecmp
is broken on machines with SSE 4.2:

https://bugzilla.redhat.com/show_bug.cgi?id=651638

Ah, sorry I missed
https://bugs.adobe.com/jira/browse/FP-5739
somehow didn't show up in my searches at first.

This bug is mentioned here, in comment 35 to be precise.

Just for the record, the problem playing music and video on vkontakte.ru (a.k.a. vk.com) is also due to this. I tested the site extensively in Firefox with mymemcpy.so preloaded, and almost everything was fine. I was able to get one video to produce the noise, so there must be another, less common problem unrelated to this issue. However, almost everything would play correctly, whereas without mymemcpy.so, I would be lucky if any soundtrack would play.

(In reply to comment #40)
>
> You can call it "crap software" all you like, but the thing is, if memcpy
> doesn't warn about overlaps, there's no test coverage

So let's just add an abort() call to memcpy if it is detected that the areas overlap. Doing so is within the C specification and will surely get everybody their test coverage. Performance degradation, I hear? Limit it to -D_FORTIFY_SOURCE then maybe.

(In reply to comment #37)

> DESCRIPTION
> The memcpy() function copies n bytes from memory area src to memory
> area dest. The memory areas should not overlap.

I read that as saying "should". Not "must". memcpy should copy n bytes from memory area src to memory area dest, even if the addresses overlap.

Is it possible to use symbol versioning to provide applications built against new glibcs with the faster memcpy, without breaking buggy applications that rely on the old behaviour?

(In reply to comment #46)

> The noise on the non-cached case was larger, but the glibc memcpy may have been
> faster. I say "may have been" because it went both ways: I did ten runs, and my
> LD_PRELOAD one still won 6 out of those 10 runs, but the noise was large enough
> that I will allow that I'm not going to guarantee anything.

Out of curiosity, on which CPU what this?

(In reply to comment #79)

If you prefer, the POSIX man page for memcpy states: "If copying takes place between objects that overlap, the behavior is undefined." The change history is: "First released in Issue 1. Derived from Issue 1 of the SVID."

http://www.opengroup.org/onlinepubs/009695399/functions/memcpy.html

A quick Google search shows this to be the preferred language. I'm not sure why it differs in the Linux man pages. 'Should' is semantically meaningless - it is either predictable or it is not.

The BSD man page [1993] corroborates:

http://www.unix.com/man-page/FreeBSD/3/memcpy/

BUGS
     In this implementation memcpy() is implemented using bcopy(3), and there-
     fore the strings may overlap. On other systems, copying overlapping
     strings may produce surprises. Programs intended to be portable should
     use memmove(3) when src and dst may overlap.

And here the text from an old version of the GNU C library documentation:

http://www.cs.utah.edu/dept/old/texinfo/glibc-manual-0.02/library_5.html#SEC61

Function: void * memcpy (void *to, const void *from, size_t size)

The memcpy function copies size bytes from the object beginning at from into the object beginning at to. The behavior of this function is undefined if the two arrays to and from overlap; use memmove instead if overlapping is possible.

For others looking back, I also have to note that you omitted the rest of the text from comment #37, which states: "Use memmove(3) if the memory areas do overlap."

> If you prefer, the POSIX man page for memcpy states: "If copying takes
> place between objects that overlap, the behavior is undefined."

Yes, for POSIX compliance, it is necessary to assume that the behaviour is
undefined. I doubt, though, that Adobe is claiming POSIX conformance or
portability for its code.

I don't think we are talking about whether glibc/linux *may* change the
implementation while still staying POSIX compliant. We should be talking about
whether glibc/linux *should* change the current behaviour while programs exist
which don't follow the fine (but soft) advice of current documentation, and
will fail if that behaviour changes. That's an issue worthy of discussion,
which can't be decided by references to BSD documentation and POSIX standards.

(In reply to comment #83)

> Yes, for POSIX compliance, it is necessary to assume that the behaviour is
> undefined. I doubt, though, that Adobe is claiming POSIX conformance or
> portability for its code.

Forget POSIX. It's been like this for forever. K&R C book, 2nd edition, page 250.

(In reply to comment #46)
> (In reply to comment #43)
> > The upside is (ought to be) faster memcpy, which is something that helps a lot
> > of apps.
>
> Hey, I'm a big believer in fast memcpy's, I just don't believe that going
> backwards helps performance.
>
> In the kernel, the optimized x86 memcpy we use is actually a memmove(), because
> while performance is really important, so is repeatability and avoiding
> surprises (strictly speaking, we have two: the "rep movs" version for the case
> where that is supposed to be fast, and the open-coded copy version. The "rep
> movs" version is forwards-only and doesn't handle overlapping areas).
>
> I dunno. I just tested my stupid "mymemcpy.so" against the glibc memcpy() on
> the particular kind of memcpy that valgrid reports (16-byte aligned 1280-byte
> memcpy).
>
> I did both cached (same block over and over) and non-cached (a million blocks
> in sequence).
>
> For the cached case my stupid LD_PRELOAD version was consistently a bit faster.

The same Intel developers submitted a similar optimization to libpixman, and provided the following explanation when asked about about this copying backwards part:
http://lists.freedesktop.org/archives/pixman/2010-August/000423.html

I also was not totally convinced that the backwards copy is really the best solution for the problem:
http://lists.freedesktop.org/archives/pixman/2010-September/000465.html
http://lists.freedesktop.org/archives/pixman/2010-September/000469.html

(I'm sorry to jump in the middle of the discussion)

When a program is run under Valgrind it replaces memcpy with its own implementation:
http://code.google.com/p/valgrind-variant/source/browse/trunk/valgrind/memcheck/mc_replace_strmem.c#452

The latter is intentionally overlap-safe, so no surprise it 'fixes' the sound for you.
Plus it throws a Valgrind overlap report like those you've seen.

That's work for me.Thanks

I wonder if libflashsupport could be resurrected to deal with this and further breakages in Adobe flash player. The current libflashplayer code also adds jack support, which is another good thing:
http://repo.or.cz/w/libflashsupport-jack.git

(In reply to comment #54)
> Verified that this fix works for Firefox as well.
>
> Just replace
> LD_PRELOAD=$(pwd)/mymemcpy.so /opt/google/chrome/google-chrome &
> with
> LD_PRELOAD=$(pwd)/mymemcpy.so /usr/bin/firefox &
>
> (Make sure you've shutdown all running copies of firefox before doing this)

Success on two systems running firefox with this fix. Many thanks!

It would be interesting to see if the fix from Comment 19 of:
https://bugzilla.redhat.com/show_bug.cgi?id=651638#c19

Resolves this bug also. There is an updated glibc there.

> It would be interesting to see if the fix from Comment 19 of:
> https://bugzilla.redhat.com/show_bug.cgi?id=651638#c19
>
> Resolves this bug also.

I don't see 'resolve regressions in misused memcpy' in the changes list:

    Update from master

        * Fix memory leak in fnmatch
        * Support Intel processor model 6 and model 0x2c
        * Fix comparison in sqrtl for IBM long double
        * Fix one exit path in x86-64 SSE4.2 str{,n}casecmp (BZ#12205, #651638)
        * Fix warnings in __bswap_16 (BZ#12194)
        * Use IFUNC on x86-64 memset
        * Power7-optimized mempcpy
        * Handle uneven cache size in 32bit SSE2 memset (BZ#12191)
        * Verify in ttyname that the symlink is valid (BZ#12167)
        * Update Danish translations
        * Fix concurrency problem between dl_open and dl_iterate_phdr
        * Fix x86-64 strchr propagation of search byte into all bytes of SSE

    register (BZ#12159)

        * Fix perturbing in malloc on free (BZ#12140)
        * PPC/A2 optimized memcpy function
        * Add C99 FP_FAST_FMA{,F,L} macros to <math.h>
        * Check that the running kernel is new enough (#649589)

(In reply to comment #91)
> > It would be interesting to see if the fix from Comment 19 of:
> > https://bugzilla.redhat.com/show_bug.cgi?id=651638#c19
> >
> > Resolves this bug also.
>
> I don't see 'resolve regressions in misused memcpy' in the changes list:

That is why I thought it would be interesting to see if it actually does resolve the issue :)

I've tried glibc-2.12.90-19, as it doesn't fix the problem (quite expectedly).

Created attachment 460254
replace all memcpy calls with memmove calls in libflashplayer.so

I wrote this quick and dirty script last night after checking in on this bug report and reading the results. It fixes up the flash plugin to use memmove instead of memcpy across the board. Caveats:

1) The script takes a long time to run (although I don't really know how long since I went off and did other things while it ran)
2) There may be practical performance implications in using memmove where memcpy is okay not sure. Although, comment 46 suggests it may not be that bad of a hit.
3) It works okay for me in that my audio doesn't clip anymore on the one version of libflashplayer.so that I've tried it on, but I haven't done any significant testing.

(In reply to comment #94)
> Created attachment 460254 [details]
> replace all memcpy calls with memmove calls in libflashplayer.so
>

Thanks man, you script works fine for me too. Gonna send fixed plugin to my non-geek brother, who is using fedora only becouse its the only distro that recognises his old usb wifi dongle...

(In reply to comment #71)
> Add:
>
> export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so
>
> to the Opera shell script so it looks like:
>
> #!/bin/sh
> export OPERA_DIR=${OPERA_DIR:-/usr/share/opera}
> export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so
> exec /usr/lib/opera/opera "$@"
>
> That should do the trick.

In a similar vein, if you run your own version of Firefox, you can add export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so to the run-mozilla.sh file. For me, its in /opt/firefox/. If you scroll most of the way to the bottom of that file, you will see this:
export MOZILLA_FIVE_HOME LD_LIBRARY_PATH
export SHLIB_PATH LIBPATH LIBRARY_PATH ADDON_PATH DYLD_LIBRARY_PATH

Right below that, I added:
export LD_PRELOAD=$HOME/Downloads/linusmemcpy.so

And it works just fine just calling /opt/firefox/firefox, so you can use a toolbar launcher instead of having to launch it from the command line every time.

For a CLOSED NOTABUG bug report, seems to be a lot of traffic on it. Is ANYONE actually fixing this problem either in glibc or in Flash? This is ridiculuous.

(In reply to comment #46)
> (In reply to comment #43)
> > The upside is (ought to be) faster memcpy, which is something that helps a lot
> > of apps.
>
> Hey, I'm a big believer in fast memcpy's, I just don't believe that going
> backwards helps performance.
>

> Do I have a point? I bothered to _measure_ the speed, and according to my
> measurements, glibc wasn't any faster than my trivial version and was likely
> slower. But I only tested two cases.
>
> Regardless, it boils down to: we know the glibc change resulted in problems for
> real users. We do _not_ know that it helped anything at all.
>

The justification of the change was to make memcpy faster *on little processors*. So unless you tested on something other than your usual machine, it may not have given you the relevant data. You never seemed like an ATOM kind of guy. But checking for overlap is just competent software design, not rocket science. We did it in the MULTICS era (late 1960s) in assembler. Omitting a "will this work" check in a library seems shoddy.

The blow reason is why to use backward copy, it is good on Core2, NHM, Opteron.
glbc memcpy will prefer to backward/forward copy mode according to offset from source and destination.

Optimize memcpy by avoiding memory false dependece

All read operations after allocation stage can run speculatively,
all write operation will run in program order, and if addresses are
different read may run before older write operation, otherwise wait
until write commit. However CPU don't check each address bit,
so read could fail to recognize different address even they
are in different page.For example if rsi is 0xf004, rdi is 0xe008,
in following operation there will generate big performance latency.
1. movq (%rsi), %rax
2. movq %rax, (%rdi)
3. movq 8(%rsi), %rax
4. movq %rax, 8(%rdi)

If %rsi and rdi were in really the same meory page, there are TRUE
read-after-write dependence because instruction 2 write 0x008 and
instruction 3 read 0x00c, the two address are overlap partially.
Actually there are in different page and no any issues,
but without checking each address bit CPU could think they are
in the same page, and instruction 3 have to wait for instruction 2
to write data into cache from write buffer, then load data from cache,
the cost time read spent is equal to mfence instruction. We may avoid it by
tuning operation sequence as follow.

1. movq 8(%rsi), %rax
2. movq %rax, 8(%rdi)
3. movq (%rsi), %rax
4. movq %rax, (%rdi)

Instruction 3 read 0x004, instruction 2 write address 0x010, no any
dependence. At last on Core2 we gain 1.83x speedup compared with
original instruction sequence. In this patch we first handle small
size(less 20bytes), then jump to different copy mode. Based on our
micro-benchmark small bytes from 1 to 127 bytes, we got up to 2X
improvement, and up to 1.5X improvement for 1024 bytes on Corei7.

Thanks
Ling

Since the Atom processor is mentioned, I noticed that this problem didn't occur on my Toshiba netbook with a N455 atom processor, but was intolerable on a laptop with dual core Pentium, both with updated Fedora 14.

I am not much affected by this problem, but I do think if you are serious about offering Linux on the desktop, you have to either make it work with Adobe flash, or state publicly that you don't support it. The average user doesn't care squat about whether the coding follows the rules or arguments over who is responsible if it doesn't work. If it works on Win 7 and doesn't work on Fedora, it is Fedora and Linux that take the crap. Period.

I'd personally suggest that glibc just alias memcpy() to memmove().

Yes, clearly overlapping memcpy's are invalid code, but equally clearly they do happen. And from a user perspective, what's the advantage of doing the wrong thing when you could just do the right thing? Optimize the hell out of memmove(), by all means.

Of course, it would be even better if the distro also made it easy for developers to see the bad memcpy's, so that they can fix their apps. Even if they'd _work_ fine (due to the memcpy just doing the RightThing(tm)), fixing the app is also the right thing to do, and this would just make Fedora and glibc look good.

Rather than make it look bad in the eyes of users who really don't care _why_ flash doesn't work, they just see it not working right.

There is no advantage to being just difficult and saying "that app does something that it shouldn't do, so who cares?". That's not going to help the _user_, is it?

And what was the point of making a distro again? Was it to teach everybody a lesson, or was it to give the user a nice experience?

(In reply to comment #101)

> Of course, it would be even better if the distro also made it easy for
> developers to see the bad memcpy's, so that they can fix their apps. Even if
> they'd _work_ fine (due to the memcpy just doing the RightThing(tm)), fixing
> the app is also the right thing to do, and this would just make Fedora and
> glibc look good.
>

This is probably already done: using -D_FORTIFY_SOURCE=1 enable use of
__builtin___memcpy_chk()

From https://bugs.adobe.com/jira/browse/FP-5739
Shu Wang added a comment - 11/16/10 02:30 AM
Thanks very much for all your time to report the issue. Flash Player team is looking into it. Thanks.

I've emailed Shu Wang at Adobe to see if he can give a time estimate on fixing this.

Shu Wang at Adobe told me that the Flash Player team is actively investigating the issue. They have no time estimate to share yet. I'll update this BZ as I get updated information.

Here's the bomb:
Adobe says it may take months for them to fix this.

What is strange for a proprietary product ? :=) It is the norm.

I request this bug to be re-opened.

Seriously degraded flash, for months, in Fedora seems much to much for at least me. This may cause more than a few users to change to other Linux distributions.

Andreas Schwab, can you roll back this change or make it work with Adobe Flash by some other means?

Why not use f13 until Adobe releses an updated flash ?

(In reply to comment #110)
> Why not use f13 until Adobe releses an updated flash ?

...or downgrade glibc

There is now a FESCo ticket about this issue at https://fedorahosted.org/fesco/ticket/501

(In reply to comment #111)
> (In reply to comment #110)
> > Why not use f13 until Adobe releses an updated flash ?
>
> ...or downgrade glibc

Or use Ray Strode's script to patch libflashplayer.so ...

(In reply to comment #107)
> Here's the bomb:
> Adobe says it may take months for them to fix this.

Could you give a link to this statement? I couldn't see it in the adobe bug, and don't know where else to look.

(In reply to comment #114)
> (In reply to comment #107)
> > Here's the bomb:
> > Adobe says it may take months for them to fix this.
>
> Could you give a link to this statement? I couldn't see it in the adobe bug,
> and don't know where else to look.
There is no link, I e-mailed Shu Wang at Adobe.

(In reply to comment #102)
> (In reply to comment #101)
>
> > Of course, it would be even better if the distro also made it easy for
> > developers to see the bad memcpy's, so that they can fix their apps.
>
> This is probably already done: using -D_FORTIFY_SOURCE=1 enable use of
> __builtin___memcpy_chk()

Nope.

When looking at glibc (and gcc), _FORTIFY_SOURCE only enable checks for
overflow, not overlap.

(In reply to comment #94)
> Created attachment 460254 [details]
> replace all memcpy calls with memmove calls in libflashplayer.so
>
> I wrote this quick and dirty script last night after checking in on this bug
> report and reading the results. It fixes up the flash plugin to use memmove
> instead of memcpy across the board. Caveats:
>
> 1) The script takes a long time to run (although I don't really know how long
> since I went off and did other things while it ran)
> 2) There may be practical performance implications in using memmove where
> memcpy is okay not sure. Although, comment 46 suggests it may not be that bad
> of a hit.
> 3) It works okay for me in that my audio doesn't clip anymore on the one
> version of libflashplayer.so that I've tried it on, but I haven't done any
> significant testing.
Works excellent for me! The script took 1-2 minutes to run on my laptop.

In short for anyone ending up here, you may try this to bypass the issue:
In a terminal, run:

wget https://bugzilla.redhat.com/attachment.cgi?id=460254 -O ~/Downloads/memcpy-to-memmove.sh
chmod +x ~/Downloads/memcpy-to-memmove.sh
cp /path/to/your/libflashplayer.so /path/to/your/libflashplayer.so.backup
~/Downloads/memcpy-to-memmove.sh /path/to/your/libflashplayer.so

Good new, I just got an e-mail from Adobe, saying..

..they have a fix
..the fix has been send to QA/QE

They say that they cannot commit to any dates, but that they are taking the issue seriously.

I told them that if they want volunteers trying out their fix, we can help.

Since there is no ETA from Adobe, I think we should consider a fix for the time being. I'm just trying to brainstorm the problem. Possible solutions could be:

1) Revert the glibc change. While I don't think that a perfectly good change in glibc should be reverted to placate a proprietary plugin, this is not a perfectly good change. It's essentially a workaround for a defect in some Intel processors. It may improve benchmarks, but we can and should ask about real life benefits. While operations on short arrays may become faster in some very specific cases, copying of large and well-aligned arrays is likely be slowed down by going backwards.

2) Add a wrapper to Firefox to use memmove() instead of memcpy(). Users of other browsers will do it for themselves.

3) I don't know if it's feasible, but maybe nspluginwrapper could be changed to intercept the memcpy() call from the plugins. Maybe another wrapper could be bundled with nspluginwrapper.

4) Another wrapper could be written for flash plugin. That wrapper should be part of the flash-plugin package, and it should be very strongly recommended by the fedora Flash page (http://fedoraproject.org/wiki/Flash)

5) The flash-plugin package should patch the plugin on install. rpm verification will fail, but perhaps it's OK. We could mark the plugin as a "configuration file".

6) The flash-plugin package should patch the plugin at the build time. This could have legal consequences, but I don't think Adobe would actually enforce them considering that the change is purely to fix a flaw in their product.

Isn't nspluginwrapper unnecessary now that firefox has Out-of-Process-Plugins (i.e. plugin-container)? I honestly don't know what utility nspluginwrapper has remainiig to it, but suggestion #3 may amount to suggestion #2.

Re: suggestions #4-6 - isn't the flash-plugin package provided by adobe itself?

There is an alternative package by Leigh Scott, mentioned on http://fedoraproject.org/wiki/Flash

It already includes a thin wrapper adding support for Athlon64 processors without support for the lahf instruction. I tried just adding a safe memcpy() implementation to that file, but it didn't work.

I realize that it would be problematic to get ordinary users to use that repository, so integration of the fix with with nspluginwrapper, firefox or glibc would be preferable.

Created attachment 461740
binary patch for "flashplayer_square_p2_64bit_linux_092710"

use bspatch from bsdiff package to apply this patch.

This patch changes only one byte in libflashplayer.so. I did this manually with hexedit after studying objdump -S output. The idea behind this change is not to replace every memcpy call with memmove one, but to alter dynamic symbol table to point to memmove instead of memcpy.
I hope someone can make a similar script like Ray Strode did, but using this less intrusive method.

