RISC OS Open
A fast and easily customised operating system for ARM devices
ROOL
Home | News | Downloads | Bugs | Bounties | Forum | Documents | Photos | Contact us
Account

Previous|Next

  • Tickets
  • » Ticket #505

Ticket #505 (Open)Tue Feb 23 11:08:59 UTC 2021

Titanium *ChannelVoice 8 1 overwrites RMA Heap

Reported by: Martin Avison (27) Severity: Major
Part: RISC OS: Module Release:
Milestone: Status Open

Details by Martin Avison (27):

It appears that on the Titanium only, using
*ChannelVoice 8 1
or
SYS “Sound_AttachVoice”,8,1
causes a block of RMA to have it’s length overwritten, causing a variety of machine problems, often machine lockups of tasks aborting (including Filer & Wimp).

This only seems to affect the Titanium, and channel 8, but for all voices.

The bug was first seen in a number of Meastro versions – see thread https://www.riscosopen.org/forum/forums/4/topic… for full details.

After failing to see from the SoundChannel source what the problem was (I think it disappears into DMAstuff, so I gave up) I did some (laborious) comparisons of memory blocks. My conclusion is that it is a typical out-by-one bug. The memory block just before the overwrite is 2,144 long. As channels 1-7 get allocated, the last 7 words of that block are populated, probably with an RMA address. When channel 8 gets allocated, the first word of the next block (which was a length of x20) is overwritten with the 8th address. This is the error trapped by *ReportHeap, and it causes anything else that traverses the RMA heap to fail.

I will try to attach evidence of these findings.

Changelog:

Modified by Martin Avison (27) Tue, February 23 2021 - 11:10:51 GMT

  • Attachment added: ChanHeap.txt

Attached details of block being overwritten.

  • Comment on, or change status of, this ticket

Previous|Next

Search tickets

Social

Follow us on and

ROOL Store

Buy RISC OS Open merchandise here, including SD cards for Raspberry Pi and more.

Donate! Why?

Help ROOL make things happen – please consider donating!

RISC OS IPR

RISC OS is an Open Source operating system owned by RISC OS Developments Ltd and licensed primarily under the Apache 2.0 license.

Options

  • Tickets
  • New ticket
  • Milestones
  • Subversion: Changesets
  • Subversion: Browse
  • CVS: Revisions
  • CVS: Browse
  • Search

RSS feeds Rss

  • Tickets
  • Everything!
  • More feeds...
Site design © RISC OS Open Limited 2018 except where indicated
The RISC OS Open Collaboa theme is distantly based on the Collaboa default layout

Valid XHTML 1.0  |  Valid CSS

Powered by Collaboa
This site runs on Rails

Hosted by Arachsys