[pulseaudio-discuss] [PATCH] echo-cancel: Fix segfault during profile switch
Tanu Kaskinen
tanuk at iki.fi
Sun Apr 23 16:54:16 UTC 2017
On Sun, 2017-04-23 at 18:48 +0200, Georg Chini wrote:
> When module-echo-cancel is loaded and there is only one sound card, then during a
> profile switch, all sinks and sources can become temporarily unavailable. If
> module-always sink is loaded, it will load a null-sink in that situation. If
> also module-switch-on-connect is loaded, it will try to move the sink-inputs to
> the new null-sink. If a sink-input was connected to the echo-cancel sink,
> pa_sink_input_start_move() will send a PA_SINK_GET_LATENCY message to the
> echo-cancel sink. The message handler will then in turn call
> pa_sink_get_latency_within_thread() for the invalid master sink of module-echo-cancel.
> This lead to a segfault.
>
> This patch checks in the message handler if the master sink (or source) is valid and
> returns 0 if not. The patch should fix bug 100277, but this is not verified yet.
> ---
> src/modules/echo-cancel/module-echo-cancel.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/src/modules/echo-cancel/module-echo-cancel.c b/src/modules/echo-cancel/module-echo-cancel.c
> index 04984f32..7e7290e6 100644
> --- a/src/modules/echo-cancel/module-echo-cancel.c
> +++ b/src/modules/echo-cancel/module-echo-cancel.c
> @@ -409,7 +409,8 @@ static int source_process_msg_cb(pa_msgobject *o, int code, void *data, int64_t
> * make sure we don't access it in that time. Also, the
> * source output is first shut down, the source second. */
> if (!PA_SOURCE_IS_LINKED(u->source->thread_info.state) ||
> - !PA_SOURCE_OUTPUT_IS_LINKED(u->source_output->thread_info.state)) {
> + !PA_SOURCE_OUTPUT_IS_LINKED(u->source_output->thread_info.state) ||
> + !u->source_output->source) {
> *((int64_t*) data) = 0;
> return 0;
> }
> @@ -445,7 +446,8 @@ static int sink_process_msg_cb(pa_msgobject *o, int code, void *data, int64_t of
> * make sure we don't access it in that time. Also, the
> * sink input is first shut down, the sink second. */
> if (!PA_SINK_IS_LINKED(u->sink->thread_info.state) ||
> - !PA_SINK_INPUT_IS_LINKED(u->sink_input->thread_info.state)) {
> + !PA_SINK_INPUT_IS_LINKED(u->sink_input->thread_info.state) ||
> + !u->sink_input->sink) {
> *((int64_t*) data) = 0;
> return 0;
> }
Looks good to me, but other virtual sinks and sources probably need the
same fix (at least the remap sink seems to have the same bug).
--
Tanu
https://www.patreon.com/tanuk
More information about the pulseaudio-discuss
mailing list