alsa-project/alsa-lib issue #461 was opened from harryrowe01:
Calling snd_pcm_hw_params_get_buffer_size is causing memory corruption in the calling program.
The following C program demonstrates the issue.
/*
This example opens the default PCM device, sets
some parameters, and then displays the value
of some of the hardware parameters. It does not
perform any sound playback or recording.
*/
/* Use the newer ALSA API */
#define ALSA_PCM_NEW_HW_PARAMS_API
/* All of the ALSA library API is defined
* in this header */
#include <alsa/asoundlib.h>
int main() {
int rc;
snd_pcm_t *handle;
snd_pcm_hw_params_t *params, *save_params;
unsigned int val, val2;
int dir;
snd_pcm_uframes_t frames;
/* Open PCM device for playback. */
rc = snd_pcm_open(&handle, "default",
SND_PCM_STREAM_PLAYBACK, 0);
if (rc < 0) {
fprintf(stderr,
"unable to open pcm device: %s\n",
snd_strerror(rc));
exit(1);
}
/* Allocate a hardware parameters object. */
snd_pcm_hw_params_alloca(¶ms);
/* Fill it in with default values. */
snd_pcm_hw_params_any(handle, params);
/* Set the desired hardware parameters. */
/* Interleaved mode */
snd_pcm_hw_params_set_access(handle, params,
SND_PCM_ACCESS_RW_INTERLEAVED);
/* Signed 16-bit little-endian format */
snd_pcm_hw_params_set_format(handle, params,
SND_PCM_FORMAT_S16_LE);
/* Two channels (stereo) */
snd_pcm_hw_params_set_channels(handle, params, 2);
/* 44100 bits/second sampling rate (CD quality) */
val = 44100;
// val = 8000;
snd_pcm_hw_params_set_rate_near(handle,
params, &val, &dir);
/* Write the parameters to the driver */
rc = snd_pcm_hw_params(handle, params);
if (rc < 0) {
fprintf(stderr,
"unable to set hw parameters: %s\n",
snd_strerror(rc));
exit(1);
}
/* Display information about the PCM interface */
// Before calling snd_pcm_hw_params_get_buffer_size, save
// a copy of params which points to the parameter block.
save_params = params;
// This call to snd_pcm_hw_params_get_buffer_size causes
// the value of params in main to be corrupted.
// Since the params argument to the function is passed
// by value, the function itself should not have access to
// the original variable in main.
snd_pcm_hw_params_get_buffer_size(params,
(snd_pcm_uframes_t *)&val);
// Then if the pointer has been modified, flag the problem and
// restore the pointer from the saved value.
if( params != save_params )
{
printf( "The pointer to the parameter block has been corrupted!\n" );
printf( "was %lx \n", save_params );
printf( "is now %lx \n", params );
printf( "So I'm fixing it.\n" );
params = save_params;
}
printf("buffer size = %u frames\n", val);
snd_pcm_close(handle);
return 0;
}
Compiled and run as follows:
harry@idun:~/Documents/morse$ cc bad_alsa.c -lasound -o bad_alsa
harry@idun:~/Documents/morse$ ./bad_alsa
The pointer to the parameter block has been corrupted!
was 7ffcd2011610
is now 7ffc00000000
So I'm fixing it.
buffer size = 1048576 frames
harry@idun:~/Documents/morse$ cc bad_alsa.c -lasound -o bad_alsa
harry@idun:~/Documents/morse$ ./bad_alsa
The pointer to the parameter block has been corrupted!
was 7fffc7483030
is now 7fff00000000
So I'm fixing it.
buffer size = 1048576 frames
harry@idun:~/Documents/morse$
Host is an AMD64 version of Debian 12. Installed version of ALSA library is libasound2 1.2.8-1+b1
Issue URL : https://github.com/alsa-project/alsa-lib/issues/461
Repository URL: https://github.com/alsa-project/alsa-lib
