Buffer overflow in alsa_card_detect causes linphone to crash at startup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mediastreamer2 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Linphone crashes at startup for me, if too many audio devices are connected, with a message on stderr saying
free(): double free detected in tcache 2
SIGABRT / SIGIOT: Aborted
I debugged the problem and found that the crash was occurring in the libmediastreame
(I don't have 100 audio devices! But ALSA reports multiple records for each one, with various different details. I found that with HDMI audio output, USB speakers, and a webcam with microphone, the array overrun occurs; disconnecting the webcam allows Linphone to start up, but then of course I can't use it to make calls.)
I've worked around the problem locally by installing a recompiled version of the libmediastreame
(My fix is a bodge, of course! A proper fix would enlarge the arrays as needed. But I know that the affected function has been completely rewritten in later versions of mediastreamer2, and those later versions are already in later Ubuntu releases. So I only need that workaround until I can upgrade from 20.04 to 22.04 next month.)
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libmediastreame
ProcVersionSign
Uname: Linux 5.11.0-46-generic x86_64
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
Date: Wed Mar 30 12:35:18 2022
InstallationDate: Installed on 2013-06-01 (3223 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release amd64 (20130424)
SourcePackage: mediastreamer2
UpgradeStatus: Upgraded to focal on 2020-08-31 (575 days ago)
modified.
mtime.conffile.