subject:"Bug#818037\: vorbis\-tools\: vcut always\(\?\) segfaults"

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-19 Thread Frank Heckenbach

> I debugged it and found the problem. It was a simple indexing problem
> that seemed to have slipped away during quite some time because of a 
> lucky memory layout: The pointer resulting from the wrong indexing 
> points to the stack and therefore to valid memory (in terms of memory 
> management), unless the block is too big. Now the memory layout has 
> changed for some reason (GCC 5?), therefore we read a different value as 
> block size, the block is too big for the stack and we get the 
> segmentation faults.

Not GCC 5, jessie still uses 4.9.2 (and I tried rebuilding it
myself, same bug), but anyway.

> The patch is in the git repository.

Where can I get it (just the patch, so I can try it against the
jessie version)?

https://git.xiph.org/ says:
vorbis-tools.git ... Last change 5 months ago

Regards,
Frank

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-19 Thread Martin Steghöfer


Frank Heckenbach wrote:

The patch is in the git repository.

Where can I get it (just the patch, so I can try it against the
jessie version)?

https://git.xiph.org/ says:
vorbis-tools.git ... Last change 5 months ago


It's not yet in the upstream git repository (I submitted the patch 
through their bug tracker, but someone from upstream has to check it and 
apply it), but in our (the Debian package's) git repository.


You can find the patch here:

https://anonscm.debian.org/cgit/pkg-xiph/vorbis-tools.git/tree/debian/patches/Fix-segfault-in-vcut.patch

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-18 Thread Frank Heckenbach

> It's not yet in the upstream git repository (I submitted the patch
> through their bug tracker, but someone from upstream has to check it and 
> apply it), but in our (the Debian package's) git repository.
> 
> You can find the patch here:
> 
> https://anonscm.debian.org/cgit/pkg-xiph/vorbis-tools.git/tree/debian/patches/Fix-segfault-in-vcut.patch

Seems to work for me. Thanks.

Frank

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-14 Thread Martin Steghöfer


tags 818037 + pending
thanks


Frank Heckenbach wrote:

Sorry for the brief description, but for what I can tell, that's
really it. I tried various cases, and vcut always seems to just
segfault. Here's one example:

% head -c 50 /dev/zero | oggenc -Q -r -o 1.ogg -
% vcut 1.ogg 2.ogg 3.ogg +1
Processing: Cutting at 1,00 seconds
Segmentation fault

Tried on both i386 and amd64.

It did work correctly under squeeze and wheezy.


Thanks for the report!

I debugged it and found the problem. It was a simple indexing problem 
that seemed to have slipped away during quite some time because of a 
lucky memory layout: The pointer resulting from the wrong indexing 
points to the stack and therefore to valid memory (in terms of memory 
management), unless the block is too big. Now the memory layout has 
changed for some reason (GCC 5?), therefore we read a different value as 
block size, the block is too big for the stack and we get the 
segmentation faults.


The patch is in the git repository.

Cheers,
Martin

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-13 Thread Petter Reinholdtsen

[Frank Heckenbach]
> Sorry for the brief description, but for what I can tell, that's
> really it. I tried various cases, and vcut always seems to just
> segfault. Here's one example:
>
> % head -c 50 /dev/zero | oggenc -Q -r -o 1.ogg -
> % vcut 1.ogg 2.ogg 3.ogg +1
> Processing: Cutting at 1,00 seconds
> Segmentation fault

I see the same, and this is the output from valgrind:

% valgrind vcut 1.ogg 2.ogg 3.ogg +1
==27037== Memcheck, a memory error detector
==27037== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==27037== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==27037== Command: vcut 1.ogg 2.ogg 3.ogg +1
==27037== 
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so:
--27037-- Ignoring non-Dwarf2/3/4 block in .debug_info
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so:
--27037-- Last block truncated in .debug_info; ignoring
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/ld-2.22.so:
--27037-- parse_CU_Header: is neither DWARF2 nor DWARF3 nor DWARF4
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so:
--27037-- Ignoring non-Dwarf2/3/4 block in .debug_info
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so:
--27037-- Ignoring non-Dwarf2/3/4 block in .debug_info
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so:
--27037-- Ignoring non-Dwarf2/3/4 block in .debug_info
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so:
--27037-- Last block truncated in .debug_info; ignoring
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libc-2.22.so:
--27037-- parse_CU_Header: is neither DWARF2 nor DWARF3 nor DWARF4
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so:
--27037-- Ignoring non-Dwarf2/3/4 block in .debug_info
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so:
--27037-- Last block truncated in .debug_info; ignoring
--27037-- WARNING: Serious error when reading debug info
--27037-- When reading debug info from /lib/x86_64-linux-gnu/libm-2.22.so:
--27037-- parse_CU_Header: is neither DWARF2 nor DWARF3 nor DWARF4
Processing: Cutting at 1.00 seconds
==27037== Invalid read of size 1
==27037==at 0x4C2E7E6: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:1018)
==27037==by 0x5064202: ogg_stream_iovecin (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
==27037==by 0x506435B: ogg_stream_packetin (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
==27037==by 0x401A4D: ??? (in /usr/bin/vcut)
==27037==by 0x401BDB: ??? (in /usr/bin/vcut)
==27037==by 0x402029: ??? (in /usr/bin/vcut)
==27037==by 0x4023BA: ??? (in /usr/bin/vcut)
==27037==by 0x4025C2: ??? (in /usr/bin/vcut)
==27037==by 0x4014F7: ??? (in /usr/bin/vcut)
==27037==by 0x528B60F: (below main) (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27037==  Address 0xfff001000 is not stack'd, malloc'd or (recently) free'd
==27037== 
==27037== 
==27037== Process terminating with default action of signal 11 (SIGSEGV)
==27037==  Access not within mapped region at address 0xFFF001000
==27037==at 0x4C2E7E6: memcpy@@GLIBC_2.14 (vg_replace_strmem.c:1018)
==27037==by 0x5064202: ogg_stream_iovecin (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
==27037==by 0x506435B: ogg_stream_packetin (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
==27037==by 0x401A4D: ??? (in /usr/bin/vcut)
==27037==by 0x401BDB: ??? (in /usr/bin/vcut)
==27037==by 0x402029: ??? (in /usr/bin/vcut)
==27037==by 0x4023BA: ??? (in /usr/bin/vcut)
==27037==by 0x4025C2: ??? (in /usr/bin/vcut)
==27037==by 0x4014F7: ??? (in /usr/bin/vcut)
==27037==by 0x528B60F: (below main) (in /lib/x86_64-linux-gnu/libc-2.22.so)
==27037==  If you believe this happened as a result of a stack
==27037==  overflow in your program's main thread (unlikely but
==27037==  possible), you can try to increase the size of the
==27037==  main thread stack using the --main-stacksize= flag.
==27037==  The main thread stack size used in this run was 8388608.
==27037== 
==27037== HEAP SUMMARY:
==27037== in use at exit: 97,967,813 bytes in 116 blocks
==27037==   total heap usage: 121 allocs, 5 frees, 97,996,535 bytes allocated
==27037== 
==27037== LEAK SUMMARY:
==27037==definitely lost: 0 bytes in 0 blocks
==27037==indirectly lost: 0 bytes in 0 blocks
==27037==

Bug#818037: vorbis-tools: vcut always(?) segfaults

2016-03-12 Thread Frank Heckenbach

Package: vorbis-tools
Version: 1.4.0-6
Severity: grave
File: /usr/bin/vcut
Justification: renders package unusable

Sorry for the brief description, but for what I can tell, that's
really it. I tried various cases, and vcut always seems to just
segfault. Here's one example:

% head -c 50 /dev/zero | oggenc -Q -r -o 1.ogg -
% vcut 1.ogg 2.ogg 3.ogg +1
Processing: Cutting at 1,00 seconds
Segmentation fault

Tried on both i386 and amd64.

It did work correctly under squeeze and wheezy.

-- System Information:
Debian Release: 8.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vorbis-tools depends on:
ii  libao4   1.1.0-3
ii  libc62.19-18+deb8u4
ii  libcurl3-gnutls  7.38.0-4+deb8u3
ii  libflac8 1.3.0-3
ii  libogg0  1.3.2-1
ii  libspeex11.2~rc1.2-1
ii  libvorbis0a  1.3.4-2
ii  libvorbisenc21.3.4-2
ii  libvorbisfile3   1.3.4-2

vorbis-tools recommends no packages.

vorbis-tools suggests no packages.

-- no debconf information

Bug#818037: vorbis-tools: vcut always(?) segfaults

Bug#818037: vorbis-tools: vcut always(?) segfaults

Bug#818037: vorbis-tools: vcut always(?) segfaults

Bug#818037: vorbis-tools: vcut always(?) segfaults

Bug#818037: vorbis-tools: vcut always(?) segfaults

Bug#818037: vorbis-tools: vcut always(?) segfaults

6 matches

Site Navigation

Mail list logo

Footer information