Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-11883

Segmentation Fault in QAudioOutputPrivate::freeBlocks() caused by wrong pointer increment

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P3: Somewhat important
    • 4.7.1
    • 4.6.3
    • Multimedia
    • None
    • Win XP

    Description

      This is related to #QTBUG-9875 but describes the real bug there.

      In src/multimedia/audio/qaudiooutput_win32_p.cpp:

      void QAudioOutputPrivate::freeBlocks(WAVEHDR* blockArray)
{
    WAVEHDR* blocks = blockArray;

    int count = buffer_size/period_size;

    for(int i = 0; i < count; i++) {
        waveOutUnprepareHeader(hWaveOut,blocks, sizeof(WAVEHDR));
        blocks+=sizeof(WAVEHDR);
    }
    HeapFree(GetProcessHeap(), 0, blockArray);
}

      The line blocks+=sizeof(WAVEHDR); increments blocks by 0x400 instead of 0x20 which results (depending on the audio file) in a segmentation fault.
      This is because blocks is of type WAVEHDR* and not BYTE*.

      So you must use blocks++; instead; or you go back to version 4.6.2 (which uses &blocks[i] as parameter) and remove the increment completely (because i is already incremented by the loop.

      Addendum: Same problem in void QAudioInputPrivate::freeBlocks(WAVEHDR* blockArray)

      Best regards,
      Hoffi

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            korbatit Kurt Korbatits (closed Nokia identity) (Inactive)
            hoffi Hoffi
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes