search

mixxxdj / mixxx

Mixxx is Free DJ software that gives you everything you need to perform live mixes.
http://mixxx.org
Other
4.53k stars 1.28k forks source link

MemSanytizer #13916

Open acolombier opened 19 hours ago

acolombier commented 19 hours ago

In line with effort started by m0dB, I have been running Mixxx with MSAN, on my S4 Mk3 branch (fairly in sync with main)

Here is a underflow detected when playing cue_play oin stopped track, with no keylock

    #0 0x55555655d936 in __asan_memcpy (/home/antoine/dev/mixxx/build/mixxx+0x1009936) (BuildId: f46ed57447d223b07e9378566a5a76a79dc38269)
    #1 0x555556ce67b7 in SampleUtil::copy(float*, float const*, long) /home/antoine/dev/mixxx/src/util/sample.h:88:13
    #2 0x555556ce67b7 in EngineBufferScaleLinear::scaleBuffer(float*, long) /home/antoine/dev/mixxx/src/engine/bufferscalers/enginebufferscalelinear.cpp:94:13
    #3 0x555556e65f93 in EngineBuffer::processTrackLocked(float*, int, mixxx::audio::SampleRate) /home/antoine/dev/mixxx/src/engine/enginebuffer.cpp:1098:45
    #4 0x555556e6b059 in EngineBuffer::process(float*, int) /home/antoine/dev/mixxx/src/engine/enginebuffer.cpp:1210:9
    #5 0x555556d2be90 in EngineDeck::process(float*, int) /home/antoine/dev/mixxx/src/engine/channels/enginedeck.cpp:250:24
    #6 0x555556e8b67e in EngineMixer::processChannels(int) /home/antoine/dev/mixxx/src/engine/enginemixer.cpp:325:19
    #7 0x555556e8c449 in EngineMixer::process(int) /home/antoine/dev/mixxx/src/engine/enginemixer.cpp:384:5
    #8 0x555557b015d4 in SoundDevicePortAudio::callbackProcessClkRef(long, float*, float const*, PaStreamCallbackTimeInfo const*, unsigned long) /home/antoine/dev/mixxx/src/soundio/sounddeviceportaudio.cpp:998:26
    #9 0x555557afce3d in (anonymous namespace)::paV19CallbackClkRef(void const*, void*, unsigned long, PaStreamCallbackTimeInfo const*, unsigned long, void*) /home/antoine/dev/mixxx/src/soundio/sounddeviceportaudio.cpp:69:51
    #10 0x7ffff7d1e453  (/lib/x86_64-linux-gnu/libportaudio.so.2+0x9453) (BuildId: 266c4b124976902c8bce71323fb68736b02b6b69)
    #11 0x7ffff7d20563  (/lib/x86_64-linux-gnu/libportaudio.so.2+0xb563) (BuildId: 266c4b124976902c8bce71323fb68736b02b6b69)
    #12 0x7ffff7d284f1  (/lib/x86_64-linux-gnu/libportaudio.so.2+0x134f1) (BuildId: 266c4b124976902c8bce71323fb68736b02b6b69)
    #13 0x7ffff0e94ac2 in start_thread nptl/./nptl/pthread_create.c:442:8
    #14 0x7ffff0f2684f  misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

0x62e0000243f8 is located 8 bytes to the left of 40960-byte region [0x62e000024400,0x62e00002e400)
allocated by thread T0 here:
    #0 0x55555655e60e in malloc (/home/antoine/dev/mixxx/build/mixxx+0x100a60e) (BuildId: f46ed57447d223b07e9378566a5a76a79dc38269)
    #1 0x555556ce5ee9 in EngineBufferScaleLinear::EngineBufferScaleLinear(ReadAheadManager*) /home/antoine/dev/mixxx/src/engine/bufferscalers/enginebufferscalelinear.cpp:13:19
    #2 0x555556d25e31 in EngineDeck::EngineDeck(ChannelHandleAndGroup const&, QSharedPointer<ConfigObject<ConfigValue> >, EngineMixer*, EffectsManager*, EngineChannel::ChannelOrientation, bool) /home/antoine/dev/mixxx/src/engine/channels/enginedeck.cpp:55:21
    #3 0x555557673481 in std::__detail::_MakeUniq<EngineDeck>::__single_object std::make_unique<EngineDeck, ChannelHandleAndGroup const&, QSharedPointer<ConfigObject<ConfigValue> >&, EngineMixer*&, EffectsManager*&, EngineChannel::ChannelOrientation&, bool&>(ChannelHandleAndGroup const&, QSharedPointer<ConfigObject<ConfigValue> >&, EngineMixer*&, EffectsManager*&, EngineChannel::ChannelOrientation&, bool&) /usr/bin/../lib/gcc/x86_64-linux-gnu/12/../../../../include/c++/12/bits/unique_ptr.h:1065:34
    #4 0x5555576560f9 in BaseTrackPlayerImpl::BaseTrackPlayerImpl(PlayerManager*, QSharedPointer<ConfigObject<ConfigValue> >, EngineMixer*, EffectsManager*, EngineChannel::ChannelOrientation, ChannelHandleAndGroup const&, bool, bool, bool) /home/antoine/dev/mixxx/src/mixer/basetrackplayer.cpp:59:20
    #5 0x55555767abfe in Deck::Deck(PlayerManager*, QSharedPointer<ConfigObject<ConfigValue> >, EngineMixer*, EffectsManager*, EngineChannel::ChannelOrientation, ChannelHandleAndGroup const&) /home/antoine/dev/mixxx/src/mixer/deck.cpp:11:11
    #6 0x5555576a0b4d in PlayerManager::addDeckInner() /home/antoine/dev/mixxx/src/mixer/playermanager.cpp:408:23
    #7 0x555557692e57 in PlayerManager::slotChangeNumDecks(double) /home/antoine/dev/mixxx/src/mixer/playermanager.cpp:323:13
    #8 0x5555569945e4 in mixxx::CoreServices::initialize(QApplication*) /home/antoine/dev/mixxx/src/coreservices.cpp:330:23
    #9 0x55555659f091 in (anonymous namespace)::runMixxx(MixxxApplication*, CmdlineArgs const&) /home/antoine/dev/mixxx/src/main.cpp:115:24
    #10 0x55555659f091 in main /home/antoine/dev/mixxx/src/main.cpp:271:20
    #11 0x7ffff0e29d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16

Thread T111 created by T0 here:
    #0 0x555556547a8c in pthread_create (/home/antoine/dev/mixxx/build/mixxx+0xff3a8c) (BuildId: f46ed57447d223b07e9378566a5a76a79dc38269)
    #1 0x7ffff7d32107  (/lib/x86_64-linux-gnu/libportaudio.so.2+0x1d107) (BuildId: 266c4b124976902c8bce71323fb68736b02b6b69)

SUMMARY: AddressSanitizer: heap-buffer-overflow (/home/antoine/dev/mixxx/build/mixxx+0x1009936) (BuildId: f46ed57447d223b07e9378566a5a76a79dc38269) in __asan_memcpy
Shadow bytes around the buggy address:
  0x0c5c7fffc820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5c7fffc830: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5c7fffc840: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5c7fffc850: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c5c7fffc860: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c5c7fffc870: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa[fa]
  0x0c5c7fffc880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5c7fffc890: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5c7fffc8a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5c7fffc8b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c5c7fffc8c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
daschuer commented 12 hours ago

Since we did not touch "EngineBufferScaleLinear::scaleBuffer()" recently. This is probably also a 2.4 bug ...

daschuer commented 12 hours ago

A fix is here: https://github.com/mixxxdj/mixxx/pull/13917 please verify.