Bug#863416: jackeq: segmentation fault

[Chris Lamb]

tags 863416 + pending patch
thanks

I've uploaded jackeq 0.5.9-2.1 to DELAYED/5:
  
  jackeq (0.5.9-2.1) unstable; urgency=medium
  
* Non-maintainer upload.
* Fix segmentation fault caused by passing a truncated pointer instead of a
  GtkType. (Closes: #863416)

The full debdiff is attached.


Regards,

-- 
  ,''`.
 : :'  : Chris Lamb
 `. `'`  la...@debian.org / chris-lamb.co.uk
   `-
diffstat for jackeq-0.5.9 jackeq-0.5.9

 changelog   |8 
 patches/04-gtkmeter-truncated-pointer.patch |   26 ++
 patches/series  |1 +
 3 files changed, 35 insertions(+)

diff -Nru jackeq-0.5.9/debian/changelog jackeq-0.5.9/debian/changelog
--- jackeq-0.5.9/debian/changelog   2011-02-09 11:33:40.0 +
+++ jackeq-0.5.9/debian/changelog   2017-05-27 09:41:06.0 +0100
@@ -1,3 +1,11 @@
+jackeq (0.5.9-2.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix segmentation fault caused by passing a truncated pointer instead of a
+GtkType. (Closes: #863416)
+
+ -- Chris Lamb   Sat, 27 May 2017 09:41:06 +0100
+
 jackeq (0.5.9-2) unstable; urgency=low
 
   * Upload to unstable.
diff -Nru jackeq-0.5.9/debian/patches/04-gtkmeter-truncated-pointer.patch 
jackeq-0.5.9/debian/patches/04-gtkmeter-truncated-pointer.patch
--- jackeq-0.5.9/debian/patches/04-gtkmeter-truncated-pointer.patch 
1970-01-01 01:00:00.0 +0100
+++ jackeq-0.5.9/debian/patches/04-gtkmeter-truncated-pointer.patch 
2017-05-27 09:41:06.0 +0100
@@ -0,0 +1,26 @@
+--- jackeq-0.5.9.orig/src/gtkmeter.c
 jackeq-0.5.9/src/gtkmeter.c
+@@ -54,10 +54,10 @@ static float iec_scale(float db);
+ 
+ static GtkWidgetClass *parent_class = NULL;
+ 
+-guint
++GtkType
+ gtk_meter_get_type ()
+ {
+-  static guint meter_type = 0;
++  static GtkType meter_type = 0;
+ 
+   if (!meter_type)
+ {
+--- jackeq-0.5.9.orig/src/gtkmeter.h
 jackeq-0.5.9/src/gtkmeter.h
+@@ -104,7 +104,7 @@ GtkWidget* gtk_meter_new
+gfloat min,
+gfloat max);
+ 
+-guint  gtk_meter_get_type   (void);
++GtkTypegtk_meter_get_type   (void);
+ GtkAdjustment* gtk_meter_get_adjustment (GtkMeter *meter);
+ 
+ void   gtk_meter_set_adjustment (GtkMeter *meter,
diff -Nru jackeq-0.5.9/debian/patches/series jackeq-0.5.9/debian/patches/series
--- jackeq-0.5.9/debian/patches/series  2010-11-25 15:46:51.0 +
+++ jackeq-0.5.9/debian/patches/series  2017-05-27 09:41:06.0 +0100
@@ -1,3 +1,4 @@
 01-binutils_gold.patch
 02-l10n.patch
 03-pathmax.patch
+04-gtkmeter-truncated-pointer.patch

Bug#863416: jackeq: segmentation fault

[James Cowgill]

Control: clone -1 -2
Control: reassign -2 timemachine 0.3.3-2
Control: retitle -2 timemachine: segfaults on startup
Control: clone -1 -3
Control: reassign -3 kluppe 0.6.20-1
Control: retitle -3 kluppe: segfaults when pressing 'new looper'

Hi again,

On 26/05/17 16:42, James Cowgill wrote:
> On 26/05/17 16:30, James Cowgill wrote:
>> On 26/05/17 16:01, Alex Wilk wrote:
>>> Package: jackeq
>>> Version: 0.5.9-2+b2
>>> Severity: normal
>>>
>>> Dear Maintainer!
>>>
>>> ,
>>> | $ jackeq 
>>> | jackEQ 0.5.9
>>> | (c) 2003 - 2009 P. Shirkey
>>> | Featuring the DJEQ ladspa plugin by S. Harris
>>> | With assistance from J. O'Quin on the awesome Jack i/o dropdown menu
>>> | This is free software, and you are welcome to redistribute it
>>> | under certain conditions; see the file COPYING for details.
>>> | Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve 
>>> property `gtk-primary-button-warps-slider' of type `gboolean' from rc file 
>>> value "((GString*) 0x55e8dc961840)" of type `gboolean'
>>> | zsh: segmentation fault  jackeq
>>> `
>>
>> Unfortunately I cannot get jackeq to start at all so I'm raising the
>> severity.
>>
>> From a brief look in gdb, it seems that jackeq passes gtk a truncated
>> pointer. I expect this was triggered by the recent PIE rebuild exposing
>> the fact that jackeq is not 64-bit clean.
> 
> So the bug is in src/gtkmeter.c, where gtk_meter_get_type returns an
> unsigned int instead of a pointer. This code looked _very_ familiar
> because the exact same code has already been fixed in jamin! See #848672
> 
> Compare jamin from jessie with jackeq from stretch:
> https://sources.debian.net/src/jamin/0.97.14~cvs~81203-4/src/gtkmeter.c/
> https://sources.debian.net/src/jackeq/0.5.9-2/src/gtkmeter.c/
> 
> Code search:
> https://codesearch.debian.net/search?q=gtk_meter_get_type
> 
> So probably kluppe and timemachine are affected as well.

I've tested both kluppe and timemachine and they both segfault in
exactly the same place.

Kluppe segfaults when pressing "new looper" in the interface. Since this
seems to be a pretty critical feature of kluppe, I've kept the bug at
grave severity.

Timemachine just segfaults on startup like jackeq does.

Note you need a jack server running to reproduce both of these bugs.

Thanks,
James



signature.asc
Description: OpenPGP digital signature

Bug#863416: jackeq: segmentation fault

[James Cowgill]

On 26/05/17 16:30, James Cowgill wrote:
> Control: severity -1 grave
> 
> Hi
> 
> On 26/05/17 16:01, Alex Wilk wrote:
>> Package: jackeq
>> Version: 0.5.9-2+b2
>> Severity: normal
>>
>> Dear Maintainer!
>>
>> ,
>> | $ jackeq 
>> | jackEQ 0.5.9
>> | (c) 2003 - 2009 P. Shirkey
>> | Featuring the DJEQ ladspa plugin by S. Harris
>> | With assistance from J. O'Quin on the awesome Jack i/o dropdown menu
>> | This is free software, and you are welcome to redistribute it
>> | under certain conditions; see the file COPYING for details.
>> | Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve 
>> property `gtk-primary-button-warps-slider' of type `gboolean' from rc file 
>> value "((GString*) 0x55e8dc961840)" of type `gboolean'
>> | zsh: segmentation fault  jackeq
>> `
> 
> Unfortunately I cannot get jackeq to start at all so I'm raising the
> severity.
> 
> From a brief look in gdb, it seems that jackeq passes gtk a truncated
> pointer. I expect this was triggered by the recent PIE rebuild exposing
> the fact that jackeq is not 64-bit clean.

So the bug is in src/gtkmeter.c, where gtk_meter_get_type returns an
unsigned int instead of a pointer. This code looked _very_ familiar
because the exact same code has already been fixed in jamin! See #848672

Compare jamin from jessie with jackeq from stretch:
https://sources.debian.net/src/jamin/0.97.14~cvs~81203-4/src/gtkmeter.c/
https://sources.debian.net/src/jackeq/0.5.9-2/src/gtkmeter.c/

Code search:
https://codesearch.debian.net/search?q=gtk_meter_get_type

So probably kluppe and timemachine are affected as well.

*sighs at code duplication*

James



signature.asc
Description: OpenPGP digital signature

Bug#863416: jackeq: segmentation fault

[James Cowgill]

Control: severity -1 grave

Hi

On 26/05/17 16:01, Alex Wilk wrote:
> Package: jackeq
> Version: 0.5.9-2+b2
> Severity: normal
> 
> Dear Maintainer!
> 
> ,
> | $ jackeq 
> | jackEQ 0.5.9
> | (c) 2003 - 2009 P. Shirkey
> | Featuring the DJEQ ladspa plugin by S. Harris
> | With assistance from J. O'Quin on the awesome Jack i/o dropdown menu
> | This is free software, and you are welcome to redistribute it
> | under certain conditions; see the file COPYING for details.
> | Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve 
> property `gtk-primary-button-warps-slider' of type `gboolean' from rc file 
> value "((GString*) 0x55e8dc961840)" of type `gboolean'
> | zsh: segmentation fault  jackeq
> `

Unfortunately I cannot get jackeq to start at all so I'm raising the
severity.

From a brief look in gdb, it seems that jackeq passes gtk a truncated
pointer. I expect this was triggered by the recent PIE rebuild exposing
the fact that jackeq is not 64-bit clean.

Thanks for the report!
James



signature.asc
Description: OpenPGP digital signature

Bug#863416: jackeq: segmentation fault

[Alex Wilk]

Package: jackeq
Version: 0.5.9-2+b2
Severity: normal

Dear Maintainer!

,
| $ jackeq 
| jackEQ 0.5.9
| (c) 2003 - 2009 P. Shirkey
| Featuring the DJEQ ladspa plugin by S. Harris
| With assistance from J. O'Quin on the awesome Jack i/o dropdown menu
| This is free software, and you are welcome to redistribute it
| under certain conditions; see the file COPYING for details.
| Gtk-Message: (for origin information, set GTK_DEBUG): failed to retrieve 
property `gtk-primary-button-warps-slider' of type `gboolean' from rc file 
value "((GString*) 0x55e8dc961840)" of type `gboolean'
| zsh: segmentation fault  jackeq
`

Mit freundlichen Grüßen, Alex

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates'), (70, 
'unstable'), (35, 'experimental')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.30 (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages jackeq depends on:
ii  libatk1.0-0   2.22.0-1
ii  libc6 2.24-10
ii  libcairo2 1.14.8-1
ii  libfontconfig12.11.0-6.7+b1
ii  libfreetype6  2.6.3-3.2
ii  libgdk-pixbuf2.0-02.36.5-2
ii  libglib2.0-0  2.50.3-2
ii  libgtk2.0-0   2.24.31-2
ii  libjack-jackd2-0 [libjack-0.125]  1.9.10+20150825git1ed50c92~dfsg-5
ii  libpango-1.0-01.40.5-1
ii  libpangocairo-1.0-0   1.40.5-1
ii  libpangoft2-1.0-0 1.40.5-1
ii  libxml2   2.9.4+dfsg1-2.2
ii  swh-plugins   0.4.17-2

Versions of packages jackeq recommends:
ii  jackd  5

jackeq suggests no packages.

-- no debconf information