pcm: ladspa: Fix segfault due to a wrong channel reference

Because of a typo in referencing the input array in
snd_pcm_ladspa_allocate_memory(), ladpsa PCM plugin may cause a
segfault at prepare when input and and output channels are different:
 #0  0x00007ffff78623ef in snd_pcm_ladspa_allocate_memory (pcm=0x626fa0, pcm=0x626fa0, pcm=0x626fa0, ladspa=0x621ad0) at pcm_ladspa.c:753
 #1  snd_pcm_ladspa_init (pcm=0x626fa0) at pcm_ladspa.c:834
 #2  0x00007ffff7842946 in snd_pcm_plugin_prepare (pcm=0x626fa0) at pcm_plugin.c:171
 #3  0x00007ffff784290f in snd_pcm_plugin_prepare (pcm=0x62c760) at pcm_plugin.c:162
 #4  0x000000000040256a in ?? ()
 #5  0x00007ffff7222ec5 in __libc_start_main (main=0x401d80,a argc=4, argv=0x7fffffffde28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffde18) at libc-start.c:287
 #6  0x0000000000402fdd in ?? ()

This patch corrects the wrong reference.

Reported-and-tested-by: Andreas Hartmann <mail@andreashartmann.eu>
Signed-off-by: Takashi Iwai <tiwai@suse.de>

diff --git a/src/pcm/pcm_ladspa.c b/src/pcm/pcm_ladspa.c
index 631ee0f35b7341b8a743afaff6dc8d62a5f291ed..6552b4379ec0dff24a559aa90758426af68d2e65 100644 (file)
--- a/src/pcm/pcm_ladspa.c
+++ b/src/pcm/pcm_ladspa.c
@@ -749,7 +749,7 @@ static int snd_pcm_ladspa_allocate_memory(snd_pcm_t *pcm, snd_pcm_ladspa_t *lads
                                 return -ENOMEM;
                         }
                        for (idx = 0; idx < instance->input.channels.size; idx++) {
-                               chn = instance->output.channels.array[idx];
+                               chn = instance->input.channels.array[idx];
                                if (pchannels[chn] == NULL && chn < ichannels) {
                                        instance->input.data[idx] = NULL;
                                        continue;