another double-free() in libshout, triggered during involuntary shutdown of ices2
Hello,
this issue is sitting around for a while. I expected it to be in trunk for months now, but I was mistaken -- turns out it's hard to agree on the proper solution for this. Karl Heyes wanted to look into it again, but he's currently short on time so I submit this here. He mentioned that Brendan also looked at the patch attached to this report (see below), but couldn't see how it would make any difference. Well, it does ...
Note that this is NOT the issue that was fixed in libshout-2.2. My version of libshout-2.1 contained most patches that became v2.2, including the "first" double-free() fix. Line numbers might be slightly off, but that's all.
This is on OpenBSD 3.8/i386, with MALLOC_OPTIONS=FGPZ which has a similar effect to running an application with efence and free() protection. See http://www.openbsd.org/cgi-bin/man.cgi?query=malloc for details.
It may take a few days to trigger. I've been running the patch for a long time, and that one fixed it for me -- whether it's a workaround or the proper fix, I cannot tell. It had no ill effects. As soon as I removed it again to be closer to trunk for more testing, the crash occured again.
Backtrace:
Core was generated by `ices2'.
Program terminated with signal 11, Segmentation fault.
#0 0x07da9731 in free_codecs (ogg_data=0x85591540)
at /usr/ports/mystuff/net/libshout/w-libshout-2.1p2-debug/libshout-2.1/src/ogg.c:170
170 next = codec->next;
#1 0x07da964e in close_ogg (self=0x7c291280)
at /usr/ports/mystuff/net/libshout/w-libshout-2.1p2-debug/libshout-2.1/src/ogg.c:136
136 free_codecs(ogg_data);
#2 0x07da6350 in shout_close (self=0x7c291280)
at /usr/ports/mystuff/net/libshout/w-libshout-2.1p2-debug/libshout-2.1/src/shout.c:166
166 self->close(self);
#3 0x1c006381 in ices_instance_stream (arg=0x8343f880)
at /usr/ports/mystuff/net/ices2/w-ices-2.0.1p2-debug/ices-2.0.1/src/stream.c:348
#4 0x1c00de52 in _start_routine (arg=0x81a07480)
at /usr/ports/mystuff/net/ices2/w-ices-2.0.1p2-debug/ices-2.0.1/src/thread/thread.c:655
#5 0x0ee03d4b in _thread_start () from /usr/lib/libpthread.so.6.1
#6 0x0000001f in ?? ()
#7 0x00000000 in ?? ()
[...]
#1030 0x00000000 in ?? ()
Cannot access memory at address 0x7f495000
Icecast error.log:
[2006-01-04 07:10:03] INFO connection/_handle_source_request Source logging in at mountpoint "/kolaradio.ogg"
[2006-01-04 07:10:03] WARN connection/_handle_source_request Mountpoint /kolaradio.ogg in use
[2006-01-04 07:10:13] WARN source/get_next_buffer Disconnecting source due to socket timeout
[2006-01-04 07:10:13] INFO source/source_shutdown Source "/kolaradio.ogg" exiting
Ices-2's log:
[2006-01-04 07:10:03] EROR stream/ices_instance_stream Send error: Socket error (Broken pipe)
[2006-01-04 07:10:03] DBUG input/input_flush_queue Input queue flush requested
[2006-01-04 07:10:03] WARN stream/ices_instance_stream Trying reconnect after server socket error
[2006-01-04 07:10:03] INFO signals/signal_hup_handler Flushing logs
[2006-01-04 07:10:03] INFO playlist-builtin/event_handler Moving to next file in playlist.
[2006-01-04 07:10:03] INFO playlist-builtin/playlist_read Currently playing "/home/maxx/streams/z10/Ugress_-_Kaleido_Scope.ogg"
[2006-01-04 07:10:03] EROR stream/ices_instance_stream Failed to reconnect to localhost:8000 (Login failed)
[2006-01-04 07:10:05] WARN stream/ices_instance_stream Trying reconnect after server socket error
[2006-01-04 07:10:05] EROR stream/ices_instance_stream Failed to reconnect to localhost:8000 (Login failed)
[2006-01-04 07:10:07] WARN stream/ices_instance_stream Trying reconnect after server socket error
[2006-01-04 07:10:07] EROR stream/ices_instance_stream Failed to reconnect to localhost:8000 (Login failed)
[2006-01-04 07:10:09] WARN stream/ices_instance_stream Trying reconnect after server socket error
[2006-01-04 07:10:09] EROR stream/ices_instance_stream Failed to reconnect to localhost:8000 (Login failed)
[2006-01-04 07:10:11] WARN stream/ices_instance_stream Trying reconnect after server socket error
[2006-01-04 07:10:11] EROR stream/ices_instance_stream Failed to reconnect to localhost:8000 (Login failed)
[2006-01-04 07:10:11] EROR stream/ices_instance_stream Reconnect failed too many times, giving up.
[2006-01-04 07:10:11] WARN stream/ices_instance_stream Too many errors, shutting down
Moritz