Debian Bug report logs - #407010
mplayer: multiple segmentation faults

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: "Sam Hocevar \(Debian packages\)" <sam+deb@zoy.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: mplayer: multiple segmentation faults

Date: Mon, 15 Jan 2007 17:04:55 +0100

Package: mplayer
Version: 1.0~rc1-11
Severity: important

   MPlayer crashes at various places with the following files:

      http://sam.zoy.org/zzuf/lol-mplayer.mp3 (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.ogg (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.mpg (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.m2v (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.avi (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.flac (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.ogm (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.wmv (SIGSEGV)
      http://sam.zoy.org/zzuf/lol-mplayer.aac (SIGSEGV)

   I'm setting the severity to important, but the potential security
issues should not be overlooked. More information about the software I
used is available at http://sam.zoy.org/zzuf/.

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (50, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19.1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages mplayer depends on:
ii  debconf [debconf-2 1.5.11                Debian configuration management sy
ii  libaa1             1.4p5-30              ascii art library
ii  libartsc0          1.5.5-1               aRts sound system C support librar
ii  libasound2         1.0.13-1              ALSA library
ii  libatk1.0-0        1.12.4-1              The ATK accessibility toolkit
ii  libaudiofile0      0.2.6-6               Open-source version of SGI's audio
ii  libc6              2.3.6.ds1-10          GNU C Library: Shared libraries
ii  libcaca0           0.99.beta11.debian-2  colour ASCII art library
ii  libcairo2          1.2.4-4               The Cairo 2D vector graphics libra
ii  libcdparanoia0     3.10+debian~pre0-4    audio extraction tool for sampling
ii  libconfhelper-perl 0.12.5                Library for editing configuration 
ii  libcucul0          0.99.beta11.debian-2  low-level Unicode character drawin
ii  libdirectfb-0.9-25 0.9.25.1-5            direct frame buffer graphics - sha
ii  libdv4             1.0.0-1               software library for DV format dig
ii  libdvdread3        0.9.7-2               library for reading DVDs
ii  libesd0            0.2.36-3              Enlightened Sound Daemon - Shared 
ii  libfontconfig1     2.4.2-1               generic font configuration library
ii  libfreetype6       2.2.1-5               FreeType 2 font engine, shared lib
ii  libglib2.0-0       2.12.6-2              The GLib library of C routines
ii  libgtk2.0-0        2.8.20-4              The GTK+ graphical user interface 
ii  libjack0.100.0-0   0.101.1-2             JACK Audio Connection Kit (librari
ii  libjpeg62          6b-13                 The Independent JPEG Group's JPEG 
ii  liblircclient0     0.8.0-9               LIRC client library
ii  liblzo1            1.08-3                data compression library (old vers
ii  libmad0            0.15.1b-2.1           MPEG audio decoder library
ii  libncurses5        5.5-5                 Shared libraries for terminal hand
ii  libogg0            1.1.3-2               Ogg Bitstream Library
ii  libpango1.0-0      1.14.8-4              Layout and rendering of internatio
ii  libpng12-0         1.2.15~beta5-1        PNG library - runtime
ii  libsdl1.2debian    1.2.11-7              Simple DirectMedia Layer
ii  libsmbclient       3.0.23d-4             shared library that allows applica
ii  libspeex1          1.1.12-3              The Speex Speech Codec
ii  libsvga1           1:1.4.3-24            console SVGA display libraries
ii  libtheora0         0.0.0.alpha7.dfsg-1.1 The Theora Video Compression Codec
ii  libungif4g         4.1.4-4               shared library for GIF images
ii  libx11-6           2:1.0.3-4             X11 client-side library
ii  libxcursor1        1.1.7-4               X cursor management library
ii  libxext6           1:1.0.1-2             X11 miscellaneous extension librar
ii  libxfixes3         1:4.0.1-5             X11 miscellaneous 'fixes' extensio
ii  libxi6             1:1.0.1-4             X11 Input extension library
ii  libxinerama1       1:1.0.1-4.1           X11 Xinerama extension library
ii  libxrandr2         2:1.1.0.2-5           X11 RandR extension library
ii  libxrender1        1:0.9.1-3             X Rendering Extension client libra
ii  libxv1             1:1.0.2-1             X11 Video extension library
ii  libxvmc1           1:1.0.2-2             X11 Video extension library
ii  libxxf86dga1       2:1.0.1-2             X11 Direct Graphics Access extensi
ii  libxxf86vm1        1:1.0.1-2             X11 XFree86 video mode extension l
ii  mplayer-skin-blue  1.6-1                 blue skin for mplayer
ii  zlib1g             1:1.2.3-13            compression library - runtime

mplayer recommends no packages.

-- debconf information:
  mplayer/replace-existing-files-bail:
  mplayer/replace-existing-files: false
  mplayer/no-ttfont:
* mplayer/install_codecs:
  mplayer/voutput: autodetect
  mplayer/rtc: false
  mplayer/ttfont: Sans
* mplayer/cfgnote:
* mplayer/dvd_device: /dev/cdrom

Message #10 received at 407010@bugs.debian.org (full text, mbox, reply):

From: debdev@tonelli.sns.it (A Mennucc)

To: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Mon, 15 Jan 2007 20:50:00 +0100

On Mon, Jan 15, 2007 at 05:04:55PM +0100, Sam Hocevar (Debian packages) wrote:
>    MPlayer crashes at various places with the following files:
> 
[snip]

in some time (after Etch, I fear) I will do a vitamin-release of
MPlayer, to avoid all those crashes

actually  (as you know :-) ) most crashes are in FFmpeg
so we should work together on that
 
>    I'm setting the severity to important, but the potential security
> issues should not be overlooked.

I will check it (before Etch release) and try (to the best of
my experience) to see that that is not the case

> More information about the software I
> used is available at http://sam.zoy.org/zzuf/.

wow! impressive

as you know, I was kinda doing that same work , but never found
the time to do it in depth as you did

you should package zzuf (maybe for experimental)

a.

-- 
Andrea Mennucc

"The EULA sounds like it was written by a team of lawyers who want to tell 
me what I can't do, and the GPL sounds like it was written by a human 
being who wants me to know what I can do."
Anonymous,    http://www.securityfocus.com/columnists/420

Message #15 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Sam Hocevar <sam@zoy.org>

To: mennucc1@debian.org

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Mon, 15 Jan 2007 23:51:29 +0100

On Mon, Jan 15, 2007, A Mennucc wrote:

> actually  (as you know :-) ) most crashes are in FFmpeg
> so we should work together on that

   Yes, as you may have seen I sent a similar bug report for my own
ffmpeg package so that it's not forgotten.

> > More information about the software I
> > used is available at http://sam.zoy.org/zzuf/.
> 
> wow! impressive
> 
> as you know, I was kinda doing that same work , but never found
> the time to do it in depth as you did
> 
> you should package zzuf (maybe for experimental)

   ITP sent :)

-- 
Sam.

Message #20 received at 407010@bugs.debian.org (full text, mbox, reply):

From: debdev@tonelli.sns.it (A Mennucc)

To: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Tue, 16 Jan 2007 14:05:10 +0100

hi

mplayer has redundant ways to play some video formats; for example,
(most of) MPEG can be played both by FFMpeg and by libmpeg ;
by using the -vc or -ao switch, you can force it to use exactly one
of those

Here is a practical example

$ mplayer -vc mpeg12 Einparken.mpg
uses
==========================================================================
Forced video codec: mpeg12
Opening video decoder: [libmpeg2] MPEG 1/2 Video decoder libmpeg2-v0.4.0b
Selected video codec: [mpeg12] vfm: libmpeg2 (MPEG-1 or 2 (libmpeg2))
==========================================================================

while
$ mplayer -vc ffmpeg1 Einparken.mpg
==========================================================================
Forced video codec: ffmpeg1
Opening video decoder: [ffmpeg] FFmpeg's libavcodec codec family
Selected video codec: [ffmpeg1] vfm: ffmpeg (FFmpeg MPEG-1)
==========================================================================

So, you (or, me, or anybody willing) may use the fuzzer to test
specifically for crashes in each subsystem.
(E.g. you may be particularly interested in seeing which crashes
affect ffmpeg and which dont)

a.

-- 
Andrea Mennucc

"The EULA sounds like it was written by a team of lawyers who want to tell 
me what I can't do, and the GPL sounds like it was written by a human 
being who wants me to know what I can do."
Anonymous,    http://www.securityfocus.com/columnists/420

Message #25 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Thu, 25 Jan 2007 14:30:42 +0100

Some status information about those crashes ..

On Mon, Jan 15, 2007 at 05:04:55PM +0100, Sam Hocevar (Debian packages) wrote:
> 
>    MPlayer crashes at various places with the following files:
> 
>       http://sam.zoy.org/zzuf/lol-mplayer.mp3 (SIGSEGV)

Crash in mp3lib.

>       http://sam.zoy.org/zzuf/lol-mplayer.ogg (SIGSEGV)

Crash in libvorbis.

>       http://sam.zoy.org/zzuf/lol-mplayer.aac (SIGSEGV)

Crash in libfaad.

>       http://sam.zoy.org/zzuf/lol-mplayer.avi (SIGSEGV)

Unreproducible with HEAD.

>       http://sam.zoy.org/zzuf/lol-mplayer.mpg (SIGSEGV)
>       http://sam.zoy.org/zzuf/lol-mplayer.m2v (SIGSEGV)
>       http://sam.zoy.org/zzuf/lol-mplayer.flac (SIGSEGV)
>       http://sam.zoy.org/zzuf/lol-mplayer.ogm (SIGSEGV)
>       http://sam.zoy.org/zzuf/lol-mplayer.wmv (SIGSEGV)

All fixed.

Diego

Message #30 received at 407010@bugs.debian.org (full text, mbox, reply):

From: David Kremer <david.kremer.dk@gmail.com>

To: Debian Bug Tracking System <407010@bugs.debian.org>

Subject: [mplayer] Segfault at launch

Date: Wed, 11 Jul 2007 12:55:16 +0200

Package: mplayer
Followup-For: Bug #407010


I have meet a problem with mplayer's .deb
of the main archive.

When I make :

machine@user:~$mplayer

I have directly a segfault, without the printout
of the mplayer's usage.

I have build the package like in the debian gdb wiki
at this link :

http://wiki.debian.org/HowToGetABacktrace

and the new .deb built works perfectly, so I don't have
many more information.

I don't know what it means. Thanks anyway.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-amd64
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

Versions of packages mplayer depends on:
ii  debconf [debconf-2 1.5.11                Debian configuration management sy
ii  libasound2         1.0.13-2              ALSA library
ii  libatk1.0-0        1.12.4-3              The ATK accessibility toolkit
ii  libaudiofile0      0.2.6-6               Open-source version of SGI's audio
ii  libc6              2.3.6.ds1-13          GNU C Library: Shared libraries
ii  libcaca0           0.99.beta11.debian-2  colour ASCII art library
ii  libcairo2          1.2.4-4               The Cairo 2D vector graphics libra
ii  libcdparanoia0     3.10+debian~pre0-4    audio extraction tool for sampling
ii  libconfhelper-perl 0.12.5                Library for editing configuration 
ii  libcucul0          0.99.beta11.debian-2  low-level Unicode character drawin
ii  libdirectfb-0.9-25 0.9.25.1-5            direct frame buffer graphics - sha
ii  libdvdread3        0.9.7-2               library for reading DVDs
ii  libesd0            0.2.36-3              Enlightened Sound Daemon - Shared 
ii  libfontconfig1     2.4.2-1.2             generic font configuration library
ii  libfreetype6       2.2.1-5+etch1         FreeType 2 font engine, shared lib
ii  libglib2.0-0       2.12.4-2              The GLib library of C routines
ii  libgtk2.0-0        2.8.20-7              The GTK+ graphical user interface 
ii  libjpeg62          6b-13                 The Independent JPEG Group's JPEG 
