[Bug 794331] New: pulseaudio segfaults for bluetooth devices
https://bugzilla.novell.com/show_bug.cgi?id=794331 https://bugzilla.novell.com/show_bug.cgi?id=794331#c0 Summary: pulseaudio segfaults for bluetooth devices Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: i586 OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Sound AssignedTo: tiwai@suse.com ReportedBy: ptesarik@suse.com QAContact: qa-bugs@suse.de Found By: L3 Blocker: --- When trying to use a bluetooth headset with the pulseaudio bluetooth module, pulseaudio crashes as soon as the bluetooth device is paired (or at startup if the device is already present before starting pulseaudio). I have tracked this down to an overflow issue. In short, when endpoint_set_configuration() reads the D-Bus arguments, it reads the "NREC" boolean argument into a variable of type "pa_bool_t", which is only 1 byte long. However, the D-Bus boolean type (as seen on the wire, and as used by libdbus) is always 32 bits long, so this overwrites the following variable on the stack. In my case it happened to be the least significant 24 bits bytes of the path variable, effectively turning it into an invalid pointer and crashing when a strdup is attempted on that string. Upstream seems to have the same issue: http://cgit.freedesktop.org/pulseaudio/pulseaudio/tree/src/modules/bluetooth... But I haven't tested with their version. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c1
Takashi Iwai
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c2
--- Comment #2 from Petr Tesařík
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c3
Al Cho
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c4
Petr Tesařík
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c5
Al Cho
Hi Al,
I'm not sure it's relevant, because after applying the patch from comment #2 and a fresh restart of the Bluetooth stack, all works fine for me now. Do you still want to have the hardware details, anyway?
Yes,I would like to check the patch with hardware for making more sure that fixing your problem. Please give us help to get your hardware informations. Thanks, AL -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c6
--- Comment #6 from Petr Tesařík
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c7
--- Comment #7 from Petr Tesařík
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c8
Jeffrey Cheung
https://bugzilla.novell.com/show_bug.cgi?id=794331
https://bugzilla.novell.com/show_bug.cgi?id=794331#c9
Petr Tesařík
participants (1)
-
bugzilla_noreply@novell.com