Your message dated Wed, 6 Nov 2024 18:04:19 +0100 with message-id <jpftxa7kumxkoiyfrvhcfdc6jhshimg5vszhnzuofl7babb...@tarta.nabijaczleweli.xyz> and subject line Close: Bug#844634: mpg321: "Segmentation fault" when running mpg321 with malformated has caused the Debian Bug report #844634, regarding mpg321: "Segmentation fault" when running mpg321 with malformated to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 844634: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844634 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: mpg321 Version: 0.3.2-1.1 Severity: normal File: /usr/bin/mpg321 Dear Maintainer, * What led up to the situation? We were developing a fuzzer and triggered this bug. * What outcome did you expect instead? I expected the program not to crash. I also attached a file that triggers this bug. Here's a stack trace: """ Program received signal SIGSEGV, Segmentation fault. 0xb7e4b612 in mad_bit_read () from /usr/lib/i386-linux-gnu/libmad.so.0 (gdb) bt #0 0xb7e4b612 in mad_bit_read () from /usr/lib/i386-linux-gnu/libmad.so.0 #1 0xb7e4f9bc in mad_layer_I () from /usr/lib/i386-linux-gnu/libmad.so.0 #2 0xb7e4d0dd in mad_frame_decode () from /usr/lib/i386-linux-gnu/libmad.so.0 #3 0xb7e4f14b in ?? () from /usr/lib/i386-linux-gnu/libmad.so.0 #4 0xb7e4f6d6 in mad_decoder_run () from /usr/lib/i386-linux-gnu/libmad.so.0 #5 0x0804b0c4 in ?? () #6 0xb7c61a63 in __libc_start_main (main=0x804a960, argc=2, argv=0xbffff614, init=0x8053d70, fini=0x8053d60, rtld_fini=0xb7fedc50 <_dl_fini>, stack_end=0xbffff60c) at libc-start.c:287 #7 0x0804c19d in ?? () """ -- System Information: Debian Release: 8.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mpg321 depends on: ii libao4 1.1.0-3 ii libasound2 1.0.28-1 ii libc6 2.19-18+deb8u4 ii libid3tag0 0.15.1b-11 ii libmad0 0.15.1b-8 ii zlib1g 1:1.2.8.dfsg-2+b1 Versions of packages mpg321 recommends: ii libaudio-scrobbler-perl 0.01-2.1 mpg321 suggests no packages. -- debconf-show failed
mpg321-2016-05-14T21-38-57.853298.mp3
Description: mpg321-2016-05-14T21-38-57.853298.mp3
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Version: 0.15.1b-9 Report says (gdb) bt #0 0xb7e4b612 in mad_bit_read () from /usr/lib/i386-linux-gnu/libmad.so.0 ii libmad0 0.15.1b-8 Norepro on bookworm + mpg321 0.3.2-4: $ mpg321 superstar\ pride\ on\ ice\ spice\'s\ radar.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2, and 3. Version 0.3.2-1 (2012/03/25). Written and copyrights by Joe Drew, now maintained by Nanakos Chrysostomos and others. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : Artist : Album : Year : 2024 Comment : Genre : Playing MPEG stream from superstar pride on ice spice's radar.mp3 ... MPEG 1.0 layer III, 192 kbit/s, 44100 Hz joint-stereo ALSA lib pcm.c:2666:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.front ^C [0:01] Decoding of superstar pride on ice spice's radar.mp3 finished. $ mpg321 mpg321-2016-05-14T21-38-57.853298.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2, and 3. Version 0.3.2-1 (2012/03/25). Written and copyrights by Joe Drew, now maintained by Nanakos Chrysostomos and others. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Illegal bit allocation value Playing MPEG stream from mpg321-2016-05-14T21-38-57.853298.mp3 ... MPEG 2.0 layer III, 56 kbit/s, 22050 Hz mono [0:00] Decoding of mpg321-2016-05-14T21-38-57.853298.mp3 finished. bookworm ships libmad0 0.15.1b-10.1+b1, changelog says libmad (0.15.1b-9) unstable; urgency=high * Properly check the size of the main data. The previous patch only checked that it could fit in the buffer, but didn't ensure there was actually enough room free in the buffer. This was assigned both CVE-2017-8372 and CVE-2017-8373, but they are really the same, just a different way to detect it. (Closes: #287519) * Rewrite patch to check the size of buffer. It now checks it before reading it instead of afterwards checking that we did read too much. This now also covers parsing the frame and layer3, not just layer 1 and 2. This was original reported in #508133. CVE-2017-8374 mentions a case in layer 3. -- Kurt Roeckx <[email protected]> Sun, 28 Jan 2018 16:28:46 +0100 so, this looks like that.
Description: PGP signature
--- End Message ---
