Package: daisy-player Version: 11.6.1.1-1 Severity: normal Dear Maintainer,
Tryig to read the book 1Brochure-DAISY-Consortium.zip downloadable at http://www.daisy.org/sample-content#t11 leads to a buffer overflow which is detected by the libc and results with process abortion: Backtrace running under GDB: *** buffer overflow detected ***: /usr/bin/daisy-player terminated Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 #1 0x00007ffff6ee22f1 in __GI_abort () at abort.c:79 #2 0x00007ffff6f23867 in __libc_message (action=(do_abort | do_backtrace), fmt=fmt@entry=0x7ffff702d061 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181 #3 0x00007ffff6fb449e in __GI___fortify_fail_abort (need_backtrace=need_backtrace@entry=true, msg=msg@entry=0x7ffff702cfde "buffer overflow detected") at fortify_fail.c:33 #4 0x00007ffff6fb44d1 in __GI___fortify_fail (msg=msg@entry=0x7ffff702cfde "buffer overflow detected") at fortify_fail.c:44 #5 0x00007ffff6fb2390 in __GI___chk_fail () at chk_fail.c:28 #6 0x00007ffff6fb17c9 in __strncpy_chk (s1=<optimized out>, s2=<optimized out>, n=<optimized out>, s1len=s1len@entry=100) at strncpy_chk.c:26 #7 0x00005555555698f8 in strncpy (__len=<optimized out>, __src=<optimized out>, __dest=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106 #8 get_label_2 (misc=misc@entry=0x7fffffffc6e0, daisy=daisy@entry=0x555555634400, indent=indent@entry=1) at daisy2.02.c:173 #9 0x0000555555569c4d in fill_daisy_struct_2 (misc=0x7fffffffc6e0, my_attribute=0x7fffffffb2c0, daisy=0x555555634400) at daisy2.02.c:265 #10 0x000055555555af19 in main (argc=<optimized out>, argv=<optimized out>) at daisy-player.c:2186 -- System Information: Debian Release: buster/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages daisy-player depends on: ii libc6 2.27-6 ii libcdio-cdda2 10.2+0.94+2-4 ii libcdio-paranoia2 10.2+0.94+2-4 ii libcdio18 2.0.0-2 ii libmad0 0.15.1b-9 ii libmagic1 1:5.34-2 ii libncursesw6 6.1+20181013-1 ii libpulse0 12.0-1 ii libsox-fmt-mp3 14.4.2-3 ii libsox-fmt-pulse 14.4.2-3 ii libsox3 14.4.2-3 ii libtinfo6 6.1+20181013-1 ii libxml2 2.9.4+dfsg1-7+b1 ii udisks2 2.8.1-1 ii unar 1.10.1-2+b2 Versions of packages daisy-player recommends: ii libcddb-get-perl 2.28-2 daisy-player suggests no packages. -- debconf-show failed