[Bug libc/13034] New: Mplayer/alsa-lib dl_close segv.

[Bug libc/13034] New: Mplayer/alsa-lib dl_close segv.

[smf.linux at ntlworld dot com]

http://sourceware.org/bugzilla/show_bug.cgi?id=13034

           Summary: Mplayer/alsa-lib dl_close segv.
           Product: glibc
           Version: 2.14
            Status: NEW
          Severity: normal
          Priority: P2
         Component: libc
        AssignedTo: drepper.fsp@gmail.com
        ReportedBy: smf.linux@ntlworld.com


With glibc 2.14 I am getting the following issue reported by valgrind, mplayer
is subsequently reporting a segv. Tested on Quad Core Phenom and IBM thinkpad
LFS development systems.
Kernel is 3.0, GCC is 4.6.1 and binutils 2.21.1.

Under valgrind mplayer reports:
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 48000 Hz, 2 ch, s16le, 32.0 kbit/2.08% (ratio: 4000->192000)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
==32349== Invalid read of size 4
==32349== at 0x4009D0A: do_lookup_x (in /lib/ld-2.14.so)
==32349== by 0x400A5EE: _dl_lookup_symbol_x (in /lib/ld-2.14.so)
==32349== by 0x53573E3: do_sym (in /lib/libc-2.14.so)
==32349== by 0x5357876: _dl_sym (in /lib/libc-2.14.so)
==32349== by 0xBE7FD1AF: ???
==32349== Address 0x5fddbe0 is 32 bytes inside a block of size 60 free'd
==32349== at 0x402A16D: free (vg_replace_malloc.c:343)
==32349== by 0x40153DE: _dl_close (in /lib/ld-2.14.so)
==32349== by 0x469FD01: dlclose_doit (in /lib/libdl-2.14.so)
==32349== by 0x400F84F: _dl_catch_error (in /lib/ld-2.14.so)
==32349== by 0x46A037D: _dlerror_run (in /lib/libdl-2.14.so)
==32349== by 0x469FD47: dlclose (in /lib/libdl-2.14.so)
==32349== by 0x45E0831: snd_dlclose (dlmisc.c:91)
==32349== by 0x45DC1A3: snd_config_hooks (conf.c:3327)
==32349== by 0x45DC7DE: snd_config_update_r (conf.c:3711)
==32349== by 0x45DC8C3: snd_config_update (conf.c:3742)
==32349== by 0x80A3DC5: init_best_audio_out (audio_out.c:169)
==32349== by 0x809AEDC: reinit_audio_chain (mplayer.c:1685)
==32349==

Without valgrind mplayer reports the fault as follows:

MPlayer SVN-r33893-4.6.1 (C) 2000-2011 MPlayer Team
162 audio & 359 video codecs

Playing /divx/StarTrek1.avi.
AVI file format detected.
[aviheader] Video stream found, -vid 0
[aviheader] Audio stream found, -aid 1
VIDEO: [DX50] 720x304 24bpp 23.976 fps 1045.8 kbps (127.7 kbyte/s)
Clip info:
 Software: VirtualDubMod 1.5.4.1 (build 2178/release)
Load subtitles in /divx/
==========================================================================
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Unsupported PixelFormat 61
Unsupported PixelFormat 53
Selected video codec: [ffodivx] vfm: ffmpeg (FFmpeg MPEG-4)
==========================================================================
==========================================================================
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 48000 Hz, 2 ch, s16le, 32.0 kbit/2.08% (ratio: 4000->192000)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================


MPlayer interrupted by signal 11 in module: ao2_init
- MPlayer crashed by bad usage of CPU/FPU/RAM.
  Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
  disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
  It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
  gcc version. If you think it's MPlayer's fault, please read
  DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and
  won't help unless you provide this information when reporting a possible bug.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/13034] Mplayer/alsa-lib dl_close segv.

[aj at suse dot de]

http://sourceware.org/bugzilla/show_bug.cgi?id=13034

Andreas Jaeger <aj at suse dot de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |aj at suse dot de
         Resolution|                            |INVALID

--- Comment #1 from Andreas Jaeger <aj at suse dot de> 2011-07-27 10:06:29 UTC ---
A crash in glibc does not mean that glibc is buggy, it could also be a bug in
the usage. We need more information and a stand alone test case.

-- 
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[Bug libc/13034] Mplayer/alsa-lib dl_close segv.

[fweimer at redhat dot com]

https://sourceware.org/bugzilla/show_bug.cgi?id=13034

Florian Weimer <fweimer at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
              Flags|                            |security-

-- 
You are receiving this mail because:
You are on the CC list for the bug.