glibc 2.15 and libasound

Allin Cottrell cottrell@wfu.edu
Sun Mar 25 17:45:00 GMT 2012 

There's a problem that quite a few people have noted with 
recent glibc and libasound (specifically the use of libdl by 
the latter). I was hoping this might have gone away with glibc 
2.15 but it's still there. Maybe it's not a glibc bug, though 
it looks rather like it. The symptom is that (e.g.) alsa's
"aplay" utility reliably segfaults when called to play a wav 
file.

I have inserted debugging statements in libasound (version 
1.0.25, dlmisc.c), to announce all its uses of the libdl 
functions, and run aplay under valgrind (where it doesn't 
actually segfault). I'm attaching the results. It looks as if 
there's something wrong with glibc's do_lookup_x(): it's 
reading from freed memory in response to dlsym() following a 
successful invocation of dlopen() by libasound.

-- 
Allin Cottrell
Department of Economics
Wake Forest University, NC
-------------- next part --------------
==23115== Memcheck, a memory error detector
==23115== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==23115== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==23115== Command: /usr/bin/aplay /etc/sound/curve.wav
==23115== 
snd_dlopen: dlopen: '/usr/lib/libasound.so.2' mode 2, returned 0x500ac98
snd_dlsym_verify: dlsym: 0x500ac98 '_snd_config_hook_load_dlsym_config_hook_001'
 returned 0
snd_dlsym: dlsym: 0x500ac98, 'snd_config_hook_load', returned 0x6d8fe36
snd_dlopen: dlopen: '/usr/lib/libasound.so.2' mode 2, returned 0x500ac98
snd_dlsym_verify: dlsym: 0x500ac98 '_snd_func_concat_dlsym_config_evaluate_001'
 returned 0
snd_dlsym: dlsym: 0x500ac98, 'snd_func_concat', returned 0x6d93a81
snd_dlopen: dlopen: '/usr/lib/libasound.so.2' mode 2, returned 0x500ac98
snd_dlsym_verify: dlsym: 0x500ac98 '_snd_func_datadir_dlsym_config_evaluate_001'
 returned 0
snd_dlsym: dlsym: 0x500ac98, 'snd_func_datadir', returned 0x6d94117
snd_dlclose: dlclose: 0x500ac98, returned 0
snd_dlclose: dlclose: 0x500ac98, returned 0
snd_dlclose: dlclose: 0x500ac98, returned 0
snd_dlopen: dlopen: '/usr/lib/libasound.so.2' mode 2, returned 0x500ac98
snd_dlsym_verify: dlsym: 0x500ac98 '_snd_config_hook_load_dlsym_config_hook_001'
==23115== Invalid read of size 4
==23115==    at 0x440951D: do_lookup_x (dl-lookup.c:98)
==23115==    by 0x4409E31: _dl_lookup_symbol_x (dl-lookup.c:739)
==23115==    by 0x72D297F: do_sym (dl-sym.c:178)
==23115==    by 0x72D2E16: _dl_sym (dl-sym.c:283)
==23115==    by 0xFEB84EFF: ???
==23115==  Address 0x7563670 is 32 bytes inside a block of size 60 free'd
==23115==    at 0x5017D88: free (vg_replace_malloc.c:427)
==23115==    by 0x44122EF: _dl_scope_free (dl-scope.c:32)
==23115==    by 0x4414557: _dl_close (dl-close.c:779)
==23115==    by 0x5089DB1: dlclose_doit (dlclose.c:37)
==23115==    by 0x440EDFD: _dl_catch_error (dl-error.c:178)
==23115==    by 0x508A3F1: _dlerror_run (dlerror.c:164)
==23115==    by 0x5089DE7: dlclose (dlclose.c:48)
==23115==    by 0x6D8FB01: snd_config_hooks_call (in /usr/lib/libasound.so.2.0.0)
==23115==    by 0x6D8FC5E: snd_config_hooks (in /usr/lib/libasound.so.2.0.0)
==23115==    by 0x6D90DAD: snd_config_update_r (in /usr/lib/libasound.so.2.0.0)
==23115==    by 0x6D90E46: snd_config_update (in /usr/lib/libasound.so.2.0.0)
==23115==    by 0x6DB7AEB: snd_pcm_open (in /usr/lib/libasound.so.2.0.0)
==23115== 
 returned 0
snd_dlsym: dlsym: 0x500ac98, 'snd_config_hook_load', returned 0x6d8fe36

More information about the Libc-help mailing list