[pulseaudio-discuss] [PATCH] echo-cancel: Fix segfault during profile switch

Georg Chini georg at chini.tk
Sun Apr 23 16:48:12 UTC 2017 

When module-echo-cancel is loaded and there is only one sound card, then during a
profile switch, all sinks and sources can become temporarily unavailable. If
module-always sink is loaded, it will load a null-sink in that situation. If
also module-switch-on-connect is loaded, it will try to move the sink-inputs to
the new null-sink. If a sink-input was connected to the echo-cancel sink,
pa_sink_input_start_move() will send a PA_SINK_GET_LATENCY message to the
echo-cancel sink. The message handler will then in turn call
pa_sink_get_latency_within_thread() for the invalid master sink of module-echo-cancel.
This lead to a segfault.

This patch checks in the message handler if the master sink (or source) is valid and
returns 0 if not. The patch should fix bug 100277, but this is not verified yet.
---
 src/modules/echo-cancel/module-echo-cancel.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/modules/echo-cancel/module-echo-cancel.c b/src/modules/echo-cancel/module-echo-cancel.c
index 04984f32..7e7290e6 100644
--- a/src/modules/echo-cancel/module-echo-cancel.c
+++ b/src/modules/echo-cancel/module-echo-cancel.c
@@ -409,7 +409,8 @@ static int source_process_msg_cb(pa_msgobject *o, int code, void *data, int64_t
              * make sure we don't access it in that time. Also, the
              * source output is first shut down, the source second. */
             if (!PA_SOURCE_IS_LINKED(u->source->thread_info.state) ||
-                !PA_SOURCE_OUTPUT_IS_LINKED(u->source_output->thread_info.state)) {
+                !PA_SOURCE_OUTPUT_IS_LINKED(u->source_output->thread_info.state) ||
+                !u->source_output->source) {
                 *((int64_t*) data) = 0;
                 return 0;
             }
@@ -445,7 +446,8 @@ static int sink_process_msg_cb(pa_msgobject *o, int code, void *data, int64_t of
              * make sure we don't access it in that time. Also, the
              * sink input is first shut down, the sink second. */
             if (!PA_SINK_IS_LINKED(u->sink->thread_info.state) ||
-                !PA_SINK_INPUT_IS_LINKED(u->sink_input->thread_info.state)) {
+                !PA_SINK_INPUT_IS_LINKED(u->sink_input->thread_info.state) ||
+                !u->sink_input->sink) {
                 *((int64_t*) data) = 0;
                 return 0;
             }
-- 
2.11.0

More information about the pulseaudio-discuss mailing list