Menu
▾
▴
1 Attachments
#358 Segmentation fault when creating a spectrogram with 3kHz limit
I tried to generate a spectrogram for a sample .au file (see int8-linear-pcm.au in the attachments) using SoX v14.4.2 in Ubuntu on WSL2, but it failed with a segmentation fault.
Valgrind output:
pp@DESKTOP-89OPGF3:/mnt/c/temp/ks-samples/media/au$ valgrind sox -V -V int8-linear-pcm.au -n rate 3k spectrogram
==1564== Memcheck, a memory error detector
==1564== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1564== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1564== Command: sox -V -V int8-linear-pcm.au -n rate 3k spectrogram
==1564==
sox: SoX v14.4.2
time: Feb 9 2020 10:36:08
issue: Ubuntu
uname: Linux DESKTOP-89OPGF3 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64
compiler: gcc 9.2.1 20200203
arch: 1288 48 88 L OMP
sox INFO formats: detected file format type `au'
sox INFO au: found big-endian `.snd' identifier
Input File : 'int8-linear-pcm.au'
Channels : 1
Sample Rate : 44100
Precision : 8-bit
Duration : 00:00:00.00 = 100 samples = 0.170068 CDDA sectors
File Size : 144
Bit Rate : 508k
Sample Encoding: 8-bit Signed Integer PCM
Endian Type : big
Reverse Nibbles: no
Reverse Bits : no
Comment : 'Processed by SoX'
Output File : '' (null)
Channels : 1
Sample Rate : 3000
Precision : 8-bit
Duration : 00:00:00.00 = 7 samples ~ 0.175 CDDA sectors
sox DBUG effects_i_dsp: make_lpf(n=805 Fc=0.2603575 β=14.7767 ρ=0.5 dc-norm=0 scale=1)
sox DBUG rate: fir_len=805 dft_length=4096 Fp=0.913628 Fs=1 Fn=3.675 att=141.996 1/1
sox DBUG effects_i_dsp: make_lpf(n=479 Fc=0.02272697 β=14.0586 ρ=0.75 dc-norm=0 scale=40)
sox DBUG rate: fir_len=12 phases=40 coef_interp=0 size=3.84k
sox DBUG rate: 18|18 preload=18 remL=0
sox DBUG rate: 18|18 preload=18 remL=0
sox DBUG rate: 0|0 preload=402 remL=0
sox DBUG rate: 0|11 preload=5 remL=0
sox DBUG spectrogram: duration=0.00233333 x_size=800 pixels_per_sec=5000 dft_size=1024
sox DBUG spectrogram: window_density=0.5
sox INFO spectrogram: actual pixels/s = -inf
sox DBUG spectrogram: step_size=-2147483648 block_steps=0
sox INFO sox: effects chain: input 44100Hz 1 channels (multi) 8 bits 00:00:00.00
sox INFO sox: effects chain: rate 3000Hz 1 channels 32 bits 00:00:00.00
sox INFO sox: effects chain: spectrogram 3000Hz 1 channels 32 bits 00:00:00.00
sox INFO sox: effects chain: dither 3000Hz 1 channels 8 bits 00:00:00.00
sox INFO sox: effects chain: output 3000Hz 1 channels (multi) 8 bits 00:00:00.00
sox DBUG sox: start-up time = 0.174284
sox DBUG spectrogram: cols=0 left=1073741312 end=1024
==1564== Invalid read of size 8
==1564== at 0x4842C1C: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1564== by 0x489F8B3: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x489FE72: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x4878261: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x10E2C6: ??? (in /usr/bin/sox)
==1564== by 0x4A740B2: (below main) (libc-start.c:308)
==1564== Address 0xfffffffd04e57908 is not stack'd, malloc'd or (recently) free'd
==1564==
==1564==
==1564== Process terminating with default action of signal 11 (SIGSEGV)
==1564== Access not within mapped region at address 0xFFFFFFFD04E57908
==1564== at 0x4842C1C: memmove (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
==1564== by 0x489F8B3: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x489FE72: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x4878261: sox_flow_effects (in /usr/lib/x86_64-linux-gnu/libsox.so.3.0.0)
==1564== by 0x10E2C6: ??? (in /usr/bin/sox)
==1564== by 0x4A740B2: (below main) (libc-start.c:308)
==1564== If you believe this happened as a result of a stack
==1564== overflow in your program's main thread (unlikely but
==1564== possible), you can try to increase the size of the
==1564== main thread stack using the --main-stacksize= flag.
==1564== The main thread stack size used in this run was 8388608.
==1564==
==1564== HEAP SUMMARY:
==1564== in use at exit: 508,404 bytes in 61 blocks
==1564== total heap usage: 107 allocs, 46 frees, 1,004,679 bytes allocated
==1564==
==1564== LEAK SUMMARY:
==1564== definitely lost: 0 bytes in 0 blocks
==1564== indirectly lost: 0 bytes in 0 blocks
==1564== possibly lost: 0 bytes in 0 blocks
==1564== still reachable: 508,404 bytes in 61 blocks
==1564== suppressed: 0 bytes in 0 blocks
==1564== Rerun with --leak-check=full to see details of leaked memory
==1564==
==1564== For lists of detected and suppressed errors, rerun with: -s
==1564== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
I installed SoX with sudo apt install sox. I understand that it's inconvenient that there are no line numbers in the above output, but I hope you'll be able to reproduce the issue with the same sample file so that I don't have to build SoX from source.
Confirmed on Debian stable (bullseye) with git master HEAD 42b3557e1
also when the au is converted to wav, also when the "rate 3k" effect is omitted.
The segfault occurs in print_at_() when it's trying to add the "Time (s)" label to the graph,
and is probably caused by the file only being 100 samples long, about 0.002 seconds.
"sox int8-linear-pcm.au -n spectrogram -r" does not segfault and produces a png file 13 pixels wide. Without -r, it's trying to print "Time (s)" at screen coordinate x = -2147483572
The attached patch prevents this by checking that only pixels within screen coordinates 0 <= X < cols and 0 <= y < rows get set, resulting in the attached spectrogram, which is still odd but hey.
To fix only this one issue, just checking that X>=0 is sufficient, or indeed that x>=0, but checking both against the PNG size seems more prudent.
SF only lets me attach one file per comment, so the output file will folloe.
Output file with patch applied
With current git on a macOS, the commad above does not segfault,
but runs indefinitely and eats up the CPU.
Without the rate effect, the spectrogram gets produced.
With rate 8k, 7k, 6k, 5k it still works; with rate 4999 it doesn't.
Same happens with the patch.
I will test on other systems.
On OpenBSD 7.2/amd64, with the latest git, it also works with rate down to 5k,
but segfaults with rate 4999. Same thing happens with the patch. gdb says
It's silly of course: with 7 samples, there's no "spectrum" to talk of.
With rate 5k it's 11 samples, and with rate 4999 it's also 11 samples:
On the first one (5k), spectrogram works;
on the second one (4999), spectrogram segfaults.
(Either with the patch or without.)
Only affects 42b355, not 14.4.2