Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
Vorbis
Vorbis
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 21
    • Issues 21
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 0
    • Merge Requests 0
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Xiph.Org
  • VorbisVorbis
  • Issues
  • #479

Closed
Open
Opened Nov 12, 2003 by gtgbr@gtgbr

ogg123 segfaults, backtrace hints to libvorbis

After a while of listening to a Vorbis stream, ogg123 became "sick" and the 
input buffer was hovering around 0.5-1%. A little later, during a song change, 
it segfaulted. Here's the backtrace:

#0  0xdbae358 in decode_packed_entry_number (book=0x3c0ce3c8, b=0x3c076a48)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/codebook.c:345
345         if(book->dec_codelengths[lo]<=read){
#1  0xdbae128 in vorbis_book_decodevv_add (book=0x3c0ce3c8, a=0xcfbfcc0c,
    offset=416, ch=2, b=0x3c076a48, n=32)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/codebook.c:460
460         entry = decode_packed_entry_number(book,b);
#2  0xdbaaa31 in res2_inverse (vb=0x3c076a44, vl=0x3c013a40, in=0xcfbfcc0c,
    nonzero=0xcfbfcbfc, ch=2)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/res0.c:859
859                 if(vorbis_book_decodevv_add(stagebook,in,
#3  0xdbac7d8 in mapping0_inverse (vb=0x3c076a44, l=0x3c09b000)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/mapping0.c:702
#4  0xdb9d706 in vorbis_synthesis (vb=0x3c076a44, op=0xcfbfcd24)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/synthesis.c:76
#5  0xa53eb8f in _fetch_and_process_packet (vf=0x3c076800, op_in=0x0, readp=1,
    spanp=1)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/vorbisfile.c:484
#6  0xa541a1f in ov_read (vf=0x3c076800, buffer=0x3c005fa0 "¡", length=3072,
    bigendianp=0, word=2, sgned=1, bitstream=0x3c076ac8)
    at /usr/ports/mystuff/audio/libvorbis/w-libvorbis-1.0.1-debug/libvorbis-1.0.
1/lib/vorbisfile.c:1545
#7  0x1c007417 in ovf_read (decoder=0x3c013540, ptr=0x3c005fa0, nbytes=3072,
    eos=0xcfbfce8c, audio_fmt=0xcfbfcea0) at oggvorbis_format.c:139
#8  0x1c006ec2 in play (
    source_string=0x3c013480 "http://pandora.hrz.tu-chemnitz.de:8000/kolaradio.
ogg") at ogg123.c:525
#9  0x1c006b81 in main (argc=2, argv=0xcfbfcfb4) at ogg123.c:389
#10 0x1c0035a1 in ___start ()
#11 0x1c003517 in __start ()
#12 0xcfbfd100 in ?? ()

The icecast server in charge was -kh10 from Karl Heyes, which also had problems 
(something about NULL pointers, I think we/he could find the problem and fix it)
... so it is possible that the server sent some junk to ogg123, however, I 
believe that this is no valid reason for ogg123 or the vorbis libs to segfault.

The issue might be quite subtle since I compiled everything with certain 
malloc() settings in malloc.conf for testing. The options I use are 'AGZ'. From 
malloc.conf(3):

<snip>
     A       ``Abort''.  malloc() will coredump the process, rather than tol-
             erate failure.  This is a very handy debugging aid, since the
             core file will represent the time of failure, rather than when
             the null pointer was accessed.
[...]
     G       Enable guard pages and chunk randomization.  Each page size or
             larger allocation is followed by a guard page that will cause a
             segmentation fault upon any access.  Smaller than page size
             chunks are returned in a random order.
(this is unique to OpenBSD, as far as I know)
[...]
     Z       ``Zero''.  Fill some junk into the area allocated (see J), except
             for the exact length the user asked for, which is zeroed.
[...]
     The J and Z flags are mostly for testing and debugging.  If a program
     changes behavior if either of these options are used, it is buggy.

     The default cache size is 16 pages.
</snip>

Please let me know if I can help with further gdb output. The OS I am using is a 
very recent version of OpenBSD 3.4-current on i386.


Moritz
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: xiph/vorbis#479