We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 1418

Summary: crash on double free if loading WAV file failed
Product: SDL_mixer Reporter: dwachs
Component: miscAssignee: Ryan C. Gordon <icculus>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: critical    
Priority: P2    
Version: 1.2.12   
Hardware: x86_64   
OS: Linux   

Description dwachs 2012-02-12 08:33:37 UTC 
Here is an excerpt of gdb:

.
*** glibc detected *** simutrans-trunk/simutrans/sim: double free or corruption (top): 0x0000000001774790 ***
======= Backtrace: =========
...


#0  0x00007ffff6a4cab5 in raise () from /lib64/libc.so.6
#1  0x00007ffff6a4dfb6 in abort () from /lib64/libc.so.6
#2  0x00007ffff6a87dd3 in __libc_message () from /lib64/libc.so.6
#3  0x00007ffff6a8d3b6 in malloc_printerr () from /lib64/libc.so.6
#4  0x00007ffff6a922dc in free () from /lib64/libc.so.6
#5  0x00007ffff6a7d705 in fclose@@GLIBC_2.2.5 () from /lib64/libc.so.6
#6  0x00007ffff772b449 in ?? () from /usr/lib64/libSDL-1.2.so.0
#7  0x000000000061df4f in Mix_LoadWAV_RW (src=0x145f960, freesrc=1) at mixer.c:618


The problem here is:
-- SDL_LoadWAV_RW fails, but is called with freesrc==1, hence it closes the given file
-- mixer.c itself wants to close the file again in line 618:

	if ( !loaded ) {
		SDL_free(chunk);
		if ( freesrc ) {
			SDL_RWclose(src); /// causes double free
		}
		return(NULL);
	}

Suggestion: remove the entire if (freesrc) { .. } block, as the called subroutines close the file if freesrc != 0.
Comment 1 Sam Lantinga 2012-02-12 14:59:47 UTC 
Fixed, thanks!
http://hg.libsdl.org/SDL_mixer/rev/2d713670db9b
Comment 2 dwachs 2012-02-13 00:01:44 UTC 
that was quick :)

Thanks!
Comment 3 Sam Lantinga 2012-02-13 22:17:56 UTC 
You're welcome! :)