Comment #38 worked for me, thanks Linus!

I tried the binary patch from comment #122, it works too.

I also tried the binary patch from comment #122, and it's been working without any problems so far. Here's the general command for applying the patch:

    bspatch libflashplayer.so libflashplayer.sonew flash_64.bsdiff

(In reply to comment #122)
> Created attachment 461740 [details]
> binary patch for "flashplayer_square_p2_64bit_linux_092710"
>
> use bspatch from bsdiff package to apply this patch.
>
> This patch changes only one byte in libflashplayer.so. I did this manually with
> hexedit after studying objdump -S output. The idea behind this change is not to
> replace every memcpy call with memmove one, but to alter dynamic symbol table
> to point to memmove instead of memcpy.
> I hope someone can make a similar script like Ray Strode did, but using this
> less intrusive method.

This patch does not work for rekonq. Works fine for me with konqueror, firefox, chromium & google-chrome however. Rekonq still has the same sound issues. Anyone know where rekonq looks for plugins? I've installed the patched version of libflashplayer.so to:

/usr/lib/opera/plugins/libflashplayer.so
/usr/lib64/chromium-browser/plugins/libflashplayer.so
/usr/lib64/flash-plugin/libflashplayer.so
/usr/lib64/mozilla/plugins/libflashplayer.so
/usr/lib64/seamonkey-2.0.10/plugins/libflashplayer.so

And all the corresponding browsers work, except for rekonq.

Well, after enduring crappy flash sound since November 2, I finally stumbled across this bug.

I have implemented the workaround as per comment #55 and it is working for me.

I just want to comment that it is *ridiculous* that this issue has been closed as "NOTABUG" - it quite manifestly *is* a bug.

I'm no great fan of flash but it's an essential part of life on the web these days and I had thought that the Fedora project had finally put its days of broken flash support behind it.

The average punter, looking to evaluate Fedora will *not* care one jot *why* sound is broken in flash audio/video - they will just think "Fedora is crap" and move on to something else that isn't broken.

Please, re-open this issue and get a fix implemented for it ASAP.

(In reply to comment #127)

> I just want to comment that it is *ridiculous* that this issue has been closed
> as "NOTABUG" - it quite manifestly *is* a bug.

In Adobe's software.

> I'm no great fan of flash but it's an essential part of life on the web these
> days and I had thought that the Fedora project had finally put its days of
> broken flash support behind it.

Fedora's flash support is fine. Adobe's software is broken.

> The average punter, looking to evaluate Fedora will *not* care one jot *why*
> sound is broken in flash audio/video - they will just think "Fedora is crap"
> and move on to something else that isn't broken.

That's fine. Fedora Project's main priority is to improve its own software, not necessarily to maximize the number of users (unlike proprietary software, where maximizing the number of paid users is an end in itself). In particular, developers shouldn't waste time creating workarounds for third-party software and as a result causing developers of said software to be even less responsive than they already are, creating the need for more workarounds, ad infinitum.

> Please, re-open this issue and get a fix implemented for it ASAP.

Anything done in Fedora is a workaround, not a fix. Only Adobe can fix its own software.

In any case, it looks like Adobe may have "fixed" the problem in their usual responsive fashion. The latest update at http://labs.adobe.com/downloads/flashplayer10.html shows only 32-bit versions. If they have in fact abandoned 64-bit Flash yet again, it means that users have no choice but to use the 32-bit wrapped plugin which is not affected by this bug (in their software).

(In reply to comment #128)
>
> In Adobe's software.
>
> > I'm no great fan of flash but it's an essential part of life on the web these
> > days and I had thought that the Fedora project had finally put its days of
> > broken flash support behind it.
>
> Fedora's flash support is fine. Adobe's software is broken.

Quite frankly, I find your attitude to be annoying and downright stupid.

How hard can it be to understand the following simple sentence:

   THE USER DOESN'T CARE.

Pushing the blame around doesn't help anybody. The only thing that helps is Fedora being helpful, not being obstinate.

Also, the fact is, that from a Q&A standpoint, a memcpy() that "just does the right thing" is simply _better_. Quoting standards is just stupid, when there's two simple choices: "it works" or "it doesn't work because bugs happen".

Standards are paper. I use paper to wipe my butt every day. That's how much that paper is worth.

Reality is what matters. When glibc changed memcpy, it created problems. Saying "not my problem" is irresponsible when it hurts users.

And pointing fingers at Adobe and blaming them for creating bad software is _doubly_ irresponsible if you are then not willing to set a higher standard for your own project. And "not my problem" is not a higher standard.

So please just fix it.

The easy and technically nice solution is to just say "we'll alias memcpy to memmove - good software should never notice, and it helps bad software and a known problem".

(In reply to comment #129)

> Also, the fact is, that from a Q&A standpoint, a memcpy() that "just does the
> right thing" is simply _better_.

Assuming memcpy() (the existing one) is never more efficient than memmove(). If this is in fact known to _always_ be the case today, then I would agree. Otherwise, it's a bad idea. Optimized functions should continue to be available for those who need them, and it's not like Adobe didn't have a few decades of advance notice on how to code these functions properly. Anyone who finds that memmove() is just as fast in a particular case is free to use it.

> The easy and technically nice solution is to just say "we'll alias memcpy to
> memmove - good software should never notice, and it helps bad software and a
> known problem".

Good software _will_ notice, if it's using memcpy() deliberately, for better performance, and doesn't want it aliased. It's equally easy for Adobe (or anyone else) to just do a global search and replace in their own code, so as not to slow down everyone else's. But as mentioned above, it appears that they've abandoned their own 64-bit plugin again, so the "known problem" is gone - unless by their next version, they still haven't figured out the difference.

Andre, no one has abandoned anything. The Adobe website was just poorly updated. The 64-bit plugin was updated[1]. I am running on a *64-bit* Flash plugin version 10.3.162.29. The memcpy() issue is not fixed though. The date stamp is on 2010-11-16, which is around the time the issue was reported, but obviously too old.

As far as Fedora is concerned, I believe all of us here are free to make Fedora what we want. I don't know of any particular Fedora policy (please name one if I am wrong) that prevents any one of us from applying a workaround (be it glibc, be it nspluginwrapper, etc) that helps users *use* Fedora. Being petty and small and telling users to "get lost" makes me disgusted to be considered a Fedora contributor.

P.S. There's a bit much political BS in this bug, which is closed. It may be best to hold further comments until the results of tomorrow's FESCO meeting are known.

[1] http://labs.adobe.com/downloads/flashplayer10_square.html

(In reply to comment #130)
>
> Good software _will_ notice, if it's using memcpy() deliberately, for better
> performance, and doesn't want it aliased.

Bullshit. You clearly don't know what you're talking about.

There are exactly two reasons for memmove() existing in the first place:

 (a) memcpy() hasn't necessarily handled overlapping areas, so people had to make up a new function just because you couldn't _rely_ on memcpy working right for that case.

