* valgrind error in snd_tlv_get_dB_range
@ 2014-01-19 10:16 Ivan Sorokin
2014-01-19 11:19 ` Clemens Ladisch
2014-01-19 12:22 ` Ivan Sorokin
0 siblings, 2 replies; 4+ messages in thread
From: Ivan Sorokin @ 2014-01-19 10:16 UTC (permalink / raw)
To: alsa-devel
One program (qasmixer -- alsa mixer) on my system prints lots of
valgrind errors.
The first one is this:
==25716== Conditional jump or move depends on uninitialised value(s)
==25716== at 0x4E72307: snd_tlv_get_dB_range (tlv.c:170)
==25716== by 0x4E8A746: get_dB_range (simple_none.c:1162)
==25716== by 0x4E8A7E7: get_dB_range_ops (simple_none.c:1176)
==25716== by 0x4E85590: snd_mixer_selem_get_playback_dB_range
(simple.c:298)
==25716== by 0x472B2B:
QSnd::Mixer_Simple_Elem::set_snd_mixer_selem_id(_snd_mixer_selem_id*)
(mixer_simple_elem.cpp:161)
==25716== by 0x4724B8:
QSnd::Mixer_Simple_Elem::Mixer_Simple_Elem(QObject*, _snd_mixer*,
_snd_mixer_selem_id*) (mixer_simple_elem.cpp:31)
==25716== by 0x479F17:
QSnd::Mixer_Simple::create_mixer_elem(_snd_mixer_elem*)
(mixer_simple.cpp:318)
==25716== by 0x4797B3: QSnd::Mixer_Simple::create_mixer_elems()
(mixer_simple.cpp:217)
==25716== by 0x4795DF: QSnd::Mixer_Simple::open(QString const&)
(mixer_simple.cpp:178)
==25716== by 0x4D4754: Tray_Mixer::load_mixer() (tray_mixer.cpp:222)
==25716== by 0x4D4505:
Tray_Mixer::set_mdev_setup(Tray_Mixer_MDev_Setup*) (tray_mixer.cpp:137)
==25716== by 0x4DB863: Desktop_Items::tray_mixer_create()
(desktop_items.cpp:504)
==25716== Uninitialised value was created by a heap allocation
==25716== at 0x4C2CD7B: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==25716== by 0x4E8A572: init_db_range (simple_none.c:1114)
==25716== by 0x4E8A70D: get_dB_range (simple_none.c:1159)
==25716== by 0x4E8A7E7: get_dB_range_ops (simple_none.c:1176)
==25716== by 0x4E85590: snd_mixer_selem_get_playback_dB_range
(simple.c:298)
==25716== by 0x472B2B:
QSnd::Mixer_Simple_Elem::set_snd_mixer_selem_id(_snd_mixer_selem_id*)
(mixer_simple_elem.cpp:161)
==25716== by 0x4724B8:
QSnd::Mixer_Simple_Elem::Mixer_Simple_Elem(QObject*, _snd_mixer*,
_snd_mixer_selem_id*) (mixer_simple_elem.cpp:31)
==25716== by 0x479F17:
QSnd::Mixer_Simple::create_mixer_elem(_snd_mixer_elem*)
(mixer_simple.cpp:318)
==25716== by 0x4797B3: QSnd::Mixer_Simple::create_mixer_elems()
(mixer_simple.cpp:217)
==25716== by 0x4795DF: QSnd::Mixer_Simple::open(QString const&)
(mixer_simple.cpp:178)
==25716== by 0x4D4754: Tray_Mixer::load_mixer() (tray_mixer.cpp:222)
==25716== by 0x4D4505:
Tray_Mixer::set_mdev_setup(Tray_Mixer_MDev_Setup*) (tray_mixer.cpp:137)
I compiled libasound2 from the latest git from
git://gitorious.org/alsa/alsa-lib.git with -g -O0, so you can see line
numbers.
As I understand the problem is that init_db_range initialize invalid
rec->db_info, because snd_hctl_elem_tlv_read failed to fully initialize tlv:
> tlv = malloc(tlv_size); // line 1114
> if (! tlv)
> return -ENOMEM;
> if (snd_hctl_elem_tlv_read(ctl, tlv, tlv_size) < 0)
> goto error;
> db_size = snd_tlv_parse_dB_info(tlv, tlv_size, &dbrec);
> if (db_size < 0)
> goto error;
> rec->db_info = malloc(db_size);
> if (!rec->db_info)
> goto error;
> memcpy(rec->db_info, dbrec, db_size);
> free(tlv);
I tried to trace problem in snd_hctl_elem_tlv_read, but I failed to do
so due to lack of experience with alsa-lib.
Could someone more experienced with alsa-lib look at the problem?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: valgrind error in snd_tlv_get_dB_range
2014-01-19 10:16 valgrind error in snd_tlv_get_dB_range Ivan Sorokin
@ 2014-01-19 11:19 ` Clemens Ladisch
2014-01-19 12:22 ` Ivan Sorokin
1 sibling, 0 replies; 4+ messages in thread
From: Clemens Ladisch @ 2014-01-19 11:19 UTC (permalink / raw)
To: Ivan Sorokin; +Cc: alsa-devel
Ivan Sorokin wrote:
> One program (qasmixer -- alsa mixer) on my system prints lots of valgrind errors.
