Bug#415713: marked as done (bad mmap64 implementation in esddsp)

Mon, 17 Nov 2008 13:51:54 -0800 

Your message dated Mon, 17 Nov 2008 21:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#415713: fixed in esound 0.2.40-1
has caused the Debian Bug report #415713,
regarding bad mmap64 implementation in esddsp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
415713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415713
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Subject: bad mmap64 implementation in esddsp
Package: esound
Version: 0.2.36-3
Severity: important

Hello,
  after few hours of investigation to discover why firefox/iceweasel get
a SIGBUS when I want to save an image, I hope I found the primary cause
of this problem.  It is due to an implementation bug in mmap64 which is
overriden in libesddsp.so.
In effect, mmap64 uses a 64 bits offset (off64_t). However, wrap_mmap
declares a 32 bits one (off_t), at least on 32 bits OS. Therefore, when
calling original mmap64, 32 bits from offset are taken randomly from
stack which could lead to mapping a non existent part of a file in
memory thus signaling a Bus Error when further trying to access to this
mapped memory!

The patch attached work at least on my system (Linux x86 32 bits) but
need more testing on other arches (especially 64 bits ones).
I also applied mutex patch from Ubuntu 0.2.36-3ubuntu2:
http://www.no-name-yet.com/patches/esound.esddsp-crash.patch .

I guess #350428, #348938 and #347751 could be related to this bug.
Surely some bugs from iceweasel package are also related to this one.

Best regards,
Eric.

-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-k7
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)

Versions of packages esound depends on:
ii  esound-common               0.2.36-3     Enlightened Sound Daemon - Common
ii  libaudiofile0               0.2.6-6      Open-source version of SGI's audio
ii  libc6                       2.3.6.ds1-13 GNU C Library: Shared libraries
ii  libesd-alsa0 [libesd0]      0.2.36-3     Enlightened Sound Daemon (ALSA) -
ii  libwrap0                    7.6.dbs-13   Wietse Venema's TCP wrappers libra

-- 
 Eric Delaunay       | Le travail est trop sérieux pour le confier
 [EMAIL PROTECTED] | à ceux qui veulent se tuer avec.    Jissey.

diff -ur esound-0.2.36.orig/esddsp.c esound-0.2.36/esddsp.c
--- esound-0.2.36.orig/esddsp.c 2007-03-21 12:45:34.000000000 +0100
+++ esound-0.2.36/esddsp.c      2007-03-21 12:37:13.000000000 +0100
@@ -46,6 +46,7 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <stdio.h>
+#include <pthread.h>
 
 #ifdef HAVE_MACHINE_SOUNDCARD_H
 #  include <machine/soundcard.h>
@@ -127,10 +128,12 @@
   write (mixfd, &vol, sizeof (vol));
 }
 
+pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
 static void
 dsp_init (void)
 {
+  pthread_mutex_lock(&mutex);
   if (!ident)
     {
       const char *str;
@@ -162,6 +165,7 @@
          DPRINTF ("mixer settings file: %s\n", mixer);
        }
     }
+  pthread_mutex_unlock(&mutex);
 }
 
 static void
@@ -559,21 +563,25 @@
 }
 
 typedef void *(*mmap_funcptr_t) (void *, size_t, int, int, int, off_t);
+typedef void *(*mmap64_funcptr_t) (void *, size_t, int, int, int, off64_t);
 
 void *
-wrap_mmap (const char *symname, mmap_funcptr_t *func, void *start, 
-                size_t length, int prot, int flags, int fd, off_t offset)
+wrap_mmap (const char *symname, int off64, mmap_funcptr_t *func, void *start, 
+                size_t length, int prot, int flags, int fd, off64_t offset)
 {
   if (!*func)
     *func = (mmap_funcptr_t) dlsym (REAL_LIBC, symname);
 
   if(fd != sndfd || sndfd == -1)
-    return (**func)(start,length,prot,flags,fd,offset);
+    if (off64)
+      return (**(mmap64_funcptr_t*)func)(start,length,prot,flags,fd,offset);
+    else
+      return (**func)(start,length,prot,flags,fd,(off_t)offset);
   else
     {
       DPRINTF ("esddsp: %s - start = %x, length = %d, prot = %d\n",
               symname, start, length, prot);
-      DPRINTF ("      flags = %d, fd = %d, offset = %d\n",flags, fd,offset);
+      DPRINTF ("      flags = %d, fd = %d, offset = %lld\n",flags, fd,offset);
       if(mmapemu)
        {
          mmapemu_osize = length;
@@ -590,15 +598,15 @@
 mmap (void *start, size_t length, int prot, int flags, int fd, off_t offset)
 {
   static mmap_funcptr_t func = NULL;
-  return wrap_mmap("mmap", &func, start, length, prot, flags, fd, offset);
+  return wrap_mmap("mmap", 0, &func, start, length, prot, flags, fd, 
(off64_t)offset);
 }
 
 #ifdef HAVE_MMAP64
 void *
-mmap64 (void *start, size_t length, int prot, int flags, int fd, off_t offset)
+mmap64 (void *start, size_t length, int prot, int flags, int fd, off64_t 
offset)
 {
   static mmap_funcptr_t func = NULL;
-  return wrap_mmap("mmap64", &func, start, length, prot, flags, fd, offset);
+  return wrap_mmap("mmap64", 1, &func, start, length, prot, flags, fd, offset);
 }
 #endif

--- End Message ---
--- Begin Message --- 
Source: esound
Source-Version: 0.2.40-1

We believe that the bug you reported is fixed in the latest version of
esound, which is due to be installed in the Debian FTP archive:

esound-clients_0.2.40-1_amd64.deb
  to pool/main/e/esound/esound-clients_0.2.40-1_amd64.deb
esound-common_0.2.40-1_all.deb
  to pool/main/e/esound/esound-common_0.2.40-1_all.deb
esound_0.2.40-1.diff.gz
  to pool/main/e/esound/esound_0.2.40-1.diff.gz
esound_0.2.40-1.dsc
  to pool/main/e/esound/esound_0.2.40-1.dsc
esound_0.2.40-1_amd64.deb
  to pool/main/e/esound/esound_0.2.40-1_amd64.deb
esound_0.2.40.orig.tar.gz
  to pool/main/e/esound/esound_0.2.40.orig.tar.gz
libesd-alsa0_0.2.40-1_amd64.deb
  to pool/main/e/esound/libesd-alsa0_0.2.40-1_amd64.deb
libesd0-dev_0.2.40-1_amd64.deb
  to pool/main/e/esound/libesd0-dev_0.2.40-1_amd64.deb
libesd0_0.2.40-1_amd64.deb
  to pool/main/e/esound/libesd0_0.2.40-1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <[EMAIL PROTECTED]> (supplier of updated esound package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 17 Nov 2008 20:32:29 +0100
Source: esound
Binary: esound esound-clients esound-common libesd0 libesd0-dev libesd-alsa0
Architecture: source all amd64
Version: 0.2.40-1
Distribution: experimental
Urgency: low
Maintainer: Josselin Mouette <[EMAIL PROTECTED]>
Changed-By: Josselin Mouette <[EMAIL PROTECTED]>
Description: 
 esound     - Enlightened Sound Daemon - Support binaries
 esound-clients - Enlightened Sound Daemon - clients
 esound-common - Enlightened Sound Daemon - Common files
 libesd-alsa0 - Enlightened Sound Daemon (ALSA) - Shared libraries
 libesd0    - Enlightened Sound Daemon - Shared libraries
 libesd0-dev - Enlightened Sound Daemon - Development files
Closes: 147532 248118 257354 286406 288903 347751 348019 375804 385014 415216 
415713 422590 452720 465092 469860 486374 504694
Changes: 
 esound (0.2.40-1) experimental; urgency=low
 .
   * New maintainer.
   * New upstream release. Closes: #422590, #452720.
     + Exits with GNOME logout. Closes: #504694, #415216.
   * Convert to cdbs. Incidentally closes: #465092.
   * Enable IPv6 support.
   * Update copyright information.
   * Generate architectures list with type-handling.
     Closes: #288903, #469860.
   * Add documentation (and associated doc-base registration) to
     esound-common.
   * Move libesddsp to esound-clients (it’s only used by esddsp).
   * Split the patches that were not merged upstream into a quilt
     series.
   * Update watch.
   * Import patches from Ubuntu:
     + 17_check_esd.patch: do not bother starting esd if it doesn’t
       exist.
     + 18_multiple_instances.patch: allow multiple instances of esd per
       user. Closes: #147532
     + 19_esddsp_mutex.patch: protect dsp_init against multiple calls