   IOW, it's not an issue of "memcpy shouldn't handle overlapping areas automatically", but a "you can't rely on it even if it does, so for portability reasons you shouldn't".

 (b) you can make a _simpler_ memcpy() if you assume there are no overlapping areas (which is obviously the reason why memcpy originally didn't). But the "simpler" is really trivial - the traditional difference between memcpy and memmove is literally that memcpy always copied upwards, and memmove() simply just checks whether the destination address is above the source address and decides to copy backwards if so.

And quite frankly, neither excuse is valid these days for not just aliasing the two to the same thing (and make both do memmove).

There is no performance difference. The "is it overlapping" is about two small and fast instructions (no cache issues etc), depending on just how exact you want to do it (ie again, traditionally it's just that single compare and conditional jump - but you can be more precise if you want to by adding just a few more instructions).

In fact, I can pretty much guarantee that if you have a program that notices the one or two cycles of the overlapping check, then you have a program that actually prefers the _old_ glibc memcpy(), the simpler one that worked fine with the flash player too. The traditional one that always moved things upwards.

Because the whole bug was introduced by the change (did you take a look at glibc sources? I did) that made memcpy() _much_ more complicated, and now it does computed indirect jumps based on size etc. So the new-and-improved one is the one that takes a lot more cycles, exactly because it tries to handle the special cases. But then it doesn't handle the _simple_ special case of "is it overlapping?".

In short: there is simply no excuse for the current memcpy() behavior. It doesn't match historical behavior, so it breaks existing applications. And there is certainly no "simplicity" argument: if you want a simpler and more maintainable glibc code base, you just say "let's do memcpy and memmove with the same code, and not have those ugly #ifdef's and duplicate compilations".

And there is no performance argument. None. If the argument is that "memcpy()" should be as simple as possible and have minimal overhead and perform best for the case where a single cycle matters (ie everything cached, nicely aligned arguments etc), then the glibc changes should just be reverted entirely.

So either re-instate the old traditional behavior ("memcpy is simple") that at least has some _historical_ reason behind it, and that makes flash work again.

Or alternatively, just make memcpy DTRT automatically. The check for overlap is not going to be noticed. And _not_ c...

Assuming your analysis is correct, aliasing memcpy() to memmove() would be preferable, since maintaining the extra code just to save one or two cycles per call isn't worth it IMO. And the bug Summary could be changed to something like "alias memcpy() to memmove()", since improving the GCC code itself is enough reason to make the change, regardless of whether broken applications are more likely to work. (Just wondering about the affect on application size, though - how different is the size of the memcpy() and memmove() code, and how often are they inlined? I'm guessing this is not a real issue, but it's the only other one I can think of.)

The latest flash 64bit plugin seems to have fixed this:

http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_2_p3_64bit_linux_111710.tar.gz

(At least it fixes it fine here).

As to reverting this due to technical arguments like https://bugzilla.redhat.com/show_bug.cgi?id=638477#c132 could the glibc maintainers please consider that and reply here? If they wish to close this bug again, thats their right, but one more revisit and reply to the technical arguments would be welcome.

Thanks.

(In reply to comment #134)
> The latest flash 64bit plugin seems to have fixed this:
>
> http://download.macromedia.com/pub/labs/flashplayer10/flashplayer10_2_p3_64bit_linux_111710.tar.gz
>
> (At least it fixes it fine here).

It is still broken for me. Maybe some of your workarounds are still in place.

Sigh. My bad. It's still broken in that version too.

I tested a handfull of random youtube videos, but they were all ones that didn't have the bitrate that shows this. ;(

So, yes, it's still broken. Use the workarounds or 32bit official plugin with nspluginwrapper.
Sorry for the false alarm.

OH MY GOD! I just tried Ray Strode's patch and not only does not fix the sound bug, but it makes flash WAY MORE STABLE! I used to get flash crashing on me all the time whenever I played several videos at once, and now I'm noticing that I no longer see any crashes at all! Incredible!

oopse that should have read "not only does fix the sound bug" :o

I just encountered this bug while previewing mp3s on the Amazon mp3 download website and was able to workaround by using #38/#55. However, I'd like to note that this is type of bug is is especially frustrating since after reading the comments above it smells too political and idealistic.

Please be reminded that according to the Fedora front page http://fedoraproject.org/en/, it is supposed to be stable and for everyday use. This update clearly broke some of that stability whatever the cause. There are many people (my mom and many co-workers) that would not have any clue as to how to fix this even with the workaround posted here.

I would recommend that a notice be put on the fedora website or help page http://fedoraproject.org/en/get-help that references this bug or provides information as it apparently affects quite a few websites and both google-chrome and firefox.

Regards, Geoff

Good comments, GS, but from the above discussion, it is apparent that Fedora is not meant for "users" but for "contributers". Your mom and coworkers would be better off with Ubuntu. If Fedora keeps going in the direction it is, Ubuntu might end up with a few more followers and Fedora with a few less. I want a Linux system that works. I've put up with Fedora's "purity" policies from the beginning, but this one might be the last straw up with which this camel will not put.

(In reply to comment #137)
> OH MY GOD! I just tried Ray Strode's patch and not only does not fix the sound
> bug, but it makes flash WAY MORE STABLE! I used to get flash crashing on me
> all the time whenever I played several videos at once, and now I'm noticing
> that I no longer see any crashes at all! Incredible!

Indeed. I updates from Linus' patched memcpy preload to Ray Strode's patch and all the the little hesitations and timing stumbles I'd always gotten on some sites disappeared.

I'm an average user that experiences distorted sound at full-screen videos from YouTube (such as http://www.youtube.com/user/jamesbluntmusic#p/u/0/x1yOGhnmYfI) or from Colbert Nation (http://www.colbertnation.com/the-colbert-report-videos/367133/).

Since my processor is 32 bits and not 64 bits, I wonder whether it is the same bug as mine.

I have tried to compile the code from comment 55, but I'm afraid I get the following error:

  $ gcc -O2 -c linusmemcpy.c
  linusmemcpy.c: Assembler messages:
  linusmemcpy.c:6: Error: number of operands mismatch for `movs'

This is all Greek to me. Any idea on how to fix this?

Many thanks for your help,

Pablo

Created attachment 465094
The patched flashplayer plugin 10_2_p3_64bit 111710

Just install this plugin instead of the adobe one and everything should work. I fixed the adobe one it with Ray Strode's script.

(In reply to comment #143)
> Created attachment 465094 [details]
> The patched flashplayer plugin 10_2_p3_64bit 111710
>
> Just install this plugin instead of the adobe one and everything should work. I
> fixed the adobe one it with Ray Strode's script.

This is likely something we should not be distributing.

Please do - trying to get to the attached pre patched flashplayer #143 - give me permission denied :(

(In reply to comment #145)
> Please do - trying to get to the attached pre patched flashplayer #143 - give
> me permission denied :(

Posting a patched version of flash player breaks the license http://labs.adobe.com/technologies/eula/flashplayer10.html (in two places I think) which will be why access to that file has been removed.

