Possible String related crash

Kyle gonemad at gmail.com
Sun Oct 13 20:16:59 UTC 2013 

After some more testing I will say that recompiling taglib with
TAGLIB_ATOMIC_GCC
set seems to fix the issue.  I am glad it was a simple fix.  Thanks

-Kyle


On Sat, Oct 12, 2013 at 8:13 PM, Tsuda Kageyu <tsuda.kageyu at gmail.com>wrote:

> After reading your report interestingly, I had a brief look at the code.
> Though I couldn't locate the problem, I found some functions which are
> possibly vulnerable for concurrent calls and made a pull request to fix
> it:
> https://github.com/taglib/taglib/pull/300
>
> Hope it can help you.
>
> Kageyu.
>
> >I've had this issue for around a year and i've traced basically every line
> >of my code and cannot find any issues.  I've looked through the taglib
> code
> >and cannot find the exact cause either, but for some reason once in awhile
> >I'll get a stack trace that comes down to destroying a String
> >
> >This is on Android so the stack traces are not the greatest:
> >
> >#02 pc 000f9eff
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(operator delete(void*)+6)
> >#03 pc 000f9f07
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(operator delete[](void*)+2)
> >#04 pc 000d1eeb
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::String::~String()+38)
> >#05 pc 000e4fd9
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::TagUnion::comment() const+48)
> >#06 pc 00098b90
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(Java_gonemad_gmmp_taglibjni_Tag_scan+752)
> >
> >
> >#02 pc 000fa6f0
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(std::__stl_throw_length_error(char const*)+8)
> >#03 pc 000d224b
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(std::basic_string<wchar_t, std::char_traits<wchar_t>,
> >std::allocator<wchar_t> >::_M_compute_next_size(unsigned int)+50)
> >#04 pc 000d3287
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(std::basic_string<wchar_t, std::char_traits<wchar_t>,
> >std::allocator<wchar_t> >::_M_append(wchar_t const*, wchar_t const*)+102)
> >#05 pc 000d3365
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::String::append(TagLib::String const&)+20)
> >#06 pc 000d33bf
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(operator+(TagLib::String const&, TagLib::String const&)+14)
> >#07 pc 000c2ad9
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v1::genre(int)+36)
> >#08 pc 000c3c77
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v2::FrameFactory::updateGenre(TagLib::ID3v2::
> >TextIdentificationFrame*)
> >const+350)
> >#09 pc 000c3ecf
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v2::FrameFactory::createFrame(TagLib::ByteVector const&,
> >TagLib::ID3v2::Header*) const+522)
> >#10 pc 000c5291
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v2::Tag::parse(TagLib::ByteVector const&)+164)
> >#11 pc 000c544d
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v2::Tag::read()+120)
> >#12 pc 000c5503
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::ID3v2::Tag::Tag(TagLib::File*, long, TagLib::ID3v2::FrameFactory
> >const*)+102)
> >#13 pc 000c106f
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::MPEG::File::read(bool, TagLib::AudioProperties::ReadStyle)+50)
> >#14 pc 000c12bb
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::MPEG::File::File(char const*, bool,
> >TagLib::AudioProperties::ReadStyle)+106)
> >#15 pc 000e5a75
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::FileRef::create(char const*, bool,
> >TagLib::AudioProperties::ReadStyle)+252)
> >#16 pc 000e60f1
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(TagLib::FileRef::FileRef(char const*, bool,
> >TagLib::AudioProperties::ReadStyle)+20)
> >#17 pc 000988ec
> >/data/app-lib/com.jrtstudio.AnotherMusicPlayer-1/libgm_audioengine.so
> >(Java_gonemad_gmmp_taglibjni_Tag_scan+76)
> >
> >
> >#00  pc 0001183a  /system/lib/libc.so (dlfree+57)
> >10-11 09:41:53.647 I/DEBUG   (303):     #01  pc 0000cf73
> > /system/lib/libc.so (free+10)
> >10-11 09:41:53.647 I/DEBUG   (303):     #02  pc 000faccb
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so (operator
> >delete(void*)+6)
> >10-11 09:41:53.647 I/DEBUG   (303):     #03  pc 000d2c6d
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::String::~String()+80)
> >10-11 09:41:53.647 I/DEBUG   (303):     #04  pc 000c3241
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::ID3v1::Tag::~Tag()+24)
> >10-11 09:41:53.647 I/DEBUG   (303):     #05  pc 000c327d
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::ID3v1::Tag::~Tag()+4)
> >10-11 09:41:53.647 I/DEBUG   (303):     #06  pc 000e587d
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::TagUnion::TagUnionPrivate::~TagUnionPrivate()+44)
> >10-11 09:41:53.647 I/DEBUG   (303):     #07  pc 000e58b7
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::TagUnion::~TagUnion()+22)
> >10-11 09:41:53.647 I/DEBUG   (303):     #08  pc 000c15f9
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::MPEG::File::~File()+36)
> >10-11 09:41:53.647 I/DEBUG   (303):     #09  pc 000c1615
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::MPEG::File::~File()+4)
> >10-11 09:41:53.647 I/DEBUG   (303):     #10  pc 000e61e3
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::FileRef::~FileRef()+42)
> >10-11 09:41:53.647 I/DEBUG   (303):     #11  pc 000e61f9
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(TagLib::FileRef::~FileRef()+4)
> >10-11 09:41:53.647 I/DEBUG   (303):     #12  pc 00099ae4
> > /data/app-lib/gonemad.gmmp-1/libgm_audioengine.so
> >(Java_gonemad_gmmp_taglibjni_Tag_scan+1396)
> >
> >And I have many more similar but in different parts of taglib.  The only
> >common thing I can trace is the use of String::null.  The second trace i
> >posted happens in this chunk of code adding 2 static strings
> >
> >String ID3v1::genre(int i)
> >{
> >  if(i >= 0 && i < genresSize)
> >    return genres[i] + String::null; // always make a copy
> >  return String::null;
> >}
> >
> >Is there a possibility that String::null is somehow being deleted due to
> >some race condition?  I am using taglib in multiple threads at the same
> >time.  Any ideas?
> >
> >--
> >-Kyle
> >
> >-------------------------------text/plain-------------------------------
> >_______________________________________________
> >taglib-devel mailing list
> >taglib-devel at kde.org
> >https://mail.kde.org/mailman/listinfo/taglib-devel
> _______________________________________________
> taglib-devel mailing list
> taglib-devel at kde.org
> https://mail.kde.org/mailman/listinfo/taglib-devel
>



-- 
-Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/taglib-devel/attachments/20131013/493e390c/attachment.html>

More information about the taglib-devel mailing list