We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3115

Summary:	Double free or corruption when playing some MS ADPCM files
Product:	SDL_mixer	Reporter:	Francisco de la Peña <fran>
Component:	misc	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	normal
Priority:	P2	CC:	philipp.wiesemann, vikas.ag
Version:	unspecified
Hardware:	All
OS:	All
Attachments:	Microsoft ADPCM file Patch - Double free

Description Francisco de la Peña 2015-09-07 21:23:34 UTC

Created attachment 2261 [details]
Microsoft ADPCM file

SDL_mixer crashes when trying to play some MS ADPCM wav files.

This was showing unsupported WAVE format on early post-SDL 2.0.3 Hg versions.

It crashes with playmus but not with playwave. Attached a crashing .wav file.

Tested with current Hg.

playmus backtrace:

Starting program: build/.libs/playmus 152-organ33.wav
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Opened audio at 22050 Hz 16 bit stereo (LE), 4096 bytes audio buffer
*** Error in `build/.libs/playmus': double free or corruption (top): 0x0000000000672270 ***
======= Backtrace: =========
/usr/lib64/libc.so.6(+0x77a8d)[0x7ffff69b8a8d]
/usr/lib64/libc.so.6(cfree+0x5cd)[0x7ffff69c4d2d]
/usr/lib64/libc.so.6(fclose+0x103)[0x7ffff69ae853]
/usr/lib64/libSDL2-2.0.so.0(+0x518d9)[0x7ffff78a28d9]
/usr/lib64/libSDL2_mixer-2.0.so.0(Mix_LoadMUSType_RW+0x96)[0x7ffff7b96ca6]
/usr/lib64/libSDL2_mixer-2.0.so.0(Mix_LoadMUS+0xbe)[0x7ffff7b96f5e]
SDL_mixer/build/.libs/playmus[0x401753]
/usr/lib64/libc.so.6(__libc_start_main+0xf0)[0x7ffff6961700]
SDL_mixer/build/.libs/playmus[0x400f39]

Program received signal SIGABRT, Aborted.
0x00007ffff69759c8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
55	  return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);

(gdb) bt f
#0  0x00007ffff69759c8 in __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:55
        resultvar = 0
        pid = 21238
        selftid = 21238
#1  0x00007ffff697765a in __GI_abort () at abort.c:89
        save_stage = 2
        act = {__sigaction_handler = {sa_handler = 0x2030303038323030, sa_sigaction = 0x2030303038323030}, sa_mask = {__val = {4049052935617406054, 2314885604219828531, 2314885530818453536, 
              2314885530818453536, 7596498840077020960, 8314323775448692322, 8299681584306746233, 734137549499412079, 7378645952437315127, 7378645706714656816, 3472329628573984358, 3467895053655089200, 
              2319406791771959344, 4049052935617406054, 2314885604219828531, 140737354089184}}, sa_flags = 128, sa_restorer = 0x7fffffffdcc0}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00007ffff69b8a92 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x7ffff6acb7e0 "*** Error in `%s': %s: 0x%s ***\n") at ../sysdeps/posix/libc_fatal.c:175
        ap = {{gp_offset = 40, fp_offset = 32767, overflow_arg_area = 0x7fffffffdcd0, reg_save_area = 0x7fffffffdc60}}
        fd = 9
        on_2 = <optimized out>
        list = <optimized out>
        nlist = <optimized out>
        cp = <optimized out>
        written = <optimized out>
#3  0x00007ffff69c4d2d in malloc_printerr (ptr=<optimized out>, str=0x7ffff6acb8d0 "double free or corruption (top)", action=<optimized out>) at malloc.c:4976
        buf = "0000000000672270"
        cp = <optimized out>
#4  _int_free (have_lock=0, p=<optimized out>, av=<optimized out>) at malloc.c:3843
        size = <optimized out>
        nextsize = <optimized out>
        nextinuse = <optimized out>
        errstr = <optimized out>
        nextchunk = <optimized out>
        prevsize = <optimized out>
        fwd = <optimized out>
        locked = <optimized out>
        fb = <optimized out>
        bck = <optimized out>
#5  __GI___libc_free (mem=<optimized out>) at malloc.c:2953
        ar_ptr = <optimized out>
        p = <optimized out>
        hook = <optimized out>
#6  0x00007ffff69ae853 in _IO_new_fclose (fp=0x672270) at iofclose.c:85
        status = -1
#7  0x00007ffff78a28d9 in stdio_close (context=0x62e130) at SDL/src/file/SDL_rwops.c:366
        status = 0
#8  0x00007ffff7b96ca6 in Mix_LoadMUSType_RW (src=src@entry=0x62e130, type=type@entry=MUS_WAV, freesrc=freesrc@entry=1) at music.c:754
        music = <optimized out>
        start = 0
#9  0x00007ffff7b96f5e in Mix_LoadMUS (file=<optimized out>) at music.c:578
        src = 0x62e130
        music = <optimized out>
        type = MUS_WAV
        ext = <optimized out>
#10 0x0000000000401753 in main (argc=2, argv=0x7fffffffdf28) at playmus.c:207
        audio_rate = 22050
        audio_format = 32784
        audio_channels = 2
        audio_buffers = 4096
        audio_volume = 128
        looping = 0
        interactive = 0
        rwops = 0
        i = 1

