from:"Pavel Machek"

Bug#691575: mpg123: repeatable segfault on specific mp3 file

2012-10-27 Thread Pavel Machek

Package: mpg123
Version: 1.14.2+svn20120622-1
Severity: important


mpg123 crashes on specific mp3 file. Crash seems to be reproducible.

pavel@amd:/data/picture/zoo7$ mpg123 /data/mp3/czech/mladek/1/02.O\
sněhurce.mp3 
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Title  : O SNEHURCE  Artist: IVAN MLADEK   
Album  : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28
Comment:

Directory: /data/mp3/czech/mladek/1/
Playing MPEG stream from 02.O sněhurce.mp3 ...
MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
Segmentation fault (core dumped)
pavel@amd:/data/picture/zoo7$ gdb `which mpg123` core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type show
copying
and show warranty for details.
This GDB was configured as i486-linux-gnu.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/local/bin/mpg123...(no debugging symbols
found)...done.
[New LWP 5148]

warning: Can't read pathname for load map: Input/output error.
Failed to read a valid object file image from memory.
Core was generated by `mpg123 /data/mp3/czech/mladek/1/02.O
sněhurce.mp3'.
Program terminated with signal 11, Segmentation fault.
#0  __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75
75  ../sysdeps/i386/i686/multiarch/../memcpy.S: No such file or
directory.
(gdb) bt
#0  __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75
#1  0x0805cf90 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) 



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.6.0-rc6+ (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=)
Shell: /bin/sh linked to /bin/dash

Versions of packages mpg123 depends on:
ii  libc6   2.13-35  Embedded GNU C Library: Shared lib
ii  libltdl72.4.2-1.1A system independent dlopen wrappe
ii  libmpg123-0 1.14.2+svn20120622-1 MPEG layer 1/2/3 audio decoder (sh

Versions of packages mpg123 recommends:
ii  libasoun 1.0.25-4shared library for ALSA applicatio
ii  libjack0 1:0.121.3+20120418git75e3e20b-2 JACK Audio Connection Kit (librari
ii  libopena 1:1.13-2Software implementation of the Ope
ii  libporta 19+svn2021-1Portable audio I/O - shared librar
ii  oss-comp 2   Open Sound System (OSS) compatibil

Versions of packages mpg123 suggests:
ii  alsa-utils1.0.25-3   Utilities for configuring and usin
pn  jackd none (no description available)
pn  nas   none (no description available)
ii  oss-compat2  Open Sound System (OSS) compatibil
pn  oss4-base none (no description available)
ii  pulseaudio1.1-3.2PulseAudio sound server

-- no debconf information

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#689659: mpg123 segfaults on specific file

2012-10-09 Thread Pavel Machek


 Holy macaroni! I totally overlooked that:
 
 Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp.

Oops, sorry about that. I had old version of mpg123 hiding in
/usr/local. I can confirm that right version works as expected...

Should I search for brown paper bag?
Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) 
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#689659: mpg123 segfaults on specific file

2012-10-06 Thread Pavel Machek

On Sat 2012-10-06 03:18:55, Thomas Orgis wrote:
 Am Fri, 5 Oct 2012 22:06:49 +0200
 schrieb Pavel Machek pa...@ucw.cz: 
 
  I cut this from the offending file, and it still causes the
  crash. Is it enough for debugging?
 
 Thanks for the data and no, I cannot reproduce a crash on my main
 system (not debian). I get valgrind to complain about overlapping
 memcpy in the ALSA library, but that's not new and not specific to the
 file.

It does crash even if I just let it decode into a file. So that should
not be alsa.

 I checked a i686 chroot, too, no issue. I guess I'd need to whip out a debian
 install/vm to reproduce. I have intentionally very old glibc here;
 before that infamous memcpy optimization ... which we very well might
 be dealing with here. But a test LD_PRELOAD checking for overlapping
 memcpy didn't trigger, neither.

What is the infamous memcpy optimization? I tried brief google, but
nothing. This? http://lwn.net/Articles/417881/ It has no details :-(.

 Can you run under valgrind to check memory issues?

Hopefully I got valgrind right...

pavel@amd:/tmp$ efence mpg123 mp3.bug/cut.mp3 
-bash: efence: command not found
pavel@amd:/tmp$ valgrind mpg123 mp3.bug/cut.mp3 
==18936== Memcheck, a memory error detector
==18936== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et
al.
==18936== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==18936== Command: mpg123 mp3.bug/cut.mp3
==18936== 
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Title  : O SNEHURCE  Artist: IVAN MLADEK   
Album  : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28
Comment:

