-
Notifications
You must be signed in to change notification settings - Fork 247
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fluidsynth 2.0.8 - macOS - audio driver crash #591
Comments
It fails when it tries to zero out the allocated memory. But looking at the changes, I don't see any relevant change. |
The only other clue I can give is that I was Dynamically linking the library bundled with my App. |
You could compile fluidsynth 2.1.0.rc1 , and try if it crashes as well. If it does, recompile with |
Thanks Tom, I'll certainly try this, but it will be in a few days time. |
I'm able to reproduce this on my computer (macOS 10.15.1) and 2.1.0.rc1 no longer crashed where 2.0.8 did. I tried to bisect to find the commit that first caused the crash and the commit where it no longer happened. I also compiled both the broken commit and the v2.1.0.rc1 commit with ASAN and dropped the outputs at the pastebin links since both indicate undefined behaviour. First Commit With Crash: a94bc82 (Initialize allocated memory to garbage for debug builds.) ASAN from commit a94bc82: https://paste.fooster.io/fluidsynth_591_1 I didn't go too in-depth in the code to see why this might happen but hopefully this helps! Let me know if you want more data. |
Great to know that 2.1.0.rc1 fixes this issue! I'll give th 2.1.0.rc a go. Thanks again! I'll close this one out! |
Interesting, it loses the higher part of the address of the pointer when using fluid_alloc.
What makes it think that it's 32 bit? |
@fkmclane Thanks for the detailed analysis! After you pointed me to 6e45cfc, I remembered the problem. It's one of those nasty implicit-function-delcaration bugs. I added
In C89, implicitly declared functions default to return an |
Thanks for the quick response! So I looked into the undefined behaviour a little bit more and I think I see where the issue is. Interestingly, this code has been around and seemingly problematic since 05ee230 (9 years ago). I guess it happened to work well enough that it wasn't an issue or no one noticed when the undefined behaviour did happen but there is a problematic logic issue here. The undefined behaviour happens if there is fewer than When a device does not have usable outputs, the size of the Semantically, the I put a possible patch that does fix the undefined behaviour below but I don't know if it completely follows the style guide and it does add a heap allocation where there wasn't one before (it was a variable length array on the stack -- at least GCC puts them on the stack and I assume Clang does too). Using Thanks again for working on FluidSynth! Definition of
|
@fkmclane Thanks for your explanations. @romanbsd Just came accross this behaviour as well and tried to fix it: #593 . So to simplify things: From my understanding,
Since this hope might fail apparently, I would say that it is, technically, illegal to cast the memory returned by malloc to type In order to turn this hope into a guarantee, how about - if(OK(AudioObjectGetPropertyDataSize(deviceID, &pa, 0, 0, &size)))
+ if(OK(AudioObjectGetPropertyDataSize(deviceID, &pa, 0, 0, &size)) && size >= (sizeof(AudioBufferList) - FLUID_MEMBER_SIZE(AudioBufferList, mBuffers)) ) to avoid that accessing @fkmclane If you can successfully test your patch along with my changes on macOS and make a PR, I will happily include it in 2.0.9 . (Just leave the declaration of |
If the call succeeds, I'm not finding anywhere that it would be less than the size of the struct with For casting to I do notice, however, that a few other projects (not all I found) check that the size is non-zero before allocating in addition to checking that the call succeeded so I'll put that in the PR. I could very well be misunderstanding so if you do have documentation somewhere on the usage of these functions, I would be appreciative. I have only done minimal macOS dev and the usage of some of these kits (like CoreAudio) from C is still relatively foreign to me. I'll also open a PR and we can do review and comments there if you'd like. References from other projects: |
I also don't think that it would return a |
Yeah, I think Apple putting a size of Thanks again! |
See discussion in #591 for details. Basically an incorrect size was being allocated for the CoreAudio buffer list for a device. It was being allocated by a VLA (which already did not quite fit the semantics of the list) and the length calculated could be 0 (instead of the size of the struct with no buffers elements) causing undefined behaviour. This corrects it to allocate the amount of memory required by the CoreAudio framework function and adds a check for the size retrieval and for the dynamic allocation. This change passed UBSan in my test where before the change it did not. Fixes #591
Hello, release 2.0.8 seems to have introduced an audio driver crash. (macOS - coreaudio)
2.0.7 works perfectly.
The text was updated successfully, but these errors were encountered: