View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0008555 | ardour | bugs | public | 2021-01-27 13:13 | 2021-01-27 13:13 |
| Reporter | feaneron | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | Arch | OS | Linux | OS Version | (any) |
| Product Version | 6.5 | ||||
| Summary | 0008555: Crash when changing buffer size with JACK | ||||
| Description | When I run Ardour with the JACK backend, using the pipewire-jack replacement libraries, and I try and change the buffer size, Ardour crashes with the following backtrace: --- double free or corruption (!prev) Thread 18 "ardour" received signal SIGABRT, Aborted. [Switching to Thread 0x7fffe0a9b700 (LWP 94)] 0x00007ffff49f7775 in raise () from /usr/lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x00007ffff49f7775 in raise () at /usr/lib/x86_64-linux-gnu/libc.so.6 0000001 0x00007ffff49e0855 in abort () at /usr/lib/x86_64-linux-gnu/libc.so.6 #2 0x00007ffff4a3b277 in __libc_message () at /usr/lib/x86_64-linux-gnu/libc.so.6 #3 0x00007ffff4a4279c in () at /usr/lib/x86_64-linux-gnu/libc.so.6 0000004 0x00007ffff4a43dec in _int_free () at /usr/lib/x86_64-linux-gnu/libc.so.6 0000005 0x00007ffff758886d in ARDOUR::AudioBuffer::~AudioBuffer() () at /app/lib/ardour6/libardour.so.3 #6 0x00007ffff758888d in ARDOUR::AudioBuffer::~AudioBuffer() () at /app/lib/ardour6/libardour.so.3 #7 0x00007ffff760cde3 in ARDOUR::BufferSet::ensure_buffers(ARDOUR::DataType, unsigned long, unsigned long) () at /app/lib/ardour6/libardour.so.3 0000008 0x00007ffff7bd9d38 in ARDOUR::ThreadBuffers::ensure_buffers(ARDOUR::ChanCount, unsigned long) () at /app/lib/ardour6/libardour.so.3 0000009 0x00007ffff760b78f in ARDOUR::BufferManager::ensure_buffers(ARDOUR::ChanCount, unsigned long) () at /app/lib/ardour6/libardour.so.3 0000010 0x00007ffff7bdb4c4 in ARDOUR::Track::set_block_size(unsigned int) () at /app/lib/ardour6/libardour.so.3 0000011 0x00007ffff7ab38d7 in ARDOUR::Session::set_block_size(unsigned int) () at /app/lib/ardour6/libardour.so.3 0000012 0x00007ffff75b96e1 in ARDOUR::AudioEngine::buffer_size_change(unsigned int) () at /app/lib/ardour6/libardour.so.3 0000013 0x00007ffff04159bb in ARDOUR::JACKAudioBackend::jack_bufsize_callback(unsigned int) () at /app/lib/ardour6/backends/libjack_audiobackend.so 0000014 0x00007ffff03d15ff in do_buffer_frames () at /usr/lib/x86_64-linux-gnu/libjack.so.0 #15 0x00007ffff0310868 in flush_items () at /usr/lib/x86_64-linux-gnu/spa-0.2/support/libspa-support.so 0000016 0x00007ffff0310742 in source_event_func () at /usr/lib/x86_64-linux-gnu/spa-0.2/support/libspa-support.so #17 0x00007ffff0311043 in loop_iterate () at /usr/lib/x86_64-linux-gnu/spa-0.2/support/libspa-support.so 0000018 0x00007ffff0387426 in do_loop () at /usr/lib/x86_64-linux-gnu/libpipewire-0.3.so.0 0000019 0x00007ffff54c84d2 in start_thread () at /usr/lib/x86_64-linux-gnu/libpthread.so.0 0000020 0x00007ffff4abc2a3 in clone () at /usr/lib/x86_64-linux-gnu/libc.so.6 --- It seems that the `ARDOUR::AudioBuffer::~AudioBuffer()` destructor is being called twice. By inspecting the code at https://github.com/Ardour/ardour/blob/master/libs/ardour/audio_buffer.cc#L45, it seems `_owns_data` is not set to `false` after freeing the data, which would allow for a double-free in the above scenario. | ||||
| Steps To Reproduce | - Run Ardour with `$ pw-jack ardour6` - Open a project with JACK - Play any audio - Change the buffer size (might need to change a few times until it crashes) | ||||
| Additional Information | I understand this is an exotic setup, and don't expect | ||||
| Tags | 6.5 | ||||