Directory: mp3.bug/
Playing MPEG stream from cut.mp3 ...
MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
Illegal Audio-MPEG-Header 0xc7ae608a at offset 0x4e3.
Skipped 159 bytes in input.
==18936== 
==18936== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==18936==  Bad permissions for mapped region at address 0x805EFFC
==18936==at 0x4028E3C: memcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936== Invalid read of size 1
==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134)
==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273)
==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729)
==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119)
==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37)
==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3)
==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936==  Address 0x1eb is not stack'd, malloc'd or (recently) free'd
==18936== 
==18936== 
==18936== Process terminating with default action of signal 11
(SIGSEGV)
==18936==  Access not within mapped region at address 0x1EB
==18936==at 0x4008D11: check_match.8610 (dl-lookup.c:134)
==18936==by 0x400936A: do_lookup_x (dl-lookup.c:273)
==18936==by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729)
==18936==by 0x400DC15: _dl_fixup (dl-runtime.c:119)
==18936==by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37)
==18936==by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3)
==18936==by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936==  If you believe this happened as a result of a stack
==18936==  overflow in your program's main thread (unlikely but
==18936==  possible), you can try to increase the size of the
==18936==  main thread stack using the --main-stacksize= flag.
==18936==  The main thread stack size used in this run was 8388608.
==18936== 
==18936== HEAP SUMMARY:
==18936== in use at exit: 33,808 bytes in 2 blocks
==18936==   total heap usage: 2 allocs, 0 frees, 33,808 bytes
allocated
==18936== 
==18936== LEAK SUMMARY:
==18936==definitely lost: 0 bytes in 0 blocks
==18936==indirectly lost: 0 bytes in 0 blocks
==18936==  possibly lost: 0 bytes in 0 blocks
==18936==still reachable: 33,808 bytes in 2 blocks
==18936== suppressed: 0 bytes in 0 blocks
==18936== Rerun with --leak-check=full to see details of leaked memory
==18936== 
==18936== For counts of detected and suppressed errors, rerun with: -v
==18936== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from
6)
Segmentation fault



-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) 
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#689659: mpg123 segfaults on specific file

2012-10-05 Thread Pavel Machek

On Fri 2012-10-05 15:35:43, Thomas Orgis wrote:
 Am Thu, 4 Oct 2012 22:51:03 +0200
 schrieb Pavel Machek pa...@ucw.cz: 
 
  Crash seems to be repeatable. Possible security problem?
 
 Could you send me the offending file?

I cut this from the offending file, and it still causes the
crash. Is it enough for debugging?

Thanks,   
Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) 
http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html


cut.mp3
Description: audio/mpeg
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#689659: mpg123 segfaults on specific file

2012-10-04 Thread Pavel Machek

Subject: mpg123 segfaults on specific mp3 file
Package: mpg123
Version: 1.14.2+svn20120622-1
Severity: important

*** Please type your report below this line ***

Crash seems to be repeatable. Possible security problem?

pavel@amd:/data/picture/zoo7$ mpg123 /data/mp3/czech/mladek/1/02.O\
sněhurce.mp3 
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Title  : O SNEHURCE  Artist: IVAN MLADEK   
Album  : POHADKY A JINE POVIDACKYYear: 1994, Genre: 28
Comment:

Directory: /data/mp3/czech/mladek/1/
Playing MPEG stream from 02.O sněhurce.mp3 ...
MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
Segmentation fault (core dumped)
pavel@amd:/data/picture/zoo7$ gdb `which mpg123` core
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type show
copying
and show warranty for details.
This GDB was configured as i486-linux-gnu.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
Reading symbols from /usr/local/bin/mpg123...(no debugging symbols
found)...done.
[New LWP 5148]

warning: Can't read pathname for load map: Input/output error.
Failed to read a valid object file image from memory.
Core was generated by `mpg123 /data/mp3/czech/mladek/1/02.O
sněhurce.mp3'.
Program terminated with signal 11, Segmentation fault.
#0  __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75
75  ../sysdeps/i386/i686/multiarch/../memcpy.S: No such file or
directory.
(gdb) bt
#0  __memcpy_ia32 () at ../sysdeps/i386/i686/multiarch/../memcpy.S:75
#1  0x0805cf90 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb) 



-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.6.0-rc6+ (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=)
Shell: /bin/sh linked to /bin/dash

Versions of packages mpg123 depends on:
ii  libc6   2.13-35  Embedded GNU C Library: Shared lib
ii  libltdl72.4.2-1.1A system independent dlopen wrappe
ii  libmpg123-0 1.14.2+svn20120622-1 MPEG layer 1/2/3 audio decoder (sh

Versions of packages mpg123 recommends:
ii  libasoun 1.0.25-4shared library for ALSA applicatio
ii  libjack0 1:0.121.3+20120418git75e3e20b-2 JACK Audio Connection Kit (librari
ii  libopena 1:1.13-2Software implementation of the Ope
ii  libporta 19+svn2021-1Portable audio I/O - shared librar
ii  oss-comp 2   Open Sound System (OSS) compatibil

Versions of packages mpg123 suggests:
ii  alsa-utils1.0.25-3   Utilities for configuring and usin
pn  jackd none (no description available)
pn  nas   none (no description available)
ii  oss-compat2  Open Sound System (OSS) compatibil
pn  oss4-base none (no description available)
ii  pulseaudio1.1-3.2PulseAudio sound server

-- no debconf information

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#691575: mpg123: repeatable segfault on specific mp3 file

Bug#689659: mpg123 segfaults on specific file

Bug#689659: mpg123 segfaults on specific file

Bug#689659: mpg123 segfaults on specific file

Bug#689659: mpg123 segfaults on specific file

5 matches

Site Navigation

Mail list logo

Footer information