Closed
Bug 485642
Opened 16 years ago
Closed 16 years ago
Crash in nsAudioStream::Write while expanding mBufferOverflow
Categories
(Core :: Audio/Video, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: kinetik, Unassigned)
References
Details
On a trunk x86_64 build, I'm seeing crashes with nsAudioStream::Write on the stack when playing video.
|
Reporter | |
Comment 1•16 years ago
|
||
snd_pcm_avail_update in sa_stream_get_write_size is returning an error (-32, EPIPE, which means we've either overrun or underrun (EPIPE can mean either, depending on the ALSA function called, and for snd_pcm_avail_update it's not explicitly documented)). sa_stream_get_write_size doesn't check for error and blindly attempts to convert the result from frames to bytes, resulting in a huge unsigned value.
nsAudioStream::Available divides this by two, then returns it as a signed value. nsAudioStream::Write uses this to extend mBufferOverflow with AppendElements:
with available = -32:
mBufferOverflow.AppendElements(s_data.get() + available, (count - available));
...which is obviously bad.
|
||
Comment 2•16 years ago
|
||
I think this is fixed in the latest libsydneyaudio changes I made? See patch in bug 485433.
Basically the code changed to use snd_pcm_status. The result of this is checked and an error returned. If it succeeds, snd_pcm_status_get_avail is used to get the available bytes from the returned status structure:
if ((r = snd_pcm_status(s->output_unit, status)) < 0) {
*size = 0;
return SA_ERROR_SYSTEM;
}
avail = snd_pcm_status_get_avail(status);
*size = snd_pcm_frames_to_bytes(s->output_unit, avail);
|
|
Reporter | |
Comment 3•16 years ago
|
||
It'd fix it if snd_pcm_status returned an error. snd_pcm_status_get_avail can return an error, and the new code doesn't check for and handle that case, so it seems like this could still be a problem.
|
|
||
Comment 4•16 years ago
|
||
I'll do a libsydneyaudio fix and update bug 485433 with the patch.
|
|
||
Comment 5•16 years ago
|
||
Hmm, the docs for snd_pcm_status_get_avail don't mention it returning any error details. In fact, the return value is unsigned so it can't return a negative value. I think the result is valid if the call to snd_pcm_status succeeded.
|
|
Reporter | |
Comment 6•16 years ago
|
||
Oops, I was looking at the wrong ALSA function when I checked the docs. You're right.
|
|
Reporter | |
Updated•16 years ago
|
|
|
Reporter | |
Comment 7•16 years ago
|
||
Fixed by bug 485433 landing.
You need to log in
before you can comment on or make changes to this bug.
Description
•