You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 12, 2023. It is now read-only.
# dtrace -p <qtox-pid> -n 'pid$target::alcOpenDevice:entry/arg0!=0/{printf("%s",copyinstr(arg0))}'
dtrace: description 'pid$target::alcOpenDevice:entry' matched 1 probe
CPU ID FUNCTION:NAME
0 75522 alcOpenDevice:entry OSS Default
Cause
In both Audio::initInput and Audio::initOutput a QByteArray is created, without being assigned to a variable, and tmpDevName is set to a pointer internal to the array. After this the array is destroyed, the string freed, and the now invalid pointer is used as the argument for alcOpenDevice.
@antis81 I doubt that this issue would have any consistency without junking, so it may be unrelated to #3721. I also checked the other two and can confirm that they are unrelated to this.
Brief Description
OS: FreeBSD 12-CURRENT
qTox version: 1.5.2-143-g60af778 & 1.5.1
Commit hash: 60af778
toxcore: 0.151112
Qt: 5.6.1
Hardware: amd64
Compiler: clang 3.8
Reproducible: Always
Steps to reproduce
free
ortrue
:MALLOC_CONF='junk:free' qtox
Audio::initOutput
).Observed Behavior
The audio device fails to open:
Because junk is being passed to
alcOpenDevice
:Note:
junk:free
fills freed memory with 0x5A octets (ASCII Z)Expected Behavior
The open succeeds:
With the correct argument:
Cause
In both
Audio::initInput
andAudio::initOutput
aQByteArray
is created, without being assigned to a variable, andtmpDevName
is set to a pointer internal to the array. After this the array is destroyed, the string freed, and the now invalid pointer is used as the argument foralcOpenDevice
.Additional Info
malloc.conf(5)
The text was updated successfully, but these errors were encountered: