From f07e9af7eeebc950fd7bf4101a6af7f53ac741b6 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Fri, 2 Oct 2015 11:55:36 +0200 Subject: [PATCH] pcm: ladspa: Fix segfault due to a wrong channel reference Because of a typo in referencing the input array in snd_pcm_ladspa_allocate_memory(), ladpsa PCM plugin may cause a segfault at prepare when input and and output channels are different: #0 0x00007ffff78623ef in snd_pcm_ladspa_allocate_memory (pcm=0x626fa0, pcm=0x626fa0, pcm=0x626fa0, ladspa=0x621ad0) at pcm_ladspa.c:753 #1 snd_pcm_ladspa_init (pcm=0x626fa0) at pcm_ladspa.c:834 #2 0x00007ffff7842946 in snd_pcm_plugin_prepare (pcm=0x626fa0) at pcm_plugin.c:171 #3 0x00007ffff784290f in snd_pcm_plugin_prepare (pcm=0x62c760) at pcm_plugin.c:162 #4 0x000000000040256a in ?? () #5 0x00007ffff7222ec5 in __libc_start_main (main=0x401d80,a argc=4, argv=0x7fffffffde28, init=, fini=, rtld_fini=, stack_end=0x7fffffffde18) at libc-start.c:287 #6 0x0000000000402fdd in ?? () This patch corrects the wrong reference. Reported-and-tested-by: Andreas Hartmann Signed-off-by: Takashi Iwai --- src/pcm/pcm_ladspa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/pcm/pcm_ladspa.c b/src/pcm/pcm_ladspa.c index 631ee0f3..6552b437 100644 --- a/src/pcm/pcm_ladspa.c +++ b/src/pcm/pcm_ladspa.c @@ -749,7 +749,7 @@ static int snd_pcm_ladspa_allocate_memory(snd_pcm_t *pcm, snd_pcm_ladspa_t *lads return -ENOMEM; } for (idx = 0; idx < instance->input.channels.size; idx++) { - chn = instance->output.channels.array[idx]; + chn = instance->input.channels.array[idx]; if (pchannels[chn] == NULL && chn < ichannels) { instance->input.data[idx] = NULL; continue; -- 2.47.1