#27 Scan process aborts due to free() of invalid pointer

open
nobody
None
5
2009-12-23
2009-12-23
dwaltz
No

minidlna versione: Version 1.0.16.3
host machine:
OS: Ubuntu 9.10
kernel: 2.6.31-16
hardware: Atom 330 processor + ION motherboard
media processed: a large collections of mp3 files with plenty of id3 tags
clients used: Terratec Noxon 2 and Windows Media Player on Vista on a laptop

The problem I first observed was that the clients were able to access only a fraction of the total tracks available.
Precisely it was as if the scan was interrupted an only the first few track were reachable.
I hence performed a debug session, also rebuilding the program adding ad-hoc comments.

It turns out that the forked process for the scan was simply aborting.
Actually the main was not, and the OS was not giving no indication of the fact the forked did crash/abort.
I was able to observe the whole process aborting at OS level only explicitly disabling the fork (#define USE_FORK 0 in upnpglobalvars.h).

Later I made a more refined log and restored the fork mode but got nothing.
Suddenly once I got an explicit error like:

*** glibc detected *** minidlna: free(): invalid pointer: 0x08d3e2a0 ***

hence I set the environment variable MALLOC_CHECK_=1 to discover that this error was reported several times, almost once per track if the DB was clean.
With this variable set the forked process does not crash anymore and the database appears to be fully populated. So in fact this is a workaround.

Adding more logs I was able to detect the free() error was happening in the freetags() method, more precisely just when it was attempting to free the comment (MAYBEFREE(psong->comment)).
Please note that for some reason many of my tracks end up having the comment “(null)” in the DB (as a tagger I use mp3tag under windows).

I spent some time also analyzing the _get_mp3tags() method in tagutil-mp3.c, but I was unable to understand if there was some logic error and if the pointer was freed in advance.

As stated, a workaround is to export MALLOC_CHECK_=1.

regards

Discussion


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks