Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Control: fixed -1 0.3.1-1 Hi, On 08/03/18 00:11, Серж ИвановЪ wrote: > The issue can be fixed using 2 upstream patches: > > https://github.com/OpenMPT/openmpt/commit/6f8f7be5848be8c4487b1779c332b802674f6747.patch > > https://github.com/OpenMPT/openmpt/commit/133007530cbe737f4b56db907aa6baee0ea5b17d.patch > > applied to sources in this order, after recompile no segmentation faults > were encountered. > > those patches can be squashed for convenience to single patch. Thanks for this (and to Michael for the way to reproduce this). While I agree that these patches are an improvement, I'm not convinced that they need to be applied to stable. It seems to me there is also a bug in freeswitch here which reduced the stack size and proceeds to dlopen some libraries without understanding the full implications of this. James signature.asc Description: OpenPGP digital signature
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
The issue can be fixed using 2 upstream patches: https://github.com/OpenMPT/openmpt/commit/6f8f7be5848be8c4487b1779c332b802674f6747.patch https://github.com/OpenMPT/openmpt/commit/133007530cbe737f4b56db907aa6baee0ea5b17d.patch applied to sources in this order, after recompile no segmentation faults were encountered. those patches can be squashed for convenience to single patch.
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Am Mittwoch, den 07.03.2018, 09:32 -0500 schrieb s3rj1k: > Using this shared library with external application creates segfault > with memcopy related functions. Since you are mentioning memcpy(), maybe the code calls it with overlapping source and destination pointers and -O3 optimizes this to call memmove() instead? - Fabian signature.asc Description: This is a digitally signed message part
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Attached full bt log of gdb and valgrind log with debug-symbols package installed Unfortunately can't test this with other applications (ffmpeg ...) bt.tar.gz Description: application/gzip
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
On 07/03/18 15:58, Серж ИвановЪ wrote: > Unfortunately freeswitch (the actual application) is not available in > deb archive. > > How can I provide addition info on this issue? It would be useful to know what in libopenmpt was causing this. Can you add this to your APT sources.list: deb http://deb.debian.org/debian-debug/ stretch-debug main Then run "apt update; apt install libopenmpt0-dbgsym" If you generate your backtrace with gdb now, it should tell you what in libopenmpt triggered the bug. Running freeswitch inside valgrind might show some issues. Do other programs which use libopenmpt work - like ffmpeg and openmpt123? James signature.asc Description: OpenPGP digital signature
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Unfortunately freeswitch (the actual application) is not available in deb archive. How can I provide addition info on this issue?
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Hi, On 07/03/18 15:13, Серж ИвановЪ wrote: > Attached additional info, core dump and gdb backtrace log Thanks, although I can't read the core dump without the binaries it runs from. Can you reproduce the bug using binaries only found in the Debian archive? James signature.asc Description: OpenPGP digital signature
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Hi, On 07/03/18 14:32, s3rj1k wrote: > Package: libopenmpt0 > Version: 0.2.7386~beta20.3-3+deb9u2 > Severity: important > > Dear Maintainer, > > Using this shared library with external application creates segfault > with memcopy related functions. I'm not sure I understand what you mean. Do you have any logs? A stack backtrace? Specifically what commands do you run to get the segfault? > This can be avoided if one would recompile with -O3 optimization as actually > does upstream in their makefile (not autotool sources) > > Adding this to rules effectively fixes issue: > > export DEB_CXXFLAGS_MAINT_APPEND = -O3 If this flag genuinely does fix the segfault, then there's likely some undefined behavior in libopenmpt which the compiler is exploiting and your suggested fix would just hide the real bug. Thanks, James signature.asc Description: OpenPGP digital signature
Bug#892272: libopenmpt0: segfaults with memcopy if loaded from external application
Package: libopenmpt0 Version: 0.2.7386~beta20.3-3+deb9u2 Severity: important Dear Maintainer, Using this shared library with external application creates segfault with memcopy related functions. This can be avoided if one would recompile with -O3 optimization as actually does upstream in their makefile (not autotool sources) Adding this to rules effectively fixes issue: export DEB_CXXFLAGS_MAINT_APPEND = -O3 -- System Information: Debian Release: 9.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libopenmpt0 depends on: ii libc6 2.24-11+deb9u1 ii libgcc1 1:6.3.0-18+deb9u1 ii libmpg123-0 1.23.8-1+b1 ii libstdc++6 6.3.0-18+deb9u1 ii libvorbis0a 1.3.5-4+deb9u1 ii libvorbisfile3 1.3.5-4+deb9u1 ii zlib1g 1:1.2.8.dfsg-5 libopenmpt0 recommends no packages. libopenmpt0 suggests no packages. -- no debconf information
