subject:"Bug#591525\: mplayer\: Segfault due to missing input sanitation on playlist files"

Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

2010-08-04 Thread Adrian Knoth

tag 591525 +patch
thanks

On Tue, Aug 03, 2010 at 08:31:29PM +0200, Josef Spillner wrote:

 Tags: upstream
 
 It is easily possible to crash mplayer through specially-crafted
 playlist files.  Instead of crashing, the application should return
 with a proper exit code.

Confirmed, reproduced and addressed. Reinhard, can you take care to
apply the attached patch and forward it to upstream?



HTH

-- 
mail: a...@thur.de  http://adi.thur.de  PGP/GPG: key via keyserver
diff --git a/debian/patches/25playlist.patch b/debian/patches/25playlist.patch
new file mode 100644
index 000..49b0453
--- /dev/null
+++ b/debian/patches/25playlist.patch
@@ -0,0 +1,19 @@
+From: Adrian Knoth a...@drcomp.erfurt.thur.de
+Bug-Debian: http://bugs.debian.org/591525
+Description: Fix segfault on empty playlist
+--- a/playtree.c
 b/playtree.c
+@@ -206,6 +206,13 @@ play_tree_set_child(play_tree_t* pt, play_tree_t* child) {
+   assert(pt-entry_type == PLAY_TREE_ENTRY_NODE);
+ #endif
+ 
++  /* Roughly validate input data. Both, pt and child are going to be
++   * dereferenced, hence assure they're not NULL.
++   */
++  if (NULL == pt || NULL == child) {
++  return;
++  }
++
+   //DEBUG_FF: Where are the children freed?
+   // Attention in using this function!
+   for(iter = pt-child ; iter != NULL ; iter = iter-next)
diff --git a/debian/patches/series b/debian/patches/series
index d0400e9..79e9876 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 22disable-xscreensaver.patch
 23mplayer-debug-printf.patch
 24forgotten-bgr15-format.patch
+25playlist.patch
___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Processed: Re: Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

2010-08-04 Thread Debian Bug Tracking System

Processing commands for cont...@bugs.debian.org:

 tag 591525 +patch
Bug #591525 [mplayer] mplayer: Segfault due to missing input sanitation on 
playlist files
Added tag(s) patch.
 thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
591525: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591525
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

2010-08-03 Thread Josef Spillner

Package: mplayer
Version: 2:1.0~rc3+svn20100502-3+b1
Severity: normal
Tags: upstream

It is easily possible to crash mplayer through specially-crafted playlist files.
Instead of crashing, the application should return with a proper exit code.

$ cat _cassé.pls
[playlist]
numberofentries=0
Version=2

$ mplayer -playlist _cassé.pls
Unknown entry type Version=2
Speicherzugriffsfehler

# where Speicherzugriffsfehler means segfault

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mplayer depends on:
ii  libaa1 1.4p5-38  ascii art library
ii  libasound2 1.0.23-1  shared library for ALSA applicatio
ii  libaudio2  1.9.2-3   Network Audio System - shared libr
ii  libavcodec52   4:0.5.2-1 ffmpeg codec library
ii  libavformat52  4:0.5.2-1 ffmpeg file format library
ii  libavutil494:0.5.2-1 ffmpeg utility library
ii  libc6  2.11.2-2  Embedded GNU C Library: Shared lib
ii  libcaca0   0.99.beta17-1 colour ASCII art library
ii  libcdparanoia0 3.10.2+debian-9   audio extraction tool for sampling
ii  libdirectfb-1.2-9  1.2.10.0-4direct frame buffer graphics - sha
ii  libdvdread44.1.3-10  library for reading DVDs
ii  libenca0   1.13-3Extremely Naive Charset Analyser -
ii  libesd00.2.41-7  Enlightened Sound Daemon - Shared 
ii  libfontconfig1 2.8.0-2.1 generic font configuration library
ii  libfreetype6   2.4.0-2   FreeType 2 font engine, shared lib
ii  libfribidi00.19.2-1  Free Implementation of the Unicode
ii  libgcc11:4.4.4-7 GCC support library
ii  libgif44.1.6-9   library for GIF images (library)
ii  libgl1-mesa-glx [libgl 7.7.1-4   A free implementation of the OpenG
ii  libjack0 [libjack-0.11 1:0.118+svn3796-7 JACK Audio Connection Kit (librari
ii  libjpeg62  6b1-1 The Independent JPEG Group's JPEG 
ii  liblircclient0 0.8.3-5   infra-red remote control support -
ii  liblzo2-2  2.03-2data compression library
ii  libncurses55.7+20100313-2shared libraries for terminal hand
ii  libogg01.2.0~dfsg-1  Ogg bitstream library
ii  libopenal1 1:1.12.854-2  Software implementation of the Ope
ii  libpng12-0 1.2.44-1  PNG library - runtime
ii  libpostproc51  4:0.5.2-1 ffmpeg video postprocessing librar
ii  libpulse0  0.9.21-3+b1   PulseAudio client libraries
ii  libsdl1.2debian1.2.14-6  Simple DirectMedia Layer
ii  libsmbclient   2:3.4.8~dfsg-2shared library for communication w
ii  libspeex1  1.2~rc1-1 The Speex codec runtime library
ii  libstdc++6 4.4.4-7   The GNU Standard C++ Library v3
ii  libsvga1   1:1.4.3-29console SVGA display libraries
ii  libswscale04:0.5.2-1 ffmpeg video scaling library
ii  libtheora0 1.1.1+dfsg.1-3The Theora Video Compression Codec
ii  libx11-6   2:1.3.3-3 X11 client-side library
ii  libxext6   2:1.1.2-1 X11 miscellaneous extension librar
ii  libxinerama1   2:1.1-3   X11 Xinerama extension library
ii  libxt6 1:1.0.7-1 X11 toolkit intrinsics library
ii  libxv1 2:1.0.5-1 X11 Video extension library
ii  libxvmc1   2:1.0.5-1 X11 Video extension library
ii  libxxf86dga1   2:1.1.1-2 X11 Direct Graphics Access extensi
ii  libxxf86vm11:1.1.0-2 X11 XFree86 video mode extension l
ii  zlib1g 1:1.2.3.4.dfsg-3  compression library - runtime

mplayer recommends no packages.

Versions of packages mplayer suggests:
ii  bzip2 1.0.5-4high-quality block-sorting file co
ii  fontconfig2.8.0-2.1  generic font configuration library
pn  mplayer-doc   none (no description available)
pn  netselect | fping none (no description available)
ii  ttf-freefont  20090104-7 Freefont Serif, Sans and Mono True

-- no debconf information



___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers

Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

Processed: Re: Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

Bug#591525: mplayer: Segfault due to missing input sanitation on playlist files

3 matches

Site Navigation

Mail list logo

Footer information