[pulseaudio-discuss] [PATCH 4/4] Avoid read from freed memory

Maarten Bosmans mkbosmans at gmail.com
Sat Aug 13 04:43:21 PDT 2011 

The order of freeing the hashmaps is important here, because otherwise a string used as key is freed before the hashmap
is freed.

Valgrind reports this as:
 Invalid read of size 1
    at 0x4107042: pa_idxset_string_hash_func (idxset.c:67)
    by 0x4106026: remove_entry (hashmap.c:93)
    by 0x41061BF: pa_hashmap_free (hashmap.c:110)
    by 0x71DD143: pa_dbusiface_core_free (iface-core.c:2105)
    by 0x71F2169: module_dbus_protocol_LTX_pa__done (module-dbus-protocol.c:595)
    by 0x406DC51: pa_module_free (module.c:162)
    by 0x406E01D: pa_module_unload_all (module.c:210)
    by 0x4068842: core_free (core.c:169)
    by 0x406FD5D: pa_object_unref (object.c:64)
    by 0x805224D: pa_core_unref (core.h:184)
    by 0x805560B: main (main.c:1159)
  Address 0x4d099c0 is 0 bytes inside a block of size 100 free'd
    at 0x4025BF0: free (vg_replace_malloc.c:366)
    by 0x40F128C: pa_xfree (xmalloc.c:131)
    by 0x71E4CEB: pa_dbusiface_device_free (iface-device.c:1293)
    by 0x71DCD7E: free_device_cb (iface-core.c:2062)
    by 0x41061D7: pa_hashmap_free (hashmap.c:113)
    by 0x71DD125: pa_dbusiface_core_free (iface-core.c:2104)
    by 0x71F2169: module_dbus_protocol_LTX_pa__done (module-dbus-protocol.c:595)
    by 0x406DC51: pa_module_free (module.c:162)
    by 0x406E01D: pa_module_unload_all (module.c:210)
    by 0x4068842: core_free (core.c:169)
    by 0x406FD5D: pa_object_unref (object.c:64)
    by 0x805224D: pa_core_unref (core.h:184)
---
 src/modules/dbus/iface-core.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/modules/dbus/iface-core.c b/src/modules/dbus/iface-core.c
index bb43df9..e83b420 100644
--- a/src/modules/dbus/iface-core.c
+++ b/src/modules/dbus/iface-core.c
@@ -2101,10 +2101,10 @@ void pa_dbusiface_core_free(pa_dbusiface_core *c) {
 
     pa_subscription_free(c->subscription);
     pa_hashmap_free(c->cards, free_card_cb, NULL);
-    pa_hashmap_free(c->sinks_by_index, free_device_cb, NULL);
     pa_hashmap_free(c->sinks_by_path, NULL, NULL);
-    pa_hashmap_free(c->sources_by_index, free_device_cb, NULL);
+    pa_hashmap_free(c->sinks_by_index, free_device_cb, NULL);
     pa_hashmap_free(c->sources_by_path, NULL, NULL);
+    pa_hashmap_free(c->sources_by_index, free_device_cb, NULL);
     pa_hashmap_free(c->playback_streams, free_stream_cb, NULL);
     pa_hashmap_free(c->record_streams, free_stream_cb, NULL);
     pa_hashmap_free(c->samples, free_sample_cb, NULL);
-- 
1.7.4.1

More information about the pulseaudio-discuss mailing list