We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3886

Summary: mp3_mad broken when upsampling needed
Product: SDL_mixer Reporter: Ozkan Sezer <sezeroz>
Component: miscAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: normal    
Priority: P2    
Version: unspecified   
Hardware: All   
OS: All   
Attachments: smix-0010.patch
smix-0010a.patch

Description Ozkan Sezer 2017-10-15 21:52:15 UTC 
With both SDL2 and SDL_mixer from hg tip, running the playmus
example with a 44100 Hz mp3 file plays static.  valgrind output:

$ file f.mp3 
f.mp3: Audio file with ID3 version 2.3.0

$ SDL_AUDIODRIVER=dsp valgrind ./playmus f.mp3
==8170== Memcheck, a memory error detector.
==8170== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==8170== Using LibVEX rev 1804, a library for dynamic binary translation.
==8170== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==8170== Using valgrind-3.3.0, a dynamic binary instrumentation framework.
==8170== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==8170== For more details, rerun with: -v
==8170== 
Opened audio at 22050 Hz 16 bit stereo (LE), 4096 bytes audio buffer
Playing f.mp3
==8170== Thread 2:
==8170== Invalid write of size 4
==8170==    at 0x406B2DC: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:117)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==    by 0x6FD720D: clone (in /lib/libc-2.8.so)
==8170==  Address 0x41e218c is 4 bytes before a block of size 2,567 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x159A33: mad_layer_III (in /usr/lib/libmad.so.0.2.1)
==8170==    by 0x4026BE2: mad_getSamples (music_mad.c:237)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==    by 0x6FD720D: clone (in /lib/libc-2.8.so)
==8170== 
==8170== Invalid write of size 4
==8170==    at 0x406AA72: SDL_ResampleAudio (SDL_audiocvt.c:527)
==8170==    by 0x406ACC8: SDL_ResampleCVT (SDL_audiocvt.c:730)
==8170==    by 0x406B30D: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:122)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==  Address 0x41e2b94 is 2,564 bytes inside a block of size 2,567 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x159A33: mad_layer_III (in /usr/lib/libmad.so.0.2.1)
==8170==    by 0x4026BE2: mad_getSamples (music_mad.c:237)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==    by 0x6FD720D: clone (in /lib/libc-2.8.so)
==8170== 
==8170== Invalid read of size 4
==8170==    at 0x406AA5A: SDL_ResampleAudio (SDL_audiocvt.c:524)
==8170==    by 0x406ACC8: SDL_ResampleCVT (SDL_audiocvt.c:730)
==8170==    by 0x406B30D: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:122)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==  Address 0x41e2160 is 0 bytes after a block of size 71,960 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x40C824C: SDL_malloc_REAL (SDL_malloc.c:5328)
==8170==    by 0x407193D: SDL_malloc (SDL_dynapi_procs.h:405)
==8170==    by 0x4026E58: mad_openFileRW (music_mad.c:33)
==8170==    by 0x4016219: Mix_LoadMUSType_RW (music.c:683)
==8170==    by 0x401656A: Mix_LoadMUS (music.c:588)
==8170==    by 0x804926C: main (playmus.c:207)
==8170== 
==8170== Invalid read of size 4
==8170==    at 0x406A9A8: SDL_ResampleAudio (SDL_audiocvt.c:517)
==8170==    by 0x406ACC8: SDL_ResampleCVT (SDL_audiocvt.c:730)
==8170==    by 0x406B30D: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:122)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==  Address 0x41e2160 is 0 bytes after a block of size 71,960 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x40C824C: SDL_malloc_REAL (SDL_malloc.c:5328)
