Re: Crashing at CABitStreamReader::FillCache() + 233
Re: Crashing at CABitStreamReader::FillCache() + 233
- Subject: Re: Crashing at CABitStreamReader::FillCache() + 233
- From: Jens Alfke <email@hidden>
- Date: Wed, 2 Apr 2008 09:46:25 -0700
Turns out this crash is, unfortunately, due to a bug in CoreAudio. The
AAC parser is reading a few bytes past the end of the input buffer. If
the input buffer is a block allocated by vmalloc, and the address
space past it is unmapped, that will cause an invalid-address crash.
By turning on GuardMalloc, I immediately get a 100% reproducible crash
that's very similar, but not identical, to the one I've been
debugging. (The crash occurs in ACMP4AACLowComplexityEncoderEntry,
while parsing the first buffer of the stream.) Even better, by turning
on GuardMalloc in Apple's PlayFile sample code, I can get it to crash
100% of the time in almost exactly the same way when opening any ADTS-
encoded file. I've just filed rdar://5837305 against the PlayFile
crash, including a sample file and the exact steps needed to reproduce.
I'm now going to try working around the bug by allocating an input
buffer that's a few bytes longer than the data.
—Jens
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Coreaudio-api mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden