From: Takashi Iwai Date: Fri, 2 Oct 2015 09:55:36 +0000 (+0200) Subject: pcm: ladspa: Fix segfault due to a wrong channel reference X-Git-Tag: v1.1.0~18 X-Git-Url: https://git.alsa-project.org/?a=commitdiff_plain;h=f07e9af7eeebc950fd7bf4101a6af7f53ac741b6;p=alsa-lib.git pcm: ladspa: Fix segfault due to a wrong channel reference Because of a typo in referencing the input array in snd_pcm_ladspa_allocate_memory(), ladpsa PCM plugin may cause a segfault at prepare when input and and output channels are different: #0 0x00007ffff78623ef in snd_pcm_ladspa_allocate_memory (pcm=0x626fa0, pcm=0x626fa0, pcm=0x626fa0, ladspa=0x621ad0) at pcm_ladspa.c:753 #1 snd_pcm_ladspa_init (pcm=0x626fa0) at pcm_ladspa.c:834 #2 0x00007ffff7842946 in snd_pcm_plugin_prepare (pcm=0x626fa0) at pcm_plugin.c:171 #3 0x00007ffff784290f in snd_pcm_plugin_prepare (pcm=0x62c760) at pcm_plugin.c:162 #4 0x000000000040256a in ?? () #5 0x00007ffff7222ec5 in __libc_start_main (main=0x401d80,a argc=4, argv=0x7fffffffde28, init=, fini=, rtld_fini=, stack_end=0x7fffffffde18) at libc-start.c:287 #6 0x0000000000402fdd in ?? () This patch corrects the wrong reference. Reported-and-tested-by: Andreas Hartmann Signed-off-by: Takashi Iwai --- diff --git a/src/pcm/pcm_ladspa.c b/src/pcm/pcm_ladspa.c index 631ee0f3..6552b437 100644 --- a/src/pcm/pcm_ladspa.c +++ b/src/pcm/pcm_ladspa.c @@ -749,7 +749,7 @@ static int snd_pcm_ladspa_allocate_memory(snd_pcm_t *pcm, snd_pcm_ladspa_t *lads return -ENOMEM; } for (idx = 0; idx < instance->input.channels.size; idx++) { - chn = instance->output.channels.array[idx]; + chn = instance->input.channels.array[idx]; if (pchannels[chn] == NULL && chn < ichannels) { instance->input.data[idx] = NULL; continue;