==8170==    by 0x407193D: SDL_malloc (SDL_dynapi_procs.h:405)
==8170==    by 0x4026E58: mad_openFileRW (music_mad.c:33)
==8170==    by 0x4016219: Mix_LoadMUSType_RW (music.c:683)
==8170==    by 0x401656A: Mix_LoadMUS (music.c:588)
==8170==    by 0x804926C: main (playmus.c:207)
==8170== 
==8170== Invalid read of size 1
==8170==    at 0x4007FA8: memmove (mc_replace_strmem.c:516)
==8170==    by 0x40C8EEA: SDL_memmove_REAL (SDL_string.c:366)
==8170==    by 0x406ACEC: SDL_ResampleCVT (SDL_audiocvt.c:734)
==8170==    by 0x406B30D: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:122)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==  Address 0x41e2b97 is 0 bytes after a block of size 2,567 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x159A33: mad_layer_III (in /usr/lib/libmad.so.0.2.1)
==8170==    by 0x4026BE2: mad_getSamples (music_mad.c:237)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==    by 0x6FD720D: clone (in /lib/libc-2.8.so)
==8170== 
==8170== Invalid read of size 1
==8170==    at 0x4007FB7: memmove (mc_replace_strmem.c:516)
==8170==    by 0x40C8EEA: SDL_memmove_REAL (SDL_string.c:366)
==8170==    by 0x406ACEC: SDL_ResampleCVT (SDL_audiocvt.c:734)
==8170==    by 0x406B30D: SDL_Convert_S16_to_F32_Scalar (SDL_audiotypecvt.c:122)
==8170==    by 0x406916F: SDL_ConvertAudio_REAL (SDL_audiocvt.c:555)
==8170==    by 0x406E1AD: SDL_ConvertAudio (SDL_dynapi_procs.h:120)
==8170==    by 0x4026D14: mad_getSamples (music_mad.c:255)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==  Address 0x41e2b98 is 1 bytes after a block of size 2,567 alloc'd
==8170==    at 0x4006AEE: malloc (vg_replace_malloc.c:207)
==8170==    by 0x159A33: mad_layer_III (in /usr/lib/libmad.so.0.2.1)
==8170==    by 0x4026BE2: mad_getSamples (music_mad.c:237)
==8170==    by 0x4016A5B: music_mixer (music.c:337)
==8170==    by 0x4014967: mix_channels (mixer.c:321)
==8170==    by 0x4065C9B: SDL_RunAudio (SDL_audio.c:683)
==8170==    by 0x40C9DFD: SDL_RunThread (SDL_thread.c:283)
==8170==    by 0x41432FC: RunThread (SDL_systhread.c:74)
==8170==    by 0xD6F32E: start_thread (pthread_create.c:297)
==8170==    by 0x6FD720D: clone (in /lib/libc-2.8.so)
==8170== 
==8170== ERROR SUMMARY: 178360 errors from 6 contexts (suppressed: 57 from 1)
==8170== malloc/free: in use at exit: 73,023 bytes in 75 blocks.
==8170== malloc/free: 2,075 allocs, 2,000 frees, 10,796,429 bytes allocated.
==8170== For counts of detected errors, rerun with: -v
==8170== searching for pointers to 75 not-freed blocks.
==8170== checked 452,704 bytes.
==8170== 
==8170== LEAK SUMMARY:
==8170==    definitely lost: 0 bytes in 0 blocks.
==8170==      possibly lost: 0 bytes in 0 blocks.
==8170==    still reachable: 73,023 bytes in 75 blocks.
==8170==         suppressed: 0 bytes in 0 blocks.
==8170== Rerun with --leak-check=full to see details of leaked memory.
Comment 1 Ozkan Sezer 2017-10-16 06:51:16 UTC 
Created attachment 2998 [details]
smix-0010.patch

Here is the fix: dynamically allocate mp3_mad->output_buffer,
so that upsampling doesn't segfault.
Comment 2 Ozkan Sezer 2017-10-16 08:14:31 UTC 
Created attachment 2999 [details]
smix-0010a.patch

This version of patch should be cleaner.
Comment 3 Sam Lantinga 2017-10-16 09:08:32 UTC 
Fixed, thanks!
https://hg.libsdl.org/SDL_mixer/rev/4fc4dc4c60ad