Yes, these are errors in valgrind.
> As I understand the problem is that init_db_range initialize invalid rec->db_info, because snd_hctl_elem_tlv_read failed to fully initialize tlv:
snd_hctl_elem_tlv_read initializes as many bytes as needed.
I'd guess valgrind doesn't notice this because this is done through
an ioctl, in the kernel.
Regards,
Clemens
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: valgrind error in snd_tlv_get_dB_range
2014-01-19 10:16 valgrind error in snd_tlv_get_dB_range Ivan Sorokin
2014-01-19 11:19 ` Clemens Ladisch
@ 2014-01-19 12:22 ` Ivan Sorokin
2014-01-20 9:42 ` Takashi Iwai
1 sibling, 1 reply; 4+ messages in thread
From: Ivan Sorokin @ 2014-01-19 12:22 UTC (permalink / raw)
To: alsa-devel
On 19.01.2014 14:16, Ivan Sorokin wrote:
> I tried to trace problem in snd_hctl_elem_tlv_read, but I failed to do
> so due to lack of experience with alsa-lib.
>
> Could someone more experienced with alsa-lib look at the problem?
After a bit more investigation I've found that tlv is initialized in
snd_ctl_hw_elem_tlv with memcpy in line 245. This initialization looks
perfectly correct. So perhaps this is a error in valgrind (unimplemented
ioctl).
P.S. I believe I found a memory leak:
> switch (op_flag) {
> case -1: inum = SNDRV_CTL_IOCTL_TLV_COMMAND; break;
> case 0: inum = SNDRV_CTL_IOCTL_TLV_READ; break;
> case 1: inum = SNDRV_CTL_IOCTL_TLV_WRITE; break;
> default: return -EINVAL;
> }
> xtlv = malloc(sizeof(struct snd_ctl_tlv) + tlv_size);
> if (xtlv == NULL)
> return -ENOMEM;
> xtlv->numid = numid;
> xtlv->length = tlv_size;
> memcpy(xtlv->tlv, tlv, tlv_size);
> if (ioctl(hw->fd, inum, xtlv) < 0) {
> free(xtlv);
> return -errno;
> }
> if (op_flag == 0) {
> if (xtlv->tlv[1] + 2 * sizeof(unsigned int) > tlv_size)
missing free(xtlv) here
> return -EFAULT;
> memcpy(tlv, xtlv->tlv, xtlv->tlv[1] + 2 * sizeof(unsigned int));
> }
> free(xtlv);
> return 0;
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: valgrind error in snd_tlv_get_dB_range
2014-01-19 12:22 ` Ivan Sorokin
@ 2014-01-20 9:42 ` Takashi Iwai
0 siblings, 0 replies; 4+ messages in thread
From: Takashi Iwai @ 2014-01-20 9:42 UTC (permalink / raw)
To: Ivan Sorokin; +Cc: alsa-devel
At Sun, 19 Jan 2014 16:22:47 +0400,
Ivan Sorokin wrote:
>
> On 19.01.2014 14:16, Ivan Sorokin wrote:
>
> > I tried to trace problem in snd_hctl_elem_tlv_read, but I failed to do
> > so due to lack of experience with alsa-lib.
> >
> > Could someone more experienced with alsa-lib look at the problem?
>
> After a bit more investigation I've found that tlv is initialized in
> snd_ctl_hw_elem_tlv with memcpy in line 245. This initialization looks
> perfectly correct. So perhaps this is a error in valgrind (unimplemented
> ioctl).
>
> P.S. I believe I found a memory leak:
>
> > switch (op_flag) {
> > case -1: inum = SNDRV_CTL_IOCTL_TLV_COMMAND; break;
> > case 0: inum = SNDRV_CTL_IOCTL_TLV_READ; break;
> > case 1: inum = SNDRV_CTL_IOCTL_TLV_WRITE; break;
> > default: return -EINVAL;
> > }
> > xtlv = malloc(sizeof(struct snd_ctl_tlv) + tlv_size);
> > if (xtlv == NULL)
> > return -ENOMEM;
> > xtlv->numid = numid;
> > xtlv->length = tlv_size;
> > memcpy(xtlv->tlv, tlv, tlv_size);
> > if (ioctl(hw->fd, inum, xtlv) < 0) {
> > free(xtlv);
> > return -errno;
> > }
> > if (op_flag == 0) {
> > if (xtlv->tlv[1] + 2 * sizeof(unsigned int) > tlv_size)
>
> missing free(xtlv) here
Good catch. Care to send a proper fix patch?
thanks,
Takashi
>
> > return -EFAULT;
> > memcpy(tlv, xtlv->tlv, xtlv->tlv[1] + 2 * sizeof(unsigned int));
> > }
> > free(xtlv);
> > return 0;
>
>
> _______________________________________________
> Alsa-devel mailing list
> Alsa-devel@alsa-project.org
> http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
>
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-01-20 9:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-19 10:16 valgrind error in snd_tlv_get_dB_range Ivan Sorokin
2014-01-19 11:19 ` Clemens Ladisch
2014-01-19 12:22 ` Ivan Sorokin
2014-01-20 9:42 ` Takashi Iwai
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.