Package: libxvidcore4 Version: 2:1.3.5-1 Severity: grave Tags: sid bullseye
Hi, Just over a month ago xvidcore was binNMUed and this seems to have triggered a bug somewhere and now any application which tries to initialize libxvidcore will segfault. Test app: #include <stddef.h> #include <xvid.h> int main(void) { xvid_gbl_init_t init = { .version = XVID_VERSION, .cpu_flags = 0, .debug = 0, }; xvid_global(NULL, XVID_GBL_INIT, &init, NULL); return 0; } $ gcc -o xvid-test xvid-test.c -lxvidcore $ ./xvid-test Segmentation fault (core dumped) The crash happens here: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f22940 in check_cpu_features () from /usr/lib/x86_64-linux-gnu/libxvidcore.so.4 (gdb) bt #0 0x00007ffff7f22940 in check_cpu_features () from /usr/lib/x86_64-linux-gnu/libxvidcore.so.4 #1 0x00007ffff7e9c15b in detect_cpu_flags () at ../../src/xvid.c:156 #2 0x00007ffff7e9d265 in xvid_gbl_init (init=0x7fffffffdee4, init=0x7fffffffdee4) at ../../src/xvid.c:793 #3 xvid_global (handle=<optimized out>, opt=<optimized out>, param1=0x7fffffffdee4, param2=<optimized out>) at ../../src/xvid.c:816 #4 0x000055555555516d in main () Which in turn seems to happen because the check_cpu_features function is in a non-executable read only memory region. $ /proc/4658/maps [...] 7ffff7e87000-7ffff7e8b000 rw-p 00000000 00:00 0 7ffff7e8b000-7ffff7e8d000 r--p 00000000 fd:00 954232 /usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3 7ffff7e8d000-7ffff7ef5000 r-xp 00002000 fd:00 954232 /usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3 [vvv] 7ffff7ef5000-7ffff7f2b000 r--p 0006a000 fd:00 954232 /usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3 [^^^] 7ffff7f2b000-7ffff7f2c000 r--p 0009f000 fd:00 954232 /usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3 7ffff7f2c000-7ffff7f36000 rw-p 000a0000 fd:00 954232 /usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3 7ffff7f36000-7ffff7fa1000 rw-p 00000000 00:00 0 [...] Indeed readelf contains some non-executable program headers in 2:1.3.5-1+b1 which do not appear in 2:1.3.5-1 in buster. The ".rotext" section sounds suspicious. 2:1.3.5-1+b1: $ readelf -l /usr/lib/x86_64-linux-gnu/libxvidcore.so.4 [...] Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x00000000000018a8 0x00000000000018a8 R 0x1000 LOAD 0x0000000000002000 0x0000000000002000 0x0000000000002000 0x00000000000673c9 0x00000000000673c9 R E 0x1000 LOAD 0x000000000006a000 0x000000000006a000 0x000000000006a000 0x0000000000035088 0x0000000000035088 R 0x1000 LOAD 0x000000000009fb90 0x00000000000a0b90 0x00000000000a0b90 0x00000000000098d0 0x0000000000073138 RW 0x1000 [...] 00 .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt 01 .init .plt .plt.got .text .fini 02 .rodata .rotext .eh_frame_hdr .eh_frame 03 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss 2:1.3.5-1: $ readelf -l /usr/lib/x86_64-linux-gnu/libxvidcore.so.4 [...] Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x000000000009da50 0x000000000009da50 R E 0x200000 LOAD 0x000000000009db90 0x000000000029db90 0x000000000029db90 0x00000000000098d0 0x0000000000073138 RW 0x200000 [...] 00 .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata .rotext .eh_frame_hdr .eh_frame 01 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss James
signature.asc
Description: OpenPGP digital signature