My deepest apologies for breaking the license. It wont happen again... I was just trying to help some people who got mixed up in all the amount of comments here...

For users who still have problems:
I "incidentally found" the file here: http://rapidshare.com/files/435418850/flashplayer10_2_p3_64bit_linux_111710.tar.gz

Great find Benny ! Worked like a sharm :) Thank !!

I've been using RedHat since RedHat used to release a binary desktop, before they created the Fedora Project. I've used Fedora and Centos for non-profit uses since, including for OpenStandards.net and personal use.

When I installed the 64-bit Fedora, and had to go through a pain to install 64-bit Flash, I used to, but unhappy with, the process for installing such a critical component.

When recently installing Ubuntu on a friend's Netbook to "correct" her Windows virus problem, I couldn't believe how easy it was to install Flash. It was a check box on the normal install process! I found out non-technical friends were installing Ubuntu and very happy with it. This was obviously because Ubuntu make it possible for a non-technical person to install Flash. We all know that if you replace Windows with Ubuntu for a friend, and do not install Flash, they will call you pretty quickly asking why they can't view things on the web.

I've noticed the sound problem with Fedora, narrowing it down to just the web browsers, both Firefox and Chrome. Adding the lack of a Boxee build for Fedora, and I've been telling all non-technical friends to install Ubuntu. I've described Fedora as an unstable experimental version designed only for technical people. (To be sure, previous incidents with the nVidia driver leading me to have to re-install Fedora after a kernel update caused the loss of video, and paranoia that this can happen again, fed into this conclusion.)

Then, I found and read this thread. I used Ray's patch to correct my sound problem. Thanks, Ray!

I concur 100% with Linus on this one. The changes to glibc need to be rolled back in an update to Fedora 14 until Adobe corrects their Flash binary! If you don't do this, there will be a lot more people like me, who, seeing only the surface, will tell everyone to install Ubuntu. This needs to be done immediately! People have over 4 GB of ram in new computers, and they need the 64-bit version to use it.

I'm glad to see there are people like Linus that would like to see Fedora become a mainstream desktop, and not just an experimental distribution for technical people. I hope those in control will learn from this and not only roll back the glibc change ASAP, but also look into streamlining the Flash install like Ubuntu did so non-technical people can have it when they install Fedora with default settings.

I'd like to point out that malloc() has its MALLOC_CHECK_ environment variable which activates less efficient implementation designed to be tolerant
against simple errors.

Memcpy() bugs happen just like malloc() bugs do. So why not a MEMCPY_CHECK_ ?

(In reply to comment #149)

Hear hear.

One more supporter for Linus' plea. End users don't care what the cause is, they want it fixed. Sure, Adobe is making themselves look bad by taking way too long to patch this. Even an intermediate fix, just for this problem, can be pushed through bureaucratic mazes in just a few days. However, this is not taking the responsibility away from Fedora to make things "just work".

I, being someone that is heavily into performance tuning, think that winning cycles, no matter how little, in often used functions is a good thing(tm). Therefor, I agree that improving glibc by doing these optimizations should be done.

Several workarounds have been mentioned to either mitigate the problem in glibc, or to provide a workaround somewhere else in Fedora. Neither has been done, in over a month and over 100 comments on this bug. Given the amount of updates I receive daily for FC14, I think this is an issue that should have been dealt with long ago. No way is it possible that nobody with write access to the relevant packages hasn't had any time to deal with this yet.

I would like to urge anyone with any political power withing Fedora to get this problem dealt with immediately. An organization this big and mature shouldn't be having trouble dealing with this sort of thing, fix it, make certain it won't happen again and move on.

(In reply to comment #149)

> I concur 100% with Linus on this one. The changes to glibc need to be rolled
> back in an update to Fedora 14 until Adobe corrects their Flash binary! If you
> don't do this, there will be a lot more people like me, who, seeing only the
> surface, will tell everyone to install Ubuntu. This needs to be done
> immediately! People have over 4 GB of ram in new computers, and they need the
> 64-bit version to use it.

This is a fine urban myth, but only that. The 32 bit "PAE" kernel can address 36 bits of memory space, or 64GB of physical RAM. The only real benefit would be to people who have a single user process limited by 4GB of RAM, and that's a very small number. If you compile your own apps for 64 bit, with the right options and use the right algorithms, you might see about a 5% speedup due to more registers. I have never seen that in any RPM distributed Fedora software, and I would love 5% faster ffmpeg.

I humbly advise that given my lack of drama with 24GB RAM and PAE, and lack of issues running better supported 32 bit apps, that people stay with 32 bit PAE unless they have a specific reason to go 64. I know it's not the "next big thing" but it works and uses all your memory.

Pretty please with sugar on top, could people please refrain from adding comments here that are not technical in nature? I have asked the maintainers to revisit this based on the technical arguments.

I would suggest to those that need flash working now that you use the 32bit flash plugin with nspluginwrapper. See: http://fedoraproject.org/wiki/Flash for information on installing it. As this is in fact the only released and security updated flash plugin adobe ships (the 64bit one is a beta and doesn't promise security releases).

Adding non technical comments just makes it less likely that maintainers will be able to filter out those and revisit this. Thanks.

Would someone who's allowed please add the CommonBugs keyword to this bug? It'll save a lot of folks search time once it's listed on the http://fedoraproject.org/wiki/Bugs/Common page.

anyone can add keywords, I think.

In replay to comment #147, this seemed to correct the problem for Youtube/240P, but not for some others, such as:
http://bestofthebaytv.com/view/1275/Salesjobscom

Fedora 14, 64 bit

RE: comment 157

The site referenced plays OK here (Firefox 3.6.13) using Ray Strode's patch (comment 94)

Just wanted to say, that there's the same problem with Rhythmbox. When I wanted to play BBC Radio 4 podcasts, I got similar distorted sound.
Using mymemcpy from comment #38 also helps.

Jacek

Comment 94 also fix sound problem for me

That seemed to work for me as well.

MPD (Music Player Daemon - http://mpd.wikia.com/wiki/Music_Player_Daemon_Wiki) can be set to output an http stream, which is processed by the totem plugin in firefox.

MPD is also being affected by this bug, and it has nothing to do with the flash-plugin. The fix on comment #38 (Linus Torvalds) works just fine in this case, though.

I also have an .src.rpm that applies the fix on comment #94 (Ray Strode) during
the build, that is, it brings an unmodified flash-plugin an applies
the script when the rpm is created for 64 bits:

http://orion.lcg.ufrj.br/RPMS/src/flash-plugin-10.3-1.fc14.src.rpm

    File: libflashplayer.so
    Version:
    Shockwave Flash 10.3 d162

The real problem is gstreamer.

Just try to play an avi (e.g., with divx codec) using gst123 or totem,
and the sound will be completely distorted.

The fix on comment #38 also solves the problem.

I tracked down the problem using valgrind,
and the culprit was a libgstflump3dec.so
in my ~/.gstreamer-0.10/plugins/

This plugin was dated from 2007. After deleting it,
gstreamer is working just fine.

However, this plugin has never caused any trouble before, though.

#164, nice work. You found another "proprietary" binary that used the *bad* memcpy for overlapping memory.

#164: nice find. did you report this to Fluendo?

Another person has already emailed Fluendo directly.

I also have Linux Torvalds' solution here:

http://orion.lcg.ufrj.br/RPMS/src/memcpy-1.0-1.fc14.src.rpm

It installs a fixed memcpy in /opt/memcpy and provides a script in /usr/bin
that preloads it to a given program:

memcpy-preload.sh prog_name prog_arguments

for instance:

memcpy-preload.sh google-chrome

Booth solutions are equivalent in terms of fixing the 64 bit flash-plugin, but this one can be applied to other programs as well.

(In reply to comment #167)
> I also have Linux Torvalds' solution here:
>
> http://orion.lcg.ufrj.br/RPMS/src/memcpy-1.0-1.fc14.src.rpm

I'm extremely interested in your fix.

As I already reported (comment 142), I experience a similar problem in Flash when played at full screen (Fedora 13 played the videos fine, but Fedora 14 distorts their audio)

I'm on 32bit and I cannot compile it due to the following error:

+ ./make-mymemcpy.sh
mymemcpy.c: Assembler messages:
mymemcpy.c:6: Error: number of operands mismatch for `movs'
mymemcpy.o: could not read symbols: File in wrong format

Is there any way I can compile it under 32bits?

Thanks for your help and happy New Year to everybody,

Pablo

(In reply to comment #168)
[...]
> I'm on 32bit and I cannot compile it

Pablo, Ray Strode's script in comment #94 should work on 32 bits as well.

(In reply to comment #168)
> (In reply to comment #167)
> > I also have Linux Torvalds' solution here:
> >
> > http://orion.lcg.ufrj.br/RPMS/src/memcpy-1.0-1.fc14.src.rpm
>
> I'm extremely interested in your fix.
>
> As I already reported (comment 142), I experience a similar problem in Flash
> when played at full screen (Fedora 13 played the videos fine, but Fedora 14
> distorts their audio)
>
> I'm on 32bit and I cannot compile it due to the following error:
>
> + ./make-mymemcpy.sh
> mymemcpy.c: Assembler messages:
> mymemcpy.c:6: Error: number of operands mismatch for `movs'
> mymemcpy.o: could not read symbols: File in wrong format
>
> Is there any way I can compile it under 32bits?
>
> Thanks for your help and happy New Year to everybody,

The code is written in assembler, and is intended to 64 bits.
That is why you can not compile it.

I can play both videos fine (#142), but only the James Blunt's video goes to full screen here.

However, I think your issue is different. The memcpy problem in flash 64 bits makes the sound unrecognisable, and it is not a simple stuttering or something like that.

As John said in comment #161, Ray Strode's script replaces all memcpy calls for
memove, and can be applied in 32 bits (although my .src.rpm only applies the script for 64 bits).

*** Bug 663784 has been marked as a duplicate of this bug. ***

(In reply to comment #170)
> The code is written in assembler, and is intended to 64 bits.
> That is why you can not compile it.

Thanks for your replies, Paulo and John.

I had no idea that the code was written in assembler (I'm only a user, not a programmer, so all code is Greek to me).

> However, I think your issue is different. The memcpy problem in flash 64 bits
> makes the sound unrecognisable, and it is not a simple stuttering or something
> like that.

I know that it is different, but it might have the same cause. I already reported it (bug 661385). But since I had no reply, I wanted to try whether any of these fixes could work.

> As John said in comment #161, Ray Strode's script replaces all memcpy calls for
> memove, and can be applied in 32 bits (although my .src.rpm only applies the
> script for 64 bits).

I have downloaded the script, but invoking "./fix-flash.sh /usr/bin/firefox" gives me the following warning:

./fix-flash.sh /usr/bin/firefox
objdump: /usr/bin/firefox: File format not recognized
objdump: Section '.plt' mentioned in a -j option, but not found in any input file
Can't find memcpy call in /usr/bin/firefox PLT

Sorry, but again it's Greek to me. How should I use the fix?

Thanks for your help,

Pablo

Re Comment 172

You can't patch /usr/bin/firefox because (under Fedora, at least) it is
a bash script that in turn runs the firefox binary, which currently (Fedora 13)
is /usr/lib/firefox-3.6/firefox . If you wish, try patching that:

./fix-flash.sh /usr/lib/firefox-3.6/firefox

(In reply to comment #173)
> Re Comment 172
>
> You can't patch /usr/bin/firefox because (under Fedora, at least) it is
> a bash script that in turn runs the firefox binary, which currently (Fedora 13)
> is /usr/lib/firefox-3.6/firefox . If you wish, try patching that:

Thanks, Dale.

I'm afraid I get another errorsA:

./fix-flash.sh /usr/lib/firefox-3.6/firefox
./fix-flash.sh: line 11: [: too many arguments
./fix-flash.sh: line 16: 0x080495a8 - 0x08049338
08049478: value too great for base (error token is "08049478")

No idea what might be wrong.

Thanks again,

Pablo

You did not understand. What should be patched is the flash-plugin (libflashplayer.so), and not firefox.

I changed my .src.rpm to patch even the 32 bit version:

rpmbuild --rebuild flash-plugin-10.3-1.fc14.src.rpm

You should see it downloading the source from adobe and patching it.
After doing that, install the created rpm and restart firefox.

You should check using "about:plugins" in firefox address bar, whether it is really using the new version.

(In reply to comment #175)
> I changed my .src.rpm to patch even the 32 bit version:
>
> rpmbuild --rebuild flash-plugin-10.3-1.fc14.src.rpm
>
> You should see it downloading the source from adobe and patching it.
> After doing that, install the created rpm and restart firefox.

Thanks, I rebuilt your source rpm and it downloaded and patched the flash-plugin.

But it didn't work.

Thanks anyway,

Pablo

Re: comment 175:
This method worked perfectly for me. (F14-x86_64 - Intel MacBook)

For other users like myself unfamiliar with rpmbuild (I had to do some googling to figure this part out) install rpmdevtools (inc deps) and chrpath (I could only find 0.13.6.fc12-x86_64, but it worked).

Thank You to all involved with figuring this one out, and an aside I didn't have to implement Linus' (et.al) patch, although Thank You to all of you as well, that was next...
Br,
alex

Paulo's rpm didn't build for me because it was complaining about a missing build id. I uploaded an updated version of the rpm with the ld line changed to "ld -G --build-id mymemcpy.o -o mymemcpy.so" and it's working for me.

http://luchko.ca/~aaron/memcpy-1.1-1.fc14.src.rpm

Just for fun, it's appropriate to say so it seems to me :=), I set up the GNU build system for mymemcpy, so you can do the usual ./configure make make install. Yes, it is overkill but it is "nice" hope. It is here

https://github.com/yersinia/junkcode/tree/master/linux/mymemcpy

and here the new (make distcheck) tarball

https://github.com/yersinia/junkcode/blob/master/linux/mymemcpy/mymemcpy-1.1.tar.gz

Regards

I have no sound in firefox, but do have sound in other applications.

