Bug#691575: mpg123: repeatable segfault on specific mp3 file
Package: mpg123 Version: 1.14.2+svn20120622-1 Severity: important mpg123 crashes on specific mp3 file. Crash seems to be reproducible. pavel@amd:/data/picture/zoo7$ mpg123 /data/mp3/czech/mladek/1/02.O\ sněhurce.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : O SNEHURCE Artist: IVAN MLADEK Album : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28 Comment: Directory: /data/mp3/czech/mladek/1/ Playing MPEG stream from 02.O sněhurce.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Segmentation fault (core dumped) pavel@amd:/data/picture/zoo7$ gdb `which mpg123` core GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/local/bin/mpg123...(no debugging symbols found)...done. [New LWP 5148] warning: Can't read pathname for load map: Input/output error. Failed to read a valid object file image from memory. Core was generated by `mpg123 /data/mp3/czech/mladek/1/02.O sněhurce.mp3'. Program terminated with signal 11, Segmentation fault. #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 75 ../sysdeps/i386/i686/multiarch/../memcpy.S: No such file or directory. (gdb) bt #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 #1 0x0805cf90 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.6.0-rc6+ (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=) Shell: /bin/sh linked to /bin/dash Versions of packages mpg123 depends on: ii libc6 2.13-35 Embedded GNU C Library: Shared lib ii libltdl72.4.2-1.1A system independent dlopen wrappe ii libmpg123-0 1.14.2+svn20120622-1 MPEG layer 1/2/3 audio decoder (sh Versions of packages mpg123 recommends: ii libasoun 1.0.25-4shared library for ALSA applicatio ii libjack0 1:0.121.3+20120418git75e3e20b-2 JACK Audio Connection Kit (librari ii libopena 1:1.13-2Software implementation of the Ope ii libporta 19+svn2021-1Portable audio I/O - shared librar ii oss-comp 2 Open Sound System (OSS) compatibil Versions of packages mpg123 suggests: ii alsa-utils1.0.25-3 Utilities for configuring and usin pn jackd none (no description available) pn nas none (no description available) ii oss-compat2 Open Sound System (OSS) compatibil pn oss4-base none (no description available) ii pulseaudio1.1-3.2PulseAudio sound server -- no debconf information ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#689659: mpg123 segfaults on specific file
Holy macaroni! I totally overlooked that: Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Oops, sorry about that. I had old version of mpg123 hiding in /usr/local. I can confirm that right version works as expected... Should I search for brown paper bag? Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#689659: mpg123 segfaults on specific file
On Sat 2012-10-06 03:18:55, Thomas Orgis wrote: Am Fri, 5 Oct 2012 22:06:49 +0200 schrieb Pavel Machek pa...@ucw.cz: I cut this from the offending file, and it still causes the crash. Is it enough for debugging? Thanks for the data and no, I cannot reproduce a crash on my main system (not debian). I get valgrind to complain about overlapping memcpy in the ALSA library, but that's not new and not specific to the file. It does crash even if I just let it decode into a file. So that should not be alsa. I checked a i686 chroot, too, no issue. I guess I'd need to whip out a debian install/vm to reproduce. I have intentionally very old glibc here; before that infamous memcpy optimization ... which we very well might be dealing with here. But a test LD_PRELOAD checking for overlapping memcpy didn't trigger, neither. What is the infamous memcpy optimization? I tried brief google, but nothing. This? http://lwn.net/Articles/417881/ It has no details :-(. Can you run under valgrind to check memory issues? Hopefully I got valgrind right... pavel@amd:/tmp$ efence mpg123 mp3.bug/cut.mp3 -bash: efence: command not found pavel@amd:/tmp$ valgrind mpg123 mp3.bug/cut.mp3 ==18936== Memcheck, a memory error detector ==18936== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al. ==18936== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info ==18936== Command: mpg123 mp3.bug/cut.mp3 ==18936== High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : O SNEHURCE Artist: IVAN MLADEK Album : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28 Comment: Directory: mp3.bug/ Playing MPEG stream from cut.