       with a mutex. Closes: #347751, #348019, #257354.
   * 20_manpage_errors.patch: new patch. Add standard pod2man header to
     esdcat.1.in.
   * 21_requires.private: new patch. Use Requires.private for audiofile
     in the pkg-config file. Closes: #375804.
   * 12_esddsp_mmap64.patch: replace the mmap64 implementation by one
     that accepts off64_t. Closes: #415713.
   * 50_alsa_drain.patch: disabled for now, it should be fixed in ALSA.
   * Set libesd-alsa0 to be the default in shlibs.
     Closes: #286406, #385014.
   * Only suggest esound-clients. Closes: #486374.
   * Mention the two versions of the library in README.Debian.
     Closes: #248118.
Checksums-Sha1: 
 d81323f8353be6bc3b1364bc7a22f3b4698d7983 1212 esound_0.2.40-1.dsc
 b87eb039960d4ede6a3b125786244300565ae5b2 523203 esound_0.2.40.orig.tar.gz
 86ff64a7a74e89655a605e895d6725fd48093cac 31860 esound_0.2.40-1.diff.gz
 3f8a36cc2e3fb709ba2158bc85c524ea83474c79 55316 esound-common_0.2.40-1_all.deb
 9f0e85ca03d809178c208a4761d75fcc281a32db 24466 esound_0.2.40-1_amd64.deb
 b5093c9e75a06d32f24d1077ee2bd6d259501040 39234 
esound-clients_0.2.40-1_amd64.deb
 42fccceeb282ee151e1d3056af9d50b04e313338 16834 libesd0_0.2.40-1_amd64.deb
 2a88360663eb6ceba7f36166f58083e8d8fb2dfa 26394 libesd0-dev_0.2.40-1_amd64.deb
 ad55f48692f70ba9b8d90219fa0050fc2c6d3177 19696 libesd-alsa0_0.2.40-1_amd64.deb
Checksums-Sha256: 
 dc4c3fb1c098862ba835231b743069f33fff04050377ba07b6c4080fe0e7b6d1 1212 
esound_0.2.40-1.dsc
 0612188b493251a842eb671abb8653e2cbe62dec5ac189e88018250932da58d6 523203 
esound_0.2.40.orig.tar.gz
 ae3f761e4ec587bd4aff650b6238dc0ac7f78b2d746cdebadd805a80a84663a1 31860 
esound_0.2.40-1.diff.gz
 ee9e48766c7af0114124bd559bbe5a60172efef006ec40da886fbd93099f4dd7 55316 
esound-common_0.2.40-1_all.deb
 98b27164f2f7028ee4fc16909a3f0368260f060b29336de99834b240ae056d32 24466 
esound_0.2.40-1_amd64.deb
 ae54d7de57c480f6e6c61d542a933591329e3434172efcd211029a2f3e93923f 39234 
esound-clients_0.2.40-1_amd64.deb
 559dbd2ca1f369bac08f7625a1f4d47481a4a89ed79db673ee53e313979d0412 16834 
libesd0_0.2.40-1_amd64.deb
 03a8c3300e5928ed219b1ab0f3b73755726409c259dca57b91cb5e4b16d792c7 26394 
libesd0-dev_0.2.40-1_amd64.deb
 6c88d8eca87733e47058b5aa9be655c624609bbc2a895548f14387140981408c 19696 
libesd-alsa0_0.2.40-1_amd64.deb
Files: 
 ec97b5e547aa4bdbb851d09f1fec4da2 1212 sound optional esound_0.2.40-1.dsc
 8ca6d400ab6b938a8618d274893aad1e 523203 sound optional 
esound_0.2.40.orig.tar.gz
 1e5f27bf0f52f19f0c570b4a8531a72b 31860 sound optional esound_0.2.40-1.diff.gz
 a633a7a6e4af279d866b2a8dc283602f 55316 sound optional 
esound-common_0.2.40-1_all.deb
 e3f9e1104b13f4cff62d5fc62194c3f9 24466 sound optional esound_0.2.40-1_amd64.deb
 a25dcafa38ebe26aef016a7c606c2ddc 39234 sound optional 
esound-clients_0.2.40-1_amd64.deb
 4ca024e761703d73d40c21224f573712 16834 libs optional libesd0_0.2.40-1_amd64.deb
 66bd0f4e5dd3bd07bf7828b3ede742ab 26394 libdevel optional 
libesd0-dev_0.2.40-1_amd64.deb
 2a263e2c196209133f5fe905d2e19995 19696 libs extra 
libesd-alsa0_0.2.40-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJIcwMrSla4ddfhTMRApTyAJ4ymL4QuL0Ux5FR98R55LRjuotqqACg3z+W
EjDkmq8oKed2hy55JeZyQCk=
=W4Ox
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to