Bug#689659: mpg123 segfaults on specific file
Am Mon, 8 Oct 2012 15:30:48 -0400 schrieb Miguel A. Colón Vélez debian.mic...@gmail.com: The Debian i386 architecture is supposed to support all i486 and later. The current package of mpg123 gets compiled with --with-cpu=x86_dither This doesn't seem to be in effect here. First: Yes, --with-cpu=x86 superseedes --with-cpu=x86_dither (dithered decoders are included). And: If I do a build --with-cpu=x86 in the i386 wheezy VM, I get the following list of decoders: sh$ src/mpg123 --list-cpu Builtin decoders: SSE 3DNowExt 3DNow MMX i586 i586_dither i386 generic generic_dither The stock binary says this: sh$ mpg123 --list-cpu Builtin decoders: i486 This happens either when building --with-cpu=i486 or when not specifying anything (--with-cpu=) and setting host to i486-*. Unfortunately, the i486 code is a hack that has not been merged with the other optimizations. Since generic and i386 code will run just fine on i486 CPUs, I recommend enforcing --with-cpu=x86 on ia32 platform. Alrighty then, Thomas signature.asc Description: PGP signature
Bug#689659: mpg123 segfaults on specific file
Holy macaroni! I totally overlooked that: Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Oops, sorry about that. I had old version of mpg123 hiding in /usr/local. I can confirm that right version works as expected... Should I search for brown paper bag? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689659: mpg123 segfaults on specific file
Hello: I just tried the cut.mp3 file on an up to date amd64 Debian Sid system and it worked fine. $ mpg123 cut.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layers 1, 2 and 3 version 1.14.4; written and copyright by Michael Hipp and others free software (LGPL/GPL) without any warranty but with best wishes Playing MPEG stream 1 of 1: cut.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Title: O SNEHURCE Artist: IVAN MLADEK Comment: Album: POHADKY A JINE POVIDACKY Year:1994Genre: Vocal Note: Illegal Audio-MPEG-Header 0xc7ae608a at offset 1251. Note: Trying to resync... Note: Skipped 159 bytes in input. Note: Illegal Audio-MPEG-Header 0xfffb at offset 32268. Note: Trying to resync... Note: Skipped 2 bytes in input. [0:02] Decoding of cut.mp3 finished. What I did notice was that the original user logs suggest that they are using Version 0.59o (1998/Feb/08). of mpg123. My logs show version 1.14.4 and that it worked with 1.14.4. I'm not sure why but it seems that there are several versions installed on this system or the system is not up to date. Hope this helps, Miguel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689659: mpg123 segfaults on specific file
Am Sat, 6 Oct 2012 13:07:55 +0200 schrieb Pavel Machek pa...@ucw.cz: What is the infamous memcpy optimization? I tried brief google, but nothing. This? http://lwn.net/Articles/417881/ It has no details :-(. Yeah, I am talking of the change referred to there. Damn, this is a long time ago already. Software _should_ have catched up with the enforced memcpy() behaviour ... pavel@amd:/tmp$ valgrind mpg123 mp3.bug/cut.mp3 Ah, this is an AMD box. So this could be the 3DNow(ext) code ... I could fire up an Athlon XP with debian squeeze and update it ... but not anyday soon. I don't have 32 bit AMD systems hanging around connected. I don't see ==18936== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==18936== Bad permissions for mapped region at address 0x805EFFC ==18936==at 0x4028E3C: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Invalid read of size 1 ==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134) ==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273) ==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729) ==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119) ==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37) ==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Address 0x1eb is not stack'd, malloc'd or (recently) free'd ... as that does not make a lot of sense anyway (the input file is in the call trace??). I installed a wheezy system in qemu-kvm and could not reproduce the crash. But I got 1.14.4-1 there, not 1.14.2+svn20120622-1. Do you see the crash with the updated package? Suspecting one of the assembly decoders, I noticed that the debian build of mpg123 is fixed to the i486 one: shell$ mpg123 --list-cpu builtin decoders: i486 Is that intentional? This is just some C code with quirks to please the i486 CPU, not necessarily of any benefit on other x86 cores. Generic of i386 should be preferred. But most of all: For sensible performance, one should use the multi-cpu default build (--with-cpu=x86 on 32 bit systems). I suspect that Pavel's crash could be related to using 3DNow(ext). Pavel, what does sh$ mpg123 --test-cpu report for you? And also, what does sh$ mpg123 -v some_file.mp3 21 | grep Decoder show? It naturally just says 'Decoder: i486' here. If you have a multi-cpu build, please test some of the other available cpu opts (mpg123 --cpu generic; mpg123 --cpu mmx, mpg123 --cpu i386, mpg123 --cpu sse; etc). Alrighty then, Thomas signature.asc Description: PGP signature
Bug#689659: mpg123 segfaults on specific file
Am Mon, 8 Oct 2012 13:39:26 -0400 schrieb Miguel A. Colón Vélez debian.mic...@gmail.com: What I did notice was that the original user logs suggest that they are using Version 0.59o (1998/Feb/08). of mpg123. My logs show version 1.14.4 and that it worked with 1.14.4. Holy macaroni! I totally overlooked that: Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. I focused on the version info provided in the other parts of the report. Now where does that ancient version come from? It for sure has its share of bugs that have been fixed in the intervening nearly 15 years! Er ... great if mpg123 0.89o worked fine for you all that time;-) But really, what does this version do on a wheezy system? Miguel: What remains is my question about only i486 being built-in currently, is that intentional? Alrighty then, Thomas signature.asc Description: PGP signature
Bug#689659: mpg123 segfaults on specific file
Miguel: What remains is my question about only i486 being built-in currently, is that intentional? Hello: The Debian i386 architecture is supposed to support all i486 and later. The current package of mpg123 gets compiled with --with-cpu=x86_dither since the previous maintainer (from what I remember right now). The other architectures use the default values for this parameter. If the parameter --with-cpu=x86 is better suited for i486 and later then it could be changed. Hope this answers the question. - Miguel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689659: mpg123 segfaults on specific file
On Sat 2012-10-06 03:18:55, Thomas Orgis wrote: Am Fri, 5 Oct 2012 22:06:49 +0200 schrieb Pavel Machek pa...@ucw.cz: I cut this from the offending file, and it still causes the crash. Is it enough for debugging? Thanks for the data and no, I cannot reproduce a crash on my main system (not debian). I get valgrind to complain about overlapping memcpy in the ALSA library, but that's not new and not specific to the file. It does crash even if I just let it decode into a file. So that should not be alsa. I checked a i686 chroot, too, no issue. I guess I'd need to whip out a debian install/vm to reproduce. I have intentionally very old glibc here; before that infamous memcpy optimization ... which we very well might be dealing with here. But a test LD_PRELOAD checking for overlapping memcpy didn't trigger, neither. What is the infamous memcpy optimization? I tried brief google, but nothing. This? http://lwn.net/Articles/417881/ It has no details :-(. Can you run under valgrind to check memory issues? Hopefully I got valgrind right... pavel@amd:/tmp$ efence mpg123 mp3.bug/cut.mp3 -bash: efence: command not found pavel@amd:/tmp$ valgrind mpg123 mp3.bug/cut.mp3 ==18936== Memcheck, a memory error detector ==18936== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==18936== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==18936== Command: mpg123 mp3.bug/cut.mp3 ==18936== High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : O SNEHURCE Artist: IVAN MLADEK Album : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28 Comment: Directory: mp3.bug/ Playing MPEG stream from cut.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Illegal Audio-MPEG-Header 0xc7ae608a at offset 0x4e3. Skipped 159 bytes in input. ==18936== ==18936== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==18936== Bad permissions for mapped region at address 0x805EFFC ==18936==at 0x4028E3C: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Invalid read of size 1 ==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134) ==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273) ==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729) ==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119) ==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37) ==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Address 0x1eb is not stack'd, malloc'd or (recently) free'd ==18936== ==18936== ==18936== Process terminating with default action of signal 11 (SIGSEGV) ==18936== Access not within mapped region at address 0x1EB ==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134) ==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273) ==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729) ==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119) ==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37) ==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== If you believe this happened as a result of a stack ==18936== overflow in your program's main thread (unlikely but ==18936== possible), you can try to increase the size of the ==18936== main thread stack using the --main-stacksize= flag. ==18936== The main thread stack size used in this run was 8388608. ==18936== ==18936== HEAP SUMMARY: ==18936== in use at exit: 33,808 bytes in 2 blocks ==18936== total heap usage: 2 allocs, 0 frees, 33,808 bytes allocated ==18936== ==18936== LEAK SUMMARY: ==18936==definitely lost: 0 bytes in 0 blocks ==18936==indirectly lost: 0 bytes in 0 blocks ==18936== possibly lost: 0 bytes in 0 blocks ==18936==still reachable: 33,808 bytes in 2 blocks ==18936== suppressed: 0 bytes in 0 blocks ==18936== Rerun with --leak-check=full to see details of leaked memory ==18936== ==18936== For counts of detected and suppressed errors, rerun with: -v ==18936== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from 6) Segmentation fault -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#689659: mpg123 segfaults on specific file
On Fri 2012-10-05 15:35:43, Thomas Orgis wrote: Am Thu, 4 Oct 2012 22:51:03 +0200 schrieb Pavel Machek pa...@ucw.cz: Crash seems to be repeatable. Possible security problem? Could you send me the offending file? I cut this from the offending file, and it still causes the crash. Is it enough for debugging? Thanks, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html cut.mp3 Description: audio/mpeg
Bug#689659: mpg123 segfaults on specific file
Am Fri, 5 Oct 2012 22:06:49 +0200 schrieb Pavel Machek pa...@ucw.cz: I cut this from the offending file, and it still causes the crash. Is it enough for debugging? Thanks for the data and no, I cannot reproduce a crash on my main system (not debian). I get valgrind to complain about overlapping memcpy in the ALSA library, but that's not new and not specific to the file. I checked a i686 chroot, too, no issue. I guess I'd need to whip out a debian install/vm to reproduce. I have intentionally very old glibc here; before that infamous memcpy optimization ... which we very well might be dealing with here. But a test LD_PRELOAD checking for overlapping memcpy didn't trigger, neither. Can you run under valgrind to check memory issues? Alrighty then, Thomas signature.asc Description: PGP signature
Bug#689659: mpg123 segfaults on specific file
Subject: mpg123 segfaults on specific mp3 file Package: mpg123 Version: 1.14.2+svn20120622-1 Severity: important *** Please type your report below this line *** Crash seems to be repeatable. Possible security problem? pavel@amd:/data/picture/zoo7$ mpg123 /data/mp3/czech/mladek/1/02.O\ sněhurce.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : O SNEHURCE Artist: IVAN MLADEK Album : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28 Comment: Directory: /data/mp3/czech/mladek/1/ Playing MPEG stream from 02.O sněhurce.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Segmentation fault (core dumped) pavel@amd:/data/picture/zoo7$ gdb `which mpg123` core GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/local/bin/mpg123...(no debugging symbols found)...done. [New LWP 5148] warning: Can't read pathname for load map: Input/output error. Failed to read a valid object file image from memory. Core was generated by `mpg123 /data/mp3/czech/mladek/1/02.O sněhurce.mp3'. Program terminated with signal 11, Segmentation fault. #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 75 ../sysdeps/i386/i686/multiarch/../memcpy.S: No such file or directory. (gdb) bt #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 #1 0x0805cf90 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.6.0-rc6+ (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=) Shell: /bin/sh linked to /bin/dash Versions of packages mpg123 depends on: ii libc6 2.13-35 Embedded GNU C Library: Shared lib ii libltdl72.4.2-1.1A system independent dlopen wrappe ii libmpg123-0 1.14.2+svn20120622-1 MPEG layer 1/2/3 audio decoder (sh Versions of packages mpg123 recommends: ii libasoun 1.0.25-4shared library for ALSA applicatio ii libjack0 1:0.121.3+20120418git75e3e20b-2 JACK Audio Connection Kit (librari ii libopena 1:1.13-2Software implementation of the Ope ii libporta 19+svn2021-1Portable audio I/O - shared librar ii oss-comp 2 Open Sound System (OSS) compatibil Versions of packages mpg123 suggests: ii alsa-utils1.0.25-3 Utilities for configuring and usin pn jackd none (no description available) pn nas none (no description available) ii oss-compat2 Open Sound System (OSS) compatibil pn oss4-base none (no description available) ii pulseaudio1.1-3.2PulseAudio sound server -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org