Package: libxvidcore4
Version: 2:1.3.5-1
Severity: grave
Tags: sid bullseye
Hi,
Just over a month ago xvidcore was binNMUed and this seems to have
triggered a bug somewhere and now any application which tries to
initialize libxvidcore will segfault.
Test app:
#include
#include
int main(void)
{
xvid_gbl_init_t init = {
.version = XVID_VERSION,
.cpu_flags = 0,
.debug = 0,
};
xvid_global(NULL, XVID_GBL_INIT, , NULL);
return 0;
}
$ gcc -o xvid-test xvid-test.c -lxvidcore
$ ./xvid-test
Segmentation fault (core dumped)
The crash happens here:
Program received signal SIGSEGV, Segmentation fault.
0x77f22940 in check_cpu_features () from
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4
(gdb) bt
#0 0x77f22940 in check_cpu_features () from
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4
#1 0x77e9c15b in detect_cpu_flags () at ../../src/xvid.c:156
#2 0x77e9d265 in xvid_gbl_init (init=0x7fffdee4,
init=0x7fffdee4) at ../../src/xvid.c:793
#3 xvid_global (handle=, opt=,
param1=0x7fffdee4, param2=) at ../../src/xvid.c:816
#4 0x516d in main ()
Which in turn seems to happen because the check_cpu_features function is
in a non-executable read only memory region.
$ /proc/4658/maps
[...]
77e87000-77e8b000 rw-p 00:00 0
77e8b000-77e8d000 r--p fd:00 954232
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3
77e8d000-77ef5000 r-xp 2000 fd:00 954232
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3
[vvv]
77ef5000-77f2b000 r--p 0006a000 fd:00 954232
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3
[^^^]
77f2b000-77f2c000 r--p 0009f000 fd:00 954232
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3
77f2c000-77f36000 rw-p 000a fd:00 954232
/usr/lib/x86_64-linux-gnu/libxvidcore.so.4.3
77f36000-77fa1000 rw-p 00:00 0
[...]
Indeed readelf contains some non-executable program headers in
2:1.3.5-1+b1 which do not appear in 2:1.3.5-1 in buster. The
".rotext" section sounds suspicious.
2:1.3.5-1+b1:
$ readelf -l /usr/lib/x86_64-linux-gnu/libxvidcore.so.4
[...]
Program Headers:
Type Offset VirtAddr PhysAddr
FileSizMemSiz Flags Align
LOAD 0x 0x 0x
0x18a8 0x18a8 R 0x1000
LOAD 0x2000 0x2000 0x2000
0x000673c9 0x000673c9 R E0x1000
LOAD 0x0006a000 0x0006a000 0x0006a000
0x00035088 0x00035088 R 0x1000
LOAD 0x0009fb90 0x000a0b90 0x000a0b90
0x98d0 0x00073138 RW 0x1000
[...]
00 .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version
.gnu.version_r .rela.dyn .rela.plt
01 .init .plt .plt.got .text .fini
02 .rodata .rotext .eh_frame_hdr .eh_frame
03 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss
2:1.3.5-1:
$ readelf -l /usr/lib/x86_64-linux-gnu/libxvidcore.so.4
[...]
Program Headers:
Type Offset VirtAddr PhysAddr
FileSizMemSiz Flags Align
LOAD 0x 0x 0x
0x0009da50 0x0009da50 R E0x20
LOAD 0x0009db90 0x0029db90 0x0029db90
0x98d0 0x00073138 RW 0x20
[...]
00 .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version
.gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata
.rotext .eh_frame_hdr .eh_frame
01 .init_array .fini_array .data.rel.ro .dynamic .got .data .bss
James
signature.asc
Description: OpenPGP digital signature