I tried to cut and paste the code from #38 to my command prompt (as root) but nothing seemed to run.

I also tried to copy the code from #94 into a file called ray.sh, made it executable, and issued the command "bash ray.sh" as root, but got the following error:

# bash ray.sh
objdump: 'a.out': No such file
objdump: Section '.plt' mentioned in a -j option, but not found in any input file
Can't find memcpy call in PLT

Please forgive my ignorance, but can someone please provide detailed steps on how to implement these fixes.

Thanks

If you want something more simple download the tarball referenced on #179 and do

tar -zxvf mymemcpy-1.1.tar.gz

cd mymemcpy-1.1

./configure

make

make install (ad root or use sudo)

e follow the instruction on the README, changing the application after LD_PRELOAD if necessary.

Regards

A slightly modified version of Linus' memcpy routine so that it builds for 32 bit as well:

1. Cut and paste this into a prompt:
---Cut below---
cat > $HOME/Downloads/linusmemcpy.c <<EOF
#include <sys/types.h>

void *memcpy(void *dst, const void *src, size_t size)
{
void *orig = dst;
#if __WORDSIZE == 64
asm volatile("rep ; movsq"
#else
asm volatile("rep ; movsl"
#endif
:"=D" (dst), "=S" (src)
:"0" (dst), "1" (src), "c" (size >> 3)
:"memory");
asm volatile("rep ; movsb"
:"=D" (dst), "=S" (src)
:"0" (dst), "1" (src), "c" (size & 7)
:"memory");
return orig;
}
EOF
cd $HOME/Downloads
gcc -O2 -c linusmemcpy.c
ld -G linusmemcpy.o -o linusmemcpy.so
---Stop cutting here---

2. Shutdown any running copies of your webbrowser.

3. Until a Adobe has fixed their Flash player, start your webbrowser as below:

For Firefox users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /usr/bin/firefox &

For Google Chrome users:
LD_PRELOAD=$HOME/Downloads/linusmemcpy.so /opt/google/chrome/google-chrome &

*** Bug 661385 has been marked as a duplicate of this bug. ***

(In reply to comment #182)
> A slightly modified version of Linus' memcpy routine so that it builds for 32
> bit as well:

It builds for 32-bit but it doesn't work for me for 32-bit. I tried a simple test with ls which truncates filenames and ls -al which segfaults!

Here, this one actually has a chance of working, still, totally untested.

---Cut below---
cat > $HOME/Downloads/linusmemcpy.c <<EOF
#include <sys/types.h>

void *memcpy(void *dst, const void *src, size_t size)
{
void *orig = dst;
#if __WORDSIZE == 64
asm volatile("rep ; movsq" :"=D" (dst), "=S" (src)
: "0" (dst), "1" (src), "c" (size >> 3) : "memory");
asm volatile("rep ; movsb" : "=D" (dst), "=S" (src)
: "0" (dst), "1" (src), "c" (size & 7) : "memory");
#else
asm volatile("rep ; movsl" :"=D" (dst), "=S" (src)
: "0" (dst), "1" (src), "c" (size >> 2) : "memory");
asm volatile("rep ; movsb" : "=D" (dst), "=S" (src)
: "0" (dst), "1" (src), "c" (size & 3) : "memory");
#endif
return orig;
}
EOF
cd $HOME/Downloads
gcc -O2 -c linusmemcpy.c
ld -G linusmemcpy.o -o linusmemcpy.so
---Stop cutting here---

Just for people who don't want to build the rpm themselves I put up a pre-built version

http://luchko.ca/~aaron/memcpy-1.1-1.fc14.x86_64.rpm

just install and start firefox as

$ memcpy-preload.sh firefox

I've tested this on two machines and it fixes the problem for me.

RE: Comment 186.
Thanks Aaron, that was great timing. I just did a fresh install of F14-x86_64, so I've just installed your rpm, and it works perfectly for me too. I just had to use the full path since I'm testing the the beta Firefox. The path for my shortcut is: memcpy-preload.sh /usr/share/mozilla/firefox/firefox
Again Thanks and Best Regards

Thanks a lot Aaron. Three machines included mine....
Now I can listen again to the music of hundreds/thousands of sites .....
I installed the memcpy as you said above.
Then I changed the command in the menu editor for the firefox and instead of : firefox %u , I put your command : memcpy-preload.sh firefox .
So I have the same feeling as previously. There is no need to run firefox in the konsole.
Really, I expected an official Fedora update to fix this major problem, even if Adobe has the responsibility for the bug.
Because the flash plugin is a necessary villain but a really small "tool" compared to the Fedora OS, that is a big "factory" with rich equipment and a lot of "deposits" full of tools.
It is not permitted for such a factory to raise the hands.......

RE: Comment 186

Thanks. I downloaded your rpm and installed it as follows:

yum localinstall --nogpgcheck memcpy-1.1-1.fc14.x86_64.rpm

It wouldn't install without the "--nogpgcheck" flag

RE Comment 186 & Comment 187

I copied my firefox shortcut and changed the command to

memcpy-preload.sh /usr/share/mozilla/firefox/firefox

but it didn't work. So I tried

memcpy-preload.sh firefox

And it worked! However the sound is kind of quiet even with the speakers turned all the way up. Also, if I exit a youtube video during play, it makes a brief, but very loud hum.

I got the official update of glibc today (Feb 9 2011) and I hoped that the problem with flash plugin might be solved. So I tried the command firefox %u but I was wrong..... The problem remains !!
Thanks again Aaron for your memcpy-preload.sh firefox.
Earth calls Fedora Planet. Is anybody out there ? Over .

Up to date as of 2011Feb14, and the problem persists.

I noticed the status is now assigned, but the fix (based on my understanding of the discussion above) appears to be a trivial rollback of a change to glibc.

Do you need additional triage information to fix this issue?

Confirming the issue on a current Fedora 14, flash-plugin-10.3.162.29-1.x86_64

Please rollback changes to Glib - this is a servere bug on fedora fc14 x86_64 with intel hardware...

Also, the severity should be marked as "urgent" not medium - this is a real show stopper.

a glitch with an unsupported (upstream) version of an unsupported (by us) third-party plugin does not qualify for any kind of 'urgent' status by any stretch of the imagination, I'm afraid.

running the 64-bit Flash plugin is just generally a bad idea, because they never keep it up to date with the 32-bit one, so it's always vulnerable to several known serious security issues. And 'known serious security issues in Flash' is really not something you want to be exposing your computer to. Just run the 32-bit version, really, you'll be doing yourself a favour.