======= Memory map: ========
00400000-00402000 r-xp 00000000 fd:02 49156523                           SDL_mixer/build/.libs/playmus
00601000-00602000 r--p 00001000 fd:02 49156523                           SDL_mixer/build/.libs/playmus
00602000-00603000 rw-p 00002000 fd:02 49156523                           SDL_mixer/build/.libs/playmus
00603000-00687000 rw-p 00000000 00:00 0                                  [heap]
7fffdc000000-7fffdc021000 rw-p 00000000 00:00 0 
7fffdc021000-7fffe0000000 ---p 00000000 00:00 0 
7fffe3fff000-7fffe8000000 rw-s 00000000 00:13 83460                      /dev/shm/pulse-shm-24851274
7fffe8000000-7fffe8021000 rw-p 00000000 00:00 0 
7fffe8021000-7fffec000000 ---p 00000000 00:00 0 
7fffec104000-7fffec276000 r-xp 00000000 fd:01 1840123                    /usr/lib64/libstdc++.so.6.0.21
7fffec276000-7fffec476000 ---p 00172000 fd:01 1840123                    /usr/lib64/libstdc++.so.6.0.21
7fffec476000-7fffec480000 r--p 00172000 fd:01 1840123                    /usr/lib64/libstdc++.so.6.0.21
7fffec480000-7fffec482000 rw-p 0017c000 fd:01 1840123                    /usr/lib64/libstdc++.so.6.0.21
7fffec482000-7fffec486000 rw-p 00000000 00:00 0 
7fffec486000-7fffec4d2000 r-xp 00000000 fd:01 1838917                    /usr/lib64/libmodplug.so.1.0.0
7fffec4d2000-7fffec6d2000 ---p 0004c000 fd:01 1838917                    /usr/lib64/libmodplug.so.1.0.0
7fffec6d2000-7fffec6d3000 r--p 0004c000 fd:01 1838917                    /usr/lib64/libmodplug.so.1.0.0
7fffec6d3000-7fffec6d4000 rw-p 0004d000 fd:01 1838917                    /usr/lib64/libmodplug.so.1.0.0
7fffec6d4000-7fffec813000 rw-p 00000000 00:00 0 
7fffec813000-7fffec814000 ---p 00000000 00:00 0 
7fffec814000-7fffed014000 rw-p 00000000 00:00 0                          [stack:21243]
7fffed014000-7fffed015000 ---p 00000000 00:00 0 
7fffed015000-7fffed815000 rw-p 00000000 00:00 0                          [stack:21242]
7fffed815000-7ffff1816000 rw-s 00000000 00:13 80589                      /dev/shm/pulse-shm-312409902
7ffff1816000-7ffff1841000 r-xp 00000000 fd:01 1844113                    /usr/lib64/libvorbis.so.0.4.7
7ffff1841000-7ffff1a41000 ---p 0002b000 fd:01 1844113                    /usr/lib64/libvorbis.so.0.4.7
7ffff1a41000-7ffff1a42000 r--p 0002b000 fd:01 1844113                    /usr/lib64/libvorbis.so.0.4.7
7ffff1a42000-7ffff1a43000 rw-p 0002c000 fd:01 1844113                    /usr/lib64/libvorbis.so.0.4.7
7ffff1a43000-7ffff1a49000 r-xp 00000000 fd:01 1843847                    /usr/lib64/libogg.so.0.8.2
7ffff1a49000-7ffff1c48000 ---p 00006000 fd:01 1843847                    /usr/lib64/libogg.so.0.8.2
7ffff1c48000-7ffff1c49000 r--p 00005000 fd:01 1843847                    /usr/lib64/libogg.so.0.8.2
7ffff1c49000-7ffff1c4a000 rw-p 00006000 fd:01 1843847                    /usr/lib64/libogg.so.0.8.2
7ffff1c4a000-7ffff1c5f000 r-xp 00000000 fd:01 1844209                    /usr/lib64/libz.so.1.2.8
7ffff1c5f000-7ffff1e5e000 ---p 00015000 fd:01 1844209                    /usr/lib64/libz.so.1.2.8
7ffff1e5e000-7ffff1e5f000 r--p 00014000 fd:01 1844209                    /usr/lib64/libz.so.1.2.8
7ffff1e5f000-7ffff1e60000 rw-p 00015000 fd:01 1844209                    /usr/lib64/libz.so.1.2.8
7ffff1e60000-7ffff1e6f000 r-xp 00000000 fd:01 1843352                    /usr/lib64/libbz2.so.1.0.6
7ffff1e6f000-7ffff206e000 ---p 0000f000 fd:01 1843352                    /usr/lib64/libbz2.so.1.0.6
7ffff206e000-7ffff206f000 r--p 0000e000 fd:01 1843352                    /usr/lib64/libbz2.so.1.0.6
7ffff206f000-7ffff2070000 rw-p 0000f000 fd:01 1843352                    /usr/lib64/libbz2.so.1.0.6
7ffff2070000-7ffff2085000 r-xp 00000000 fd:01 1842599                    /usr/lib64/libelf-0.163.so
7ffff2085000-7ffff2284000 ---p 00015000 fd:01 1842599                    /usr/lib64/libelf-0.163.so
7ffff2284000-7ffff2285000 r--p 00014000 fd:01 1842599                    /usr/lib64/libelf-0.163.so
7ffff2285000-7ffff2286000 rw-p 00015000 fd:01 1842599                    /usr/lib64/libelf-0.163.so
7ffff2286000-7ffff22f4000 r-xp 00000000 fd:01 1840597                    /usr/lib64/libpcre.so.1.2.5
7ffff22f4000-7ffff24f4000 ---p 0006e000 fd:01 1840597                    /usr/lib64/libpcre.so.1.2.5
7ffff24f4000-7ffff24f5000 r--p 0006e000 fd:01 1840597                    /usr/lib64/libpcre.so.1.2.5
7ffff24f5000-7ffff24f6000 rw-p 0006f000 fd:01 1840597                    /usr/lib64/libpcre.so.1.2.5
7ffff24f6000-7ffff2587000 r-xp 00000000 fd:01 1844114                    /usr/lib64/libvorbisenc.so.2.0.10
7ffff2587000-7ffff2786000 ---p 00091000 fd:01 1844114                    /usr/lib64/libvorbisenc.so.2.0.10
7ffff2786000-7ffff27a8000 r--p 00090000 fd:01 1844114                    /usr/lib64/libvorbisenc.so.2.0.10
7ffff27a8000-7ffff27a9000 rw-p 000b2000 fd:01 1844114                    /usr/lib64/libvorbisenc.so.2.0.10
7ffff27a9000-7ffff2801000 r-xp 00000000 fd:01 1840598                    /usr/lib64/libFLAC.so.8.3.0
7ffff2801000-7ffff2a01000 ---p 00058000 fd:01 1840598                    /usr/lib64/libFLAC.so.8.3.0
7ffff2a01000-7ffff2a02000 r--p 00058000 fd:01 1840598                    /usr/lib64/libFLAC.so.8.3.0
7ffff2a02000-7ffff2a03000 rw-p 00059000 fd:01 1840598                    /usr/lib64/libFLAC.so.8.3.0
7ffff2a03000-7ffff2a0e000 r-xp 00000000 fd:01 1843602                    /usr/lib64/libgsm.so.1.0.12
7ffff2a0e000-7ffff2c0d000 ---p 0000b000 fd:01 1843602                    /usr/lib64/libgsm.so.1.0.12
7ffff2c0d000-7ffff2c0e000 r--p 0000a000 fd:01 1843602                    /usr/lib64/libgsm.so.1.0.12
7ffff2c0e000-7ffff2c0f000 rw-p 0000b000 fd:01 1843602                    /usr/lib64/libgsm.so.1.0.12
7ffff2c0f000-7ffff2c25000 r-xp 00000000 fd:01 1839028                    /usr/lib64/libnsl-2.21.so
7ffff2c25000-7ffff2e24000 ---p 00016000 fd:01 1839028                    /usr/lib64/libnsl-2.21.so
7ffff2e24000-7ffff2e25000 r--p 00015000 fd:01 1839028                    /usr/lib64/libnsl-2.21.so
7ffff2e25000-7ffff2e26000 rw-p 00016000 fd:01 1839028                    /usr/lib64/libnsl-2.21.so
7ffff2e26000-7ffff2e28000 rw-p 00000000 00:00 0 
7ffff2e28000-7ffff2e3e000 r-xp 00000000 fd:01 1837736                    /usr/lib64/libgcc_s-5.1.1-20150618.so.1
7ffff2e3e000-7ffff303d000 ---p 00016000 fd:01 1837736                    /usr/lib64/libgcc_s-5.1.1-20150618.so.1
7ffff303d000-7ffff303e000 r--p 00015000 fd:01 1837736                    /usr/lib64/libgcc_s-5.1.1-20150618.so.1
7ffff303e000-7ffff303f000 rw-p 00016000 fd:01 1837736                    /usr/lib64/libgcc_s-5.1.1-20150618.so.1
7ffff303f000-7ffff3085000 r-xp 00000000 fd:01 1842606                    /usr/lib64/libdw-0.163.so
7ffff3085000-7ffff3285000 ---p 00046000 fd:01 1842606                    /usr/lib64/libdw-0.163.so
7ffff3285000-7ffff3287000 r--p 00046000 fd:01 1842606                    /usr/lib64/libdw-0.163.so
7ffff3287000-7ffff3288000 rw-p 00048000 fd:01 1842606                    /usr/lib64/libdw-0.163.so
7ffff3288000-7ffff329f000 r-xp 00000000 fd:01 1839046                    /usr/lib64/libresolv-2.21.so
7ffff329f000-7ffff349f000 ---p 00017000 fd:01 1839046                    /usr/lib64/libresolv-2.21.so
7ffff349f000-7ffff34a0000 r--p 00017000 fd:01 1839046                    /usr/lib64/libresolv-2.21.so
7ffff34a0000-7ffff34a1000 rw-p 00018000 fd:01 1839046                    /usr/lib64/libresolv-2.21.so
7ffff34a1000-7ffff34a3000 rw-p 00000000 00:00 0 
7ffff34a3000-7ffff34b4000 r-xp 00000000 fd:01 1843590                    /usr/lib64/libgpg-error.so.0.13.0
7ffff34b4000-7ffff36b3000 ---p 00011000 fd:01 1843590                    /usr/lib64/libgpg-error.so.0.13.0
7ffff36b3000-7ffff36b4000 r--p 00010000 fd:01 1843590                    /usr/lib64/libgpg-error.so.0.13.0
7ffff36b4000-7ffff36b5000 rw-p 00011000 fd:01 1843590                    /usr/lib64/libgpg-error.so.0.13.0
7ffff36b5000-7ffff3790000 r-xp 00000000 fd:01 1843533                    /usr/lib64/libgcrypt.so.20.0.3
7ffff3790000-7ffff3990000 ---p 000db000 fd:01 1843533                    /usr/lib64/libgcrypt.so.20.0.3
7ffff3990000-7ffff3991000 r--p 000db000 fd:01 1843533                    /usr/lib64/libgcrypt.so.20.0.3
7ffff3991000-7ffff399a000 rw-p 000dc000 fd:01 1843533                    /usr/lib64/libgcrypt.so.20.0.3
7ffff399a000-7ffff39bf000 r-xp 00000000 fd:01 1838173                    /usr/lib64/liblzma.so.5.2.1
7ffff39bf000-7ffff3bbe000 ---p 00025000 fd:01 1838173                    /usr/lib64/liblzma.so.5.2.1
7ffff3bbe000-7ffff3bbf000 r--p 00024000 fd:01 1838173                    /usr/lib64/liblzma.so.5.2.1
7ffff3bbf000-7ffff3bc0000 rw-p 00025000 fd:01 1838173                    /usr/lib64/liblzma.so.5.2.1
7ffff3bc0000-7ffff3be1000 r-xp 00000000 fd:01 1843039                    /usr/lib64/libselinux.so.1
7ffff3be1000-7ffff3de0000 ---p 00021000 fd:01 1843039                    /usr/lib64/libselinux.so.1
7ffff3de0000-7ffff3de1000 r--p 00020000 fd:01 1843039                    /usr/lib64/libselinux.so.1
7ffff3de1000-7ffff3de2000 rw-p 00021000 fd:01 1843039                    /usr/lib64/libselinux.so.1
7ffff3de2000-7ffff3de4000 rw-p 00000000 00:00 0 
7ffff3de4000-7ffff3df3000 r-xp 00000000 fd:01 1843264                    /usr/lib64/libXi.so.6.1.0
7ffff3df3000-7ffff3ff2000 ---p 0000f000 fd:01 1843264                    /usr/lib64/libXi.so.6.1.0
7ffff3ff2000-7ffff3ff3000 r--p 0000e000 fd:01 1843264                    /usr/lib64/libXi.so.6.1.0
7ffff3ff3000-7ffff3ff4000 rw-p 0000f000 fd:01 1843264                    /usr/lib64/libXi.so.6.1.0
7ffff3ff4000-7ffff4005000 r-xp 00000000 fd:01 1843260                    /usr/lib64/libXext.so.6.4.0
7ffff4005000-7ffff4204000 ---p 00011000 fd:01 1843260                    /usr/lib64/libXext.so.6.4.0
7ffff4204000-7ffff4205000 r--p 00010000 fd:01 1843260                    /usr/lib64/libXext.so.6.4.0
7ffff4205000-7ffff4206000 rw-p 00011000 fd:01 1843260                    /usr/lib64/libXext.so.6.4.0
7ffff4206000-7ffff420a000 r-xp 00000000 fd:01 1842802                    /usr/lib64/libuuid.so.1.3.0
7ffff420a000-7ffff4409000 ---p 00004000 fd:01 1842802                    /usr/lib64/libuuid.so.1.3.0
7ffff4409000-7ffff440a000 r--p 00003000 fd:01 1842802                    /usr/lib64/libuuid.so.1.3.0
7ffff440a000-7ffff440b000 rw-p 00004000 fd:01 1842802                    /usr/lib64/libuuid.so.1.3.0
7ffff440b000-7ffff440d000 r-xp 00000000 fd:01 1843254                    /usr/lib64/libXau.so.6.0.0
7ffff440d000-7ffff460d000 ---p 00002000 fd:01 1843254                    /usr/lib64/libXau.so.6.0.0
7ffff460d000-7ffff460e000 r--p 00002000 fd:01 1843254                    /usr/lib64/libXau.so.6.0.0
7ffff460e000-7ffff460f000 rw-p 00003000 fd:01 1843254                    /usr/lib64/libXau.so.6.0.0
7ffff460f000-7ffff4613000 r-xp 00000000 fd:01 1843309                    /usr/lib64/libattr.so.1.1.0
7ffff4613000-7ffff4812000 ---p 00004000 fd:01 1843309                    /usr/lib64/libattr.so.1.1.0
7ffff4812000-7ffff4813000 r--p 00003000 fd:01 1843309                    /usr/lib64/libattr.so.1.1.0
7ffff4813000-7ffff4814000 rw-p 00004000 fd:01 1843309                    /usr/lib64/libattr.so.1.1.0
7ffff4814000-7ffff4819000 r-xp 00000000 fd:01 1843300                    /usr/lib64/libasyncns.so.0.3.1
7ffff4819000-7ffff4a18000 ---p 00005000 fd:01 1843300                    /usr/lib64/libasyncns.so.0.3.1
7ffff4a18000-7ffff4a19000 r--p 00004000 fd:01 1843300                    /usr/lib64/libasyncns.so.0.3.1
7ffff4a19000-7ffff4a1a000 rw-p 00005000 fd:01 1843300                    /usr/lib64/libasyncns.so.0.3.1
7ffff4a1a000-7ffff4a72000 r-xp 00000000 fd:01 1844006                    /usr/lib64/libsndfile.so.1.0.25
7ffff4a72000-7ffff4c72000 ---p 00058000 fd:01 1844006                    /usr/lib64/libsndfile.so.1.0.25
7ffff4c72000-7ffff4c74000 r--p 00058000 fd:01 1844006                    /usr/lib64/libsndfile.so.1.0.25
7ffff4c74000-7ffff4c75000 rw-p 0005a000 fd:01 1844006                    /usr/lib64/libsndfile.so.1.0.25
7ffff4c75000-7ffff4c79000 rw-p 00000000 00:00 0 
7ffff4c79000-7ffff4c82000 r-xp 00000000 fd:01 1844138                    /usr/lib64/libwrap.so.0.7.6
7ffff4c82000-7ffff4e81000 ---p 00009000 fd:01 1844138                    /usr/lib64/libwrap.so.0.7.6
7ffff4e81000-7ffff4e82000 r--p 00008000 fd:01 1844138                    /usr/lib64/libwrap.so.0.7.6
7ffff4e82000-7ffff4e83000 rw-p 00009000 fd:01 1844138                    /usr/lib64/libwrap.so.0.7.6
7ffff4e83000-7ffff4e84000 rw-p 00000000 00:00 0 
7ffff4e84000-7ffff4e89000 r-xp 00000000 fd:01 1843272                    /usr/lib64/libXtst.so.6.1.0
7ffff4e89000-7ffff5088000 ---p 00005000 fd:01 1843272                    /usr/lib64/libXtst.so.6.1.0
7ffff5088000-7ffff5089000 r--p 00004000 fd:01 1843272                    /usr/lib64/libXtst.so.6.1.0
7ffff5089000-7ffff508a000 rw-p 00005000 fd:01 1843272                    /usr/lib64/libXtst.so.6.1.0
7ffff508a000-7ffff5091000 r-xp 00000000 fd:01 1843247                    /usr/lib64/libSM.so.6.0.1
7ffff5091000-7ffff5290000 ---p 00007000 fd:01 1843247                    /usr/lib64/libSM.so.6.0.1
7ffff5290000-7ffff5291000 r--p 00006000 fd:01 1843247                    /usr/lib64/libSM.so.6.0.1
7ffff5291000-7ffff5292000 rw-p 00007000 fd:01 1843247                    /usr/lib64/libSM.so.6.0.1
7ffff5292000-7ffff52a9000 r-xp 00000000 fd:01 1843203                    /usr/lib64/libICE.so.6.3.0
7ffff52a9000-7ffff54a9000 ---p 00017000 fd:01 1843203                    /usr/lib64/libICE.so.6.3.0
7ffff54a9000-7ffff54aa000 r--p 00017000 fd:01 1843203                    /usr/lib64/libICE.so.6.3.0
7ffff54aa000-7ffff54ab000 rw-p 00018000 fd:01 1843203                    /usr/lib64/libICE.so.6.3.0
7ffff54ab000-7ffff54af000 rw-p 00000000 00:00 0 
7ffff54af000-7ffff54d0000 r-xp 00000000 fd:01 1840217                    /usr/lib64/libxcb.so.1.1.0
7ffff54d0000-7ffff56cf000 ---p 00021000 fd:01 1840217                    /usr/lib64/libxcb.so.1.1.0
7ffff56cf000-7ffff56d0000 r--p 00020000 fd:01 1840217                    /usr/lib64/libxcb.so.1.1.0
7ffff56d0000-7ffff56d1000 rw-p 00021000 fd:01 1840217                    /usr/lib64/libxcb.so.1.1.0
7ffff56d1000-7ffff580c000 r-xp 00000000 fd:01 1843252                    /usr/lib64/libX11.so.6.3.0
7ffff580c000-7ffff5a0c000 ---p 0013b000 fd:01 1843252                    /usr/lib64/libX11.so.6.3.0
7ffff5a0c000-7ffff5a0d000 r--p 0013b000 fd:01 1843252                    /usr/lib64/libX11.so.6.3.0
7ffff5a0d000-7ffff5a12000 rw-p 0013c000 fd:01 1843252                    /usr/lib64/libX11.so.6.3.0
7ffff5a12000-7ffff5a13000 r-xp 00000000 fd:01 1843251                    /usr/lib64/libX11-xcb.so.1.0.0
7ffff5a13000-7ffff5c12000 ---p 00001000 fd:01 1843251                    /usr/lib64/libX11-xcb.so.1.0.0
7ffff5c12000-7ffff5c13000 r--p 00000000 fd:01 1843251                    /usr/lib64/libX11-xcb.so.1.0.0
7ffff5c13000-7ffff5c14000 rw-p 00001000 fd:01 1843251                    /usr/lib64/libX11-xcb.so.1.0.0
7ffff5c14000-7ffff5c5b000 r-xp 00000000 fd:01 1841738                    /usr/lib64/libdbus-1.so.3.8.13
7ffff5c5b000-7ffff5e5b000 ---p 00047000 fd:01 1841738                    /usr/lib64/libdbus-1.so.3.8.13
7ffff5e5b000-7ffff5e5c000 r--p 00047000 fd:01 1841738                    /usr/lib64/libdbus-1.so.3.8.13
7ffff5e5c000-7ffff5e5d000 rw-p 00048000 fd:01 1841738                    /usr/lib64/libdbus-1.so.3.8.13
7ffff5e5d000-7ffff5e67000 r-xp 00000000 fd:01 1843715                    /usr/lib64/libjson-c.so.2.0.1
7ffff5e67000-7ffff6066000 ---p 0000a000 fd:01 1843715                    /usr/lib64/libjson-c.so.2.0.1
7ffff6066000-7ffff6067000 r--p 00009000 fd:01 1843715                    /usr/lib64/libjson-c.so.2.0.1
7ffff6067000-7ffff6068000 rw-p 0000a000 fd:01 1843715                    /usr/lib64/libjson-c.so.2.0.1
7ffff6068000-7ffff606c000 r-xp 00000000 fd:01 1843364                    /usr/lib64/libcap.so.2.24
7ffff606c000-7ffff626b000 ---p 00004000 fd:01 1843364                    /usr/lib64/libcap.so.2.24
7ffff626b000-7ffff626c000 r--p 00003000 fd:01 1843364                    /usr/lib64/libcap.so.2.24
7ffff626c000-7ffff626d000 rw-p 00004000 fd:01 1843364                    /usr/lib64/libcap.so.2.24
7ffff626d000-7ffff62e8000 r-xp 00000000 fd:01 2101140                    /usr/lib64/pulseaudio/libpulsecommon-6.0.so
7ffff62e8000-7ffff64e8000 ---p 0007b000 fd:01 2101140                    /usr/lib64/pulseaudio/libpulsecommon-6.0.so
7ffff64e8000-7ffff64ea000 r--p 0007b000 fd:01 2101140                    /usr/lib64/pulseaudio/libpulsecommon-6.0.so
7ffff64ea000-7ffff64eb000 rw-p 0007d000 fd:01 2101140                    /usr/lib64/pulseaudio/libpulsecommon-6.0.so
7ffff64eb000-7ffff653a000 r-xp 00000000 fd:01 1840221                    /usr/lib64/libpulse.so.0.18.0
7ffff653a000-7ffff6739000 ---p 0004f000 fd:01 1840221                    /usr/lib64/libpulse.so.0.18.0
7ffff6739000-7ffff673b000 r--p 0004e000 fd:01 1840221                    /usr/lib64/libpulse.so.0.18.0
7ffff673b000-7ffff673c000 rw-p 00050000 fd:01 1840221                    /usr/lib64/libpulse.so.0.18.0
7ffff673c000-7ffff673f000 r-xp 00000000 fd:01 1840219                    /usr/lib64/libpulse-simple.so.0.1.0
7ffff673f000-7ffff693f000 ---p 00003000 fd:01 1840219                    /usr/lib64/libpulse-simple.so.0.1.0
7ffff693f000-7ffff6940000 r--p 00003000 fd:01 1840219                    /usr/lib64/libpulse-simple.so.0.1.0
7ffff6940000-7ffff6941000 rw-p 00000000 00:00 0 
7ffff6941000-7ffff6af8000 r-xp 00000000 fd:01 1839018                    /usr/lib64/libc-2.21.so
7ffff6af8000-7ffff6cf7000 ---p 001b7000 fd:01 1839018                    /usr/lib64/libc-2.21.so
7ffff6cf7000-7ffff6cfb000 r--p 001b6000 fd:01 1839018                    /usr/lib64/libc-2.21.so
7ffff6cfb000-7ffff6cfd000 rw-p 001ba000 fd:01 1839018                    /usr/lib64/libc-2.21.so
7ffff6cfd000-7ffff6d01000 rw-p 00000000 00:00 0 
7ffff6d01000-7ffff6e08000 r-xp 00000000 fd:01 1839026                    /usr/lib64/libm-2.21.so
7ffff6e08000-7ffff7007000 ---p 00107000 fd:01 1839026                    /usr/lib64/libm-2.21.so
7ffff7007000-7ffff7008000 r--p 00106000 fd:01 1839026                    /usr/lib64/libm-2.21.so
7ffff7008000-7ffff7009000 rw-p 00107000 fd:01 1839026                    /usr/lib64/libm-2.21.so
7ffff7009000-7ffff7028000 r-xp 00000000 fd:01 1837751                    /usr/lib64/libmad.so.0.2.1
7ffff7028000-7ffff7227000 ---p 0001f000 fd:01 1837751                    /usr/lib64/libmad.so.0.2.1
7ffff7227000-7ffff7228000 r--p 0001e000 fd:01 1837751                    /usr/lib64/libmad.so.0.2.1
7ffff7228000-7ffff7229000 rw-p 0001f000 fd:01 1837751                    /usr/lib64/libmad.so.0.2.1
7ffff7229000-7ffff7230000 r-xp 00000000 fd:01 1839048                    /usr/lib64/librt-2.21.so
7ffff7230000-7ffff742f000 ---p 00007000 fd:01 1839048                    /usr/lib64/librt-2.21.so
7ffff742f000-7ffff7430000 r--p 00006000 fd:01 1839048                    /usr/lib64/librt-2.21.so
7ffff7430000-7ffff7431000 rw-p 00007000 fd:01 1839048                    /usr/lib64/librt-2.21.so
7ffff7431000-7ffff7448000 r-xp 00000000 fd:01 1839044                    /usr/lib64/libpthread-2.21.so
7ffff7448000-7ffff7647000 ---p 00017000 fd:01 1839044                    /usr/lib64/libpthread-2.21.so
7ffff7647000-7ffff7648000 r--p 00016000 fd:01 1839044                    /usr/lib64/libpthread-2.21.so
7ffff7648000-7ffff7649000 rw-p 00017000 fd:01 1839044                    /usr/lib64/libpthread-2.21.so
7ffff7649000-7ffff764d000 rw-p 00000000 00:00 0 
7ffff764d000-7ffff7650000 r-xp 00000000 fd:01 1839024                    /usr/lib64/libdl-2.21.so
7ffff7650000-7ffff784f000 ---p 00003000 fd:01 1839024                    /usr/lib64/libdl-2.21.so
7ffff784f000-7ffff7850000 r--p 00002000 fd:01 1839024                    /usr/lib64/libdl-2.21.so
7ffff7850000-7ffff7851000 rw-p 00003000 fd:01 1839024                    /usr/lib64/libdl-2.21.so
7ffff7851000-7ffff7982000 r-xp 00000000 fd:01 1840231                    /usr/lib64/libSDL2-2.0.so.0.4.0
7ffff7982000-7ffff7b81000 ---p 00131000 fd:01 1840231                    /usr/lib64/libSDL2-2.0.so.0.4.0
7ffff7b81000-7ffff7b85000 r--p 00130000 fd:01 1840231                    /usr/lib64/libSDL2-2.0.so.0.4.0
7ffff7b85000-7ffff7b89000 rw-p 00134000 fd:01 1840231                    /usr/lib64/libSDL2-2.0.so.0.4.0
7ffff7b89000-7ffff7b8c000 rw-p 00000000 00:00 0 
7ffff7b8c000-7ffff7bad000 r-xp 00000000 fd:01 1841613                    /usr/lib64/libSDL2_mixer-2.0.so.0.0.0
7ffff7bad000-7ffff7dad000 ---p 00021000 fd:01 1841613                    /usr/lib64/libSDL2_mixer-2.0.so.0.0.0
7ffff7dad000-7ffff7dae000 r--p 00021000 fd:01 1841613                    /usr/lib64/libSDL2_mixer-2.0.so.0.0.0
7ffff7dae000-7ffff7db7000 rw-p 00022000 fd:01 1841613                    /usr/lib64/libSDL2_mixer-2.0.so.0.0.0
7ffff7db7000-7ffff7ddc000 rw-p 00000000 00:00 0 
7ffff7ddc000-7ffff7dfd000 r-xp 00000000 fd:01 1838309                    /usr/lib64/ld-2.21.so
7ffff7fbd000-7ffff7fbf000 rw-p 00000000 00:00 0 
7ffff7fbf000-7ffff7fc6000 r--s 00000000 fd:01 2100011                    /usr/lib64/gconv/gconv-modules.cache
7ffff7fc6000-7ffff7fee000 r-xp 00000000 fd:01 1839071                    /usr/lib64/libsystemd.so.0.6.0
7ffff7fee000-7ffff7fef000 ---p 00028000 fd:01 1839071                    /usr/lib64/libsystemd.so.0.6.0
7ffff7fef000-7ffff7ff0000 r--p 00028000 fd:01 1839071                    /usr/lib64/libsystemd.so.0.6.0
7ffff7ff0000-7ffff7ff1000 rw-p 00029000 fd:01 1839071                    /usr/lib64/libsystemd.so.0.6.0
7ffff7ff1000-7ffff7ff8000 rw-p 00000000 00:00 0 
7ffff7ff8000-7ffff7ffa000 r--p 00000000 00:00 0                          [vvar]
7ffff7ffa000-7ffff7ffc000 r-xp 00000000 00:00 0                          [vdso]
7ffff7ffc000-7ffff7ffd000 r--p 00020000 fd:01 1838309                    /usr/lib64/ld-2.21.so
7ffff7ffd000-7ffff7ffe000 rw-p 00021000 fd:01 1838309                    /usr/lib64/ld-2.21.so
7ffff7ffe000-7ffff7fff000 rw-p 00000000 00:00 0 
7ffffffde000-7ffffffff000 rw-p 00000000 00:00 0                          [stack]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
[New Thread 0x7fffed013700 (LWP 21243)]
[New Thread 0x7fffed814700 (LWP 21242)]

Comment 1 Philipp Wiesemann 2015-09-08 20:02:53 UTC

The loading fails and the source SDL_RWops is first deleted in WAVStream_FreeSong() (from WAVStream_LoadSong_RW()) and then in Mix_LoadMUSType_RW() again.

Comment 2 Vikas 2015-10-07 10:43:18 UTC

Created attachment 2284 [details]
Patch - Double free

Source SDL_RWops should be deleted in Mix_LoadMUSType_RW() and not in WAVStream_LoadSong_RW.


To fix this, we can have two approaches:
1. Instead of calling WAVStream_FreeSong(wave), call SDL_free(wave), As it was happening in previous version
   -> Patch attached for latest revision(#1aca2b6d570f)


2. Before calling WAVStream_FreeSong(wave), set wave->freesrc to 0
 if (!loaded) {
     wave->freesrc = 0;  // Newly added line
     WAVStream_FreeSong(wave);
     return(NULL);
 }

Comment 3 Sam Lantinga 2017-10-13 05:48:42 UTC

Fixed, thanks!
https://hg.libsdl.org/SDL_mixer/rev/b94b48c76c69

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3115

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.