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Illegal Audio-MPEG-Header 0xc7ae608a at offset 0x4e3. Skipped 159 bytes in input. ==18936== ==18936== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==18936== Bad permissions for mapped region at address 0x805EFFC ==18936==at 0x4028E3C: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Invalid read of size 1 ==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134) ==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273) ==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729) ==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119) ==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37) ==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== Address 0x1eb is not stack'd, malloc'd or (recently) free'd ==18936== ==18936== ==18936== Process terminating with default action of signal 11 (SIGSEGV) ==18936== Access not within mapped region at address 0x1EB ==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134) ==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273) ==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729) ==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119) ==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37) ==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3) ==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123) ==18936== If you believe this happened as a result of a stack ==18936== overflow in your program's main thread (unlikely but ==18936== possible), you can try to increase the size of the ==18936== main thread stack using the --main-stacksize= flag. ==18936== The main thread stack size used in this run was 8388608. ==18936== ==18936== HEAP SUMMARY: ==18936== in use at exit: 33,808 bytes in 2 blocks ==18936== total heap usage: 2 allocs, 0 frees, 33,808 bytes allocated ==18936== ==18936== LEAK SUMMARY: ==18936==definitely lost: 0 bytes in 0 blocks ==18936==indirectly lost: 0 bytes in 0 blocks ==18936== possibly lost: 0 bytes in 0 blocks ==18936==still reachable: 33,808 bytes in 2 blocks ==18936== suppressed: 0 bytes in 0 blocks ==18936== Rerun with --leak-check=full to see details of leaked memory ==18936== ==18936== For counts of detected and suppressed errors, rerun with: -v ==18936== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from 6) Segmentation fault -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#689659: mpg123 segfaults on specific file
On Fri 2012-10-05 15:35:43, Thomas Orgis wrote: Am Thu, 4 Oct 2012 22:51:03 +0200 schrieb Pavel Machek pa...@ucw.cz: Crash seems to be repeatable. Possible security problem? Could you send me the offending file? I cut this from the offending file, and it still causes the crash. Is it enough for debugging? Thanks, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html cut.mp3 Description: audio/mpeg ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
Bug#689659: mpg123 segfaults on specific file
Subject: mpg123 segfaults on specific mp3 file Package: mpg123 Version: 1.14.2+svn20120622-1 Severity: important *** Please type your report below this line *** Crash seems to be repeatable. Possible security problem? pavel@amd:/data/picture/zoo7$ mpg123 /data/mp3/czech/mladek/1/02.O\ sněhurce.mp3 High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3. Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp. Uses code from various people. See 'README' for more! THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK! Title : O SNEHURCE Artist: IVAN MLADEK Album : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28 Comment: Directory: /data/mp3/czech/mladek/1/ Playing MPEG stream from 02.O sněhurce.mp3 ... MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo Segmentation fault (core dumped) pavel@amd:/data/picture/zoo7$ gdb `which mpg123` core GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as i486-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/local/bin/mpg123...(no debugging symbols found)...done. [New LWP 5148] warning: Can't read pathname for load map: Input/output error. Failed to read a valid object file image from memory. Core was generated by `mpg123 /data/mp3/czech/mladek/1/02.O sněhurce.mp3'. Program terminated with signal 11, Segmentation fault. #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 75 ../sysdeps/i386/i686/multiarch/../memcpy.S: No such file or directory. (gdb) bt #0 __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75 #1 0x0805cf90 in ?? () Backtrace stopped: previous frame inner to this frame (corrupt stack?) (gdb) -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 3.6.0-rc6+ (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=) Shell: /bin/sh linked to /bin/dash Versions of packages mpg123 depends on: ii libc6 2.13-35 Embedded GNU C Library: Shared lib ii libltdl72.4.2-1.1A system independent dlopen wrappe ii libmpg123-0 1.14.2+svn20120622-1 MPEG layer 1/2/3 audio decoder (sh Versions of packages mpg123 recommends: ii libasoun 1.0.25-4shared library for ALSA applicatio ii libjack0 1:0.121.3+20120418git75e3e20b-2 JACK Audio Connection Kit (librari ii libopena 1:1.13-2Software implementation of the Ope ii libporta 19+svn2021-1Portable audio I/O - shared librar ii oss-comp 2 Open Sound System (OSS) compatibil Versions of packages mpg123 suggests: ii alsa-utils1.0.25-3 Utilities for configuring and usin pn jackd none (no description available) pn nas none (no description available) ii oss-compat2 Open Sound System (OSS) compatibil pn oss4-base none (no description available) ii pulseaudio1.1-3.2PulseAudio sound server -- no debconf information ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers