Glibc terminates all applications using SDL_mixer when playing MIDI

A few days ago, some update got performed by my Linux distro (Gentoo)
which made glibc abort programs with a message like:

*** glibc detected *** /var/tmp/portage/SDL_mixer/build/.libs/playmus:
free(): invalid pointer: 0x00000000012b0b80 ***

Programs using SDL_mixer to play MIDI (using the Timidity backend) are
affected, including the “playmus” sample program that comes with
SDL_mixer. This happens with both SDL_mixer 1.2.11 as well as latest
sources from Hg. Running valgrind on playmus doesn’t work (it just
quits for some reason). Running it on my own app, produces this:

(I deleted references to my own sources to make this smaller.)

==23754== Conditional jump or move depends on uninitialised value(s)
==23754== at 0x4C2A569: groom_list (readmidi.c:692)
==23754== by 0x4C2B8E1: read_midi_file (readmidi.c:1079)
==23754== by 0x4C286E3: Timidity_LoadSong_RW (playmidi.c:1732)
==23754== by 0x4C1C262: Mix_LoadMUS_RW (music.c:1501)
==23754==

==23754== Invalid write of size 2
==23754== at 0x4C1F4F9: load_instrument (instrum.c:805)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF21: load_missing_instruments (instrum.c:995)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)
==23754== Address 0x4fb9754 is 37,764 bytes inside a block of size
37,765 alloc’d
==23754== at 0x4A076AD: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23754== by 0x4C1C949: safe_malloc (common.c:218)
==23754== by 0x4C1EF6B: load_instrument (instrum.c:689)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF21: load_missing_instruments (instrum.c:995)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)
==23754==
==23754== Invalid write of size 2
==23754== at 0x4C1F4F9: load_instrument (instrum.c:805)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF50: load_missing_instruments (instrum.c:997)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)
==23754== Address 0x708f350 is 9,904 bytes inside a block of size 9,905
alloc’d
==23754== at 0x4A076AD: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23754== by 0x4C1C949: safe_malloc (common.c:218)
==23754== by 0x4C1EF6B: load_instrument (instrum.c:689)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF50: load_missing_instruments (instrum.c:997)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)
==23754==
==23754== Invalid read of size 2
==23754== at 0x4C2CB85: pre_resample (resample.c:726)
==23754== by 0x4C1F670: load_instrument (instrum.c:834)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF50: load_missing_instruments (instrum.c:997)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)
==23754== Address 0x65031be is 52,830 bytes inside a block of size
52,831 alloc’d
==23754== at 0x4A076AD: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==23754== by 0x4C1C949: safe_malloc (common.c:218)
==23754== by 0x4C1EF6B: load_instrument (instrum.c:689)
==23754== by 0x4C1FBBC: fill_bank (instrum.c:908)
==23754== by 0x4C1FF50: load_missing_instruments (instrum.c:997)
==23754== by 0x4C28723: Timidity_Start (playmidi.c:1744)
==23754== by 0x4C1BA77: music_internal_play (music.c:787)
==23754== by 0x4C1BBF3: Mix_FadeInMusicPos (music.c:874)
==23754== by 0x4C1BC55: Mix_PlayMusic (music.c:885)

(Audio starts playing after this point.)

==23754== Thread 2:
==23754== Conditional jump or move depends on uninitialised value(s)
==23754== at 0x4C228FA: s32tos16 (output.c:82)
==23754== by 0x4C27A66: compute_data (playmidi.c:1484)
==23754== by 0x4C284C3: Timidity_PlaySome (playmidi.c:1663)
==23754== by 0x4C1B4D6: music_mixer (music.c:292)
==23754== by 0x4C1818D: mix_channels (mixer.c:300)
==23754== by 0x3034A07E97: SDL_RunAudio (SDL_audio.c:198)
==23754== by 0x3034A10214: SDL_RunThread (SDL_thread.c:204)
==23754== by 0x3034A45358: RunThread (SDL_systhread.c:47)
==23754== by 0x3002206D4B: start_thread (pthread_create.c:301)
==23754== by 0x30016D12AC: clone (clone.S:115)
==23754==
==23754== Conditional jump or move depends on uninitialised value(s)
==23754== at 0x4C2290C: s32tos16 (output.c:83)
==23754== by 0x4C27A66: compute_data (playmidi.c:1484)
==23754== by 0x4C284C3: Timidity_PlaySome (playmidi.c:1663)
==23754== by 0x4C1B4D6: music_mixer (music.c:292)
==23754== by 0x4C1818D: mix_channels (mixer.c:300)
==23754== by 0x3034A07E97: SDL_RunAudio (SDL_audio.c:198)
==23754== by 0x3034A10214: SDL_RunThread (SDL_thread.c:204)
==23754== by 0x3034A45358: RunThread (SDL_systhread.c:47)
==23754== by 0x3002206D4B: start_thread (pthread_create.c:301)
==23754== by 0x30016D12AC: clone (clone.S:115)

And the reason is that MALLOC_CHECK_=3 was set globally (by KDE 4.7
RC1). It’s probably a mistake by KDE. But the SDL_mixer bug is real
nonetheless though.On 07/02/2011 03:20 AM, Nikos Chantziaras wrote:

A few days ago, some update got performed by my Linux distro (Gentoo)
which made glibc abort programs with a message like:

*** glibc detected *** /var/tmp/portage/SDL_mixer/build/.libs/playmus:
free(): invalid pointer: 0x00000000012b0b80 ***