uint32_t i;
for (i = 0; i < SPA_N_ELEMENTS(some_array); i++)
.. stuff with some_array[i].foo ...
becomes:
SPA_FOR_EACH_ELEMENT_VAR(some_array, p)
.. stuff with p->foo ..
When we are already past the size of the buffer, don't bother calling
the overflow callback anymore, the buffer is already corrupted.
Otherwise it would be possible to have the overflow callback fail the
first time around, some data will be skipped, and then the next
overflow callback would succeed, giving the impression that all is
fine.
Add a unit test for this.
A lot of code calls spa_hook_remove() from error paths where the hook
and therefore the list may not have been initialized.
This leads to null-derefences.
Register a pthread cleanup handler to guarantee
that `spa_source::{priv, rmask}` are cleared even
if the thread is cancelled while the loop is dispatching.
This is necessary, otherwise `spa_source::priv` could point
to the stack of the cancelled thread, which will lead to
problems like this later:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f846b025be2 in detach_source (source=0x7f845f435f60) at ../spa/plugins/support/loop.c:144
144 e->data = NULL;
[Current thread is 1 (LWP 5274)]
(gdb) p e
$1 = (struct spa_poll_event *) 0x7f845e297820
(gdb) bt
#0 0x00007f846b025be2 in detach_source (source=0x7f845f435f60) at ../spa/plugins/support/loop.c:144
#1 0x00007f846b0276ad in free_source (s=0x7f845f435f60) at ../spa/plugins/support/loop.c:359
#2 0x00007f846b02a453 in loop_destroy_source (object=0x7f845f3af478, source=0x7f845f435f60) at ../spa/plugins/support/loop.c:786
#3 0x00007f846b02a886 in impl_clear (handle=0x7f845f3af478) at ../spa/plugins/support/loop.c:859
#4 0x00007f846b172f40 in unref_handle (handle=0x7f845f3af450) at ../src/pipewire/pipewire.c:211
#5 0x00007f846b173579 in pw_unload_spa_handle (handle=0x7f845f3af478) at ../src/pipewire/pipewire.c:346
#6 0x00007f846b15a761 in pw_loop_destroy (loop=0x7f845f434e30) at ../src/pipewire/loop.c:159
#7 0x00007f846b135d8e in pw_data_loop_destroy (loop=0x7f845f434cb0) at ../src/pipewire/data-loop.c:166
#8 0x00007f846b12c31c in pw_context_destroy (context=0x7f845f41c690) at ../src/pipewire/context.c:485
#9 0x00007f846b3ddf9e in jack_client_close (client=0x7f845f3c1030) at ../pipewire-jack/src/pipewire-jack.c:3481
...
We need exactly 4 hex characters, everything else is refused. We
also copy those characters directly to the output string without
assuming any encoding.
See #2337
The PropInfo either has a registered id (and then also a name from the
type-info) or a custom name as a string.
In all cases, the description contains a free form text that clarifies
the property.
Use the description in the stream controls name.
Keep a counter for the amount of times pw_init() was called and
only clear everything when pw_deinit() was called an equal amount of
times.
Also ensure that pw_init() can be called again after pw_deinit().
Fixes#2238
And use this in spa_json_format_float() where we also avoid invalid
json floats.
Use json float format in some places where we serialize json floats.
Add a unit test.
See #2223
Add a test which triggers two event sources in the loop's "before"
control hook, and destroys the second source in the loop's "after"
control hook, and then reenters the loop in the event handler of
the first source. At the moment, this test triggers a use-after-free.
==2973914==ERROR: AddressSanitizer: heap-use-after-free on address 0x608000000440 [...]
READ of size 4 at 0x608000000440 thread T0
#0 0x7fa97f60c6b7 in loop_iterate ../spa/plugins/support/loop.c:376
#1 0x7fa98472c1eb in pw_main_loop_run ../src/pipewire/main-loop.c:148
#2 0x559995af7a76 in destroy_managed_source_before_dispatch_recurse ../test/test-loop.c:355
#3 0x559995b02678 in start_test_nofork ../test/pwtest.c:882
#4 0x559995b06191 in run_test ../test/pwtest.c:1087
#5 0x559995b0948a in run_tests ../test/pwtest.c:1283
#6 0x559995b0aea4 in main ../test/pwtest.c:1482
#7 0x7fa98360130f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
#8 0x7fa9836013c0 in __libc_start_main@GLIBC_2.2.5 (/usr/lib/libc.so.6+0x2d3c0)
#9 0x559995aed754 in _start (/home/pb/temp/src/pipewire/build/test/test-loop+0x26754)
0x608000000440 is located 32 bytes inside of 96-byte region [0x608000000420,0x608000000480)
freed by thread T0 here:
#0 0x7fa984ffda79 in __interceptor_free /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
#1 0x7fa97f60b03a in process_destroy ../spa/plugins/support/loop.c:344
#2 0x7fa97f60cbf8 in loop_iterate ../spa/plugins/support/loop.c:387
#3 0x559995af5b62 in dmsbd_recurse_on_event ../test/test-loop.c:298
#4 0x7fa97f60d826 in source_io_func ../spa/plugins/support/loop.c:396
#5 0x7fa97f60c7e7 in loop_iterate ../spa/plugins/support/loop.c:377
#6 0x7fa98472c1eb in pw_main_loop_run ../src/pipewire/main-loop.c:148
#7 0x559995af7a76 in destroy_managed_source_before_dispatch_recurse ../test/test-loop.c:355
#8 0x559995b02678 in start_test_nofork ../test/pwtest.c:882
#9 0x559995b06191 in run_test ../test/pwtest.c:1087
#10 0x559995b0948a in run_tests ../test/pwtest.c:1283
#11 0x559995b0aea4 in main ../test/pwtest.c:1482
#12 0x7fa98360130f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
previously allocated by thread T0 here:
#0 0x7fa984ffdfb9 in __interceptor_calloc /usr/src/debug/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
#1 0x7fa97f60d883 in loop_add_io ../spa/plugins/support/loop.c:408
#2 0x559995af75de in destroy_managed_source_before_dispatch_recurse ../test/test-loop.c:349
#3 0x559995b02678 in start_test_nofork ../test/pwtest.c:882
#4 0x559995b06191 in run_test ../test/pwtest.c:1087
#5 0x559995b0948a in run_tests ../test/pwtest.c:1283
#6 0x559995b0aea4 in main ../test/pwtest.c:1482
#7 0x7fa98360130f in __libc_start_call_main (/usr/lib/libc.so.6+0x2d30f)
SUMMARY: AddressSanitizer: heap-use-after-free ../spa/plugins/support/loop.c:376 in loop_iterate
Rewrite the test that destroys an active managed source
right after polling is done. There is no need to use a
thread loop because the same thing can be simulated using
the before/after loop control hooks in a more controlled
manner.
Catch SIGTERM/SIGINT in test runner, and clean up any spawned processes.
Fixes printing test output on termination by signal (e.g. meson
timeout), and doesn't leave spawned processes running.
Add an extra private field to the source to store the pollevent of
the current iteration. This changes ABI but it seems an embedded source
is not used outside of our own plugins and the unit test doesn't test
this ABI case.
Whenever a source is removed, we can set the data field of the
pollevent to NULL so that it won't be handled in any iteration anymore.
Avoid dispatching the same event multiple times when doing recursive
iterations.
Add some more unit tests for this.
Fixes#2114
Call spa_handle_clear() on the handle before freeing.
Actually store the loaded dll in the right array.
First clear the handle, then close the dll.
Fix iteration of the dlls.
Most feature checks already use #ifdef, and do not care about
the value of the macro. Convert all feature checks to do that,
and simplify the meson build scripts by replacing
if cond
cdata.set('X', 1)
endif
with
cdata.set('X', cond)
Use `meson.project_{build,source}_root()` instead of
`meson.{build,source}_root()` because those functions
do not work as expected when used inside a subproject,
and they have been deprecated in meson 0.56.0.
Previously, the standard i/o stream and daemon logs
were not properly null terminated, which could cause
issues in `print_lines()` inside `log_test_result()`.
See #1710
When we get to this code, we already updated the environment variables
so we need to use the usual error path to restore them.
And where chdir does fail, print an error to the log. 256 chars should
be enough here, if your tmpdir exceeds that you just have the error
message cut off.
You are only supposed to use _insert_new()/_remove() or _insert_at()
on the map, If we detect a _insert_at() to a removed item,
return an error because else we might corrupt the free list.
Update unit test accordingly.