Bug#986031: ogmrip crashes on startup with "malloc(): unsorted double linked list corrupted"

[Bernhard Übelacker]

Dear Maintainer,
I tried to have a look and the segfault is really a result of the
previous g_param_spec_is_valid_name failures.

It looks like g_param_spec_is_valid_name got tightened lately to
not accept names with dashes anymore.

The following malloc corruption seems to originate in the backtrace below.
There the value pointer neither gets initialised, nor written to,
therefore the free fails.

Attached patch would replace thes "/" by "-" in the parameters
which get accepted by glib2.0.

I assume because of this issue this package is not usable at all,
therefore should be the severity increased?

Kind regards,
Bernhard


export MALLOC_CHECK_=3
(rr) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x7f11eae17537 in __GI_abort () at abort.c:79
#2  0x7f11eae70768 in __libc_message (action=action@entry=do_abort, 
fmt=fmt@entry=0x7f11eaf7ee2d "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x7f11eae77a5a in malloc_printerr (str=str@entry=0x7f11eaf7d05a "free(): 
invalid pointer") at malloc.c:5347
#4  0x7f11eae79ca6 in free_check (mem=0x55a02d91b8f0, caller=) at hooks.c:255
#5  0x55a02cd9ac41 in ogmrip_profiles_check_profile (section=0x55a02daae930 
"/apps/ogmrip/profiles/default-avi", error=error@entry=0x0) at 
ogmrip-profiles.c:155
#6  0x55a02cd9c7bf in ogmrip_profiles_dialog_add_profiles 
(dialog=dialog@entry=0x55a02d9d4410, reload=reload@entry=0) at 
ogmrip-profiles-dialog.c:157
#7  0x55a02cd9d0e5 in ogmrip_profiles_dialog_init (dialog=0x55a02d9d4410) 
at ogmrip-profiles-dialog.c:733
#8  0x7f11eb11b391 in g_type_create_instance (type=) at 
../../../gobject/gtype.c:1868
#9  0x7f11eb101615 in g_object_new_internal 
(class=class@entry=0x55a02d92f430, params=params@entry=0x0, 
n_params=n_params@entry=0) at ../../../gobject/gobject.c:1939
#10 0x7f11eb102b1d in g_object_new_with_properties 
(object_type=94146449298656, n_properties=0, names=names@entry=0x0, 
values=values@entry=0x0) at ../../../gobject/gobject.c:2107
#11 0x7f11eb1035f1 in g_object_new (object_type=, 
first_property_name=first_property_name@entry=0x0) at ../../../gobject/gobject.c:1779
#12 0x55a02cd9d149 in ogmrip_profiles_dialog_new () at 
ogmrip-profiles-dialog.c:741
#13 0x55a02cd8a21d in ogmrip_main_profiles_dialog_construct 
(data=0x55a02d8a1b20) at ogmrip-main.c:1751
#14 main (argc=, argv=) at ogmrip-main.c:3215
Bug-Debian: https://bugs.debian.org/986031
Last-Update: 2021-04-11

--- ogmrip-1.0.1.orig/libogmrip-gtk/ogmrip-gconf-settings.c
+++ ogmrip-1.0.1/libogmrip-gtk/ogmrip-gconf-settings.c
@@ -63,10 +63,10 @@ my_gconf_concat_dir_and_key (const gchar
 
   strcpy (retval, dir);
 
-  if (dir[dirlen-1] == '/')
+  if (dir[dirlen-1] == '-')
   {
 /* dir ends in slash, strip key slash if needed */
-if (*key == '/')
+if (*key == '-')
   ++key;
 
 strcpy (retval + dirlen, key);
@@ -76,9 +76,9 @@ my_gconf_concat_dir_and_key (const gchar
 /* Dir doesn't end in slash, add slash if key lacks one. */
 gchar* dest = retval + dirlen;
 
-if (*key != '/')
+if (*key != '-')
 {
-  *dest = '/';
+  *dest = '-';
   ++dest;
 }
   
--- ogmrip-1.0.1.orig/libogmrip-gtk/ogmrip-lavc-options.c
+++ ogmrip-1.0.1/libogmrip-gtk/ogmrip-lavc-options.c
@@ -39,25 +39,25 @@
 #define OGMRIP_IS_LAVC_DIALOG(obj)   (G_TYPE_CHECK_INSTANCE_TYPE ((obj), 
OGMRIP_TYPE_LAVC_DIALOG))
 #define OGMRIP_IS_LAVC_DIALOG_CLASS(obj) (G_TYPE_CHECK_CLASS_TYPE ((klass), 
OGMRIP_TYPE_LAVC_DIALOG))
 
-#define OGMRIP_LAVC_KEY_CMP OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_CMP
-#define OGMRIP_LAVC_KEY_PRECMP  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_PRECMP
-#define OGMRIP_LAVC_KEY_SUBCMP  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_SUBCMP
-#define OGMRIP_LAVC_KEY_DIA OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_DIA
-#define OGMRIP_LAVC_KEY_PREDIA  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_PREDIA
-#define OGMRIP_LAVC_KEY_KEYINT  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_KEYINT
-#define OGMRIP_LAVC_KEY_BUF_SIZEOGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_BUF_SIZE
-#define OGMRIP_LAVC_KEY_MIN_RATEOGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_MIN_RATE
-#define OGMRIP_LAVC_KEY_MAX_RATEOGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_MAX_RATE
-#define OGMRIP_LAVC_KEY_STRICT  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_STRICT
-#define OGMRIP_LAVC_KEY_DC  OGMRIP_LAVC_SECTION "/" OGMRIP_LAVC_PROP_DC
-#define OGMRIP_LAVC_KEY_MBD OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_MBD
-#define OGMRIP_LAVC_KEY_QNS OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_QNS
-#define OGMRIP_LAVC_KEY_VB_STRATEGY OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_VB_STRATEGY
-#define OGMRIP_LAVC_KEY_LAST_PRED   OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_LAST_PRED
-#define OGMRIP_LAVC_KEY_PREME   OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_PREME
-#define OGMRIP_LAVC_KEY_VQCOMP  OGMRIP_LAVC_SECTION "/" 
OGMRIP_LAVC_PROP_VQCOMP
-#define 

Bug#986031: ogmrip crashes on startup with "malloc(): unsorted double linked list corrupted"

[Stig Sandbeck Mathisen]

Package: ogmrip
Version: 1.0.1-3
Severity: normal

Dear Maintainer,

The "ogmrip" command fails to start after installation.  I installed the
package and typed the "ogmrip" command with no arguments.

When called from the command line, it exits with:

A large number of these:

** (ogmrip:7501): CRITICAL **: 12:28:41.392: ogmrip_settings_install_key: 
assertion 'G_IS_PARAM_SPEC (pspec)' failed

(ogmrip:7501): GLib-GObject-CRITICAL **: 12:28:41.392: 
g_param_spec_internal: assertion 'g_param_spec_is_valid_name (name)' failed

** (ogmrip:7501): CRITICAL **: 12:28:41.392: ogmrip_settings_install_key: 
assertion 'G_IS_PARAM_SPEC (pspec)' failed

(ogmrip:7501): GLib-GObject-CRITICAL **: 12:28:41.392: 
g_param_spec_internal: assertion 'g_param_spec_is_valid_name (name)' failed
  
** (ogmrip:7501): CRITICAL **: 12:28:41.392: ogmrip_settings_install_key: 
assertion 'G_IS_PARAM_SPEC (pspec)' failed

And then finally:

MP4Box - GPAC version 1.0.1-rev1.0.1+dfsg1-3
(c) 2000-2020 Telecom Paris distributed under LGPL v2.1+ - http://gpac.io

Please cite our work in your research:
GPAC Filters: https://doi.org/10.1145/3339825.3394929
GPAC: https://doi.org/10.1145/1291233.1291452

GPAC Configuration: --build=x86_64-linux-gnu --prefix=/usr 
--includedir=${prefix}/include --mandir=${prefix}/share/man 
--infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var 
--disable-option-checking --disable-silent-rules 
--libdir=${prefix}/lib/x86_64-linux-gnu --runstatedir=/run 
--disable-maintainer-mode --disable-dependency-tracking --prefix=/usr 
--libdir=lib/x86_64-linux-gnu --mandir=${prefix}/share/man --extra-cflags=-Wall 
-fPIC -DPIC -I/usr/include/mozjs -DXP_UNIX -Wdate-time -D_FORTIFY_SOURCE=2 -g 
-O2 -fdebug-prefix-map=/build/gpac-H8Ov47/gpac-1.0.1+dfsg1=. 
-fstack-protector-strong -Wformat -Werror=format-security 
--extra-ldflags=-Wl,-z,relro --enable-joystick --enable-debug --disable-ssl 
--verbose
Features: GPAC_CONFIG_LINUX GPAC_64_BITS GPAC_HAS_IPV6 GPAC_HAS_SOCK_UN 
GPAC_MINIMAL_ODF GPAC_HAS_QJS GPAC_HAS_FAAD GPAC_HAS_MAD GPAC_HAS_LIBA52 
GPAC_HAS_JPEG GPAC_HAS_PNG GPAC_HAS_FFMPEG GPAC_HAS_THEORA GPAC_HAS_VORBIS 
GPAC_HAS_XVID GPAC_HAS_LINUX_DVB  

(ogmrip:7501): GLib-GObject-CRITICAL **: 12:28:41.543: 
g_param_spec_internal: assertion 'g_param_spec_is_valid_name (name)' failed

** (ogmrip:7501): CRITICAL **: 12:28:41.543: ogmrip_settings_install_key: 
assertion 'G_IS_PARAM_SPEC (pspec)' failed

** (ogmrip:7501): WARNING **: 12:28:41.588: Cannot set key 
'container/format': no value
malloc(): unsorted double linked list corrupted


*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
 ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: bullseye/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'testing'), (499, 'stable'), (100, 
'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.10.0-5-amd64 (SMP w/24 CPU threads)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: default

Versions of packages ogmrip depends on:
ii  gconf-service   3.2.6-7
ii  gconf2  3.2.6-7
ii  gpac1.0.1+dfsg1-3
ii  lame3.100-3
ii  libc6   2.31-10
ii  libdbus-glib-1-20.110-6
ii  libdvdread8 6.1.1-2
ii  libenchant-2-2  2.2.15-1
ii  libgconf-2-43.2.6-7
ii  libgdk-pixbuf2.0-0  2.40.2-2
ii  libglade2-0 1:2.6.4-2.3
ii  libglib2.0-02.66.7-2
ii  libgtk2.0-0 2.24.33-1
ii  libnotify4  0.7.9-3
ii  libogg0 1.3.4-0.1
ii  libogmrip1  1.0.1-3
ii  libpango-1.0-0  1.46.2-3
ii  libpng16-16 1.6.37-3
ii  libtheora0  1.1.1+dfsg.1-15
ii  libtiff54.2.0-1
ii  libxml2 2.9.10+dfsg-6.3+b1
ii  mencoder2:1.4+ds1-1
ii  mkvtoolnix  52.0.0-1
ii  mplayer 2:1.4+ds1-1
ii  ogmrip-plugins  1.0.1-3
ii  ogmtools1:1.5-4+b3
ii  tesseract-ocr   4.1.1-2.1
ii  vorbis-tools1.4.0-11+b1

Versions of packages ogmrip recommends:
pn  ogmrip-ac3 
pn  ogmrip-dirac   
ii  ogmrip-doc 1.0.1-3
pn  ogmrip-mpeg
pn  ogmrip-oggz
pn  ogmrip-profiles
pn  ogmrip-video-copy  

ogmrip suggests no packages.

-- no debconf information