Opened 6 years ago

Closed 6 years ago

#1068 closed Bug Report (fixed)

Patch: Fix sord crash when destroying world

Reported by: falkTX Owned by: David Robillard
Priority: major Component: Sord
Keywords: crash, world, free, destroy, delete Cc:


I was getting a crash when destroying a specific lilv world. After some investigation it appears to be a bug in sord.

valgrind showed some invalid memory reads in sord_node_hash, and I guess it propagated through there. the crash doesn't happen right away, but a little later. in short, it's a memory corruption issue.

Here's the patch that fixes the issue:

Index: src/sord.c
--- src/sord.c	(revision 327)
+++ src/sord.c	(working copy)
@@ -148,6 +148,9 @@
 	const SordNode* node = (const SordNode*)n;
 	uint32_t        hash = zix_digest_start();
+	if (node->node.buf == NULL) {
+		return 0;
+	}
 	hash = zix_digest_add(hash, node->node.buf, node->node.n_bytes);
 	hash = zix_digest_add(hash, &node->node.type, sizeof(node->node.type));
 	if (node->node.type == SERD_LITERAL) {
@@ -207,6 +210,7 @@
 		sord_node_free((SordWorld*)user_data, node->meta.lit.datatype);
+	node->node.buf = NULL;

Change History (4)

comment:1 Changed 6 years ago by falkTX

got it to crash with a single plugin, contents are:

put this into some plugin.lv2/manifest.ttl and run this file when you run that script, you'll be able to see the crash

$ ./ ./plugin.lv2/
error: failed to remove node from hash
Last edited 6 years ago by falkTX (previous) (diff)

comment:2 Changed 6 years ago by David Robillard

Invalid paste ID...

comment:3 Changed 6 years ago by falkTX

sorry, sourceforge went down and it looks like it took down a few of the last pastebins.

comment:4 Changed 6 years ago by David Robillard

Resolution: fixed
Status: newclosed

Fixed in r329/sord.

Note: See TracTickets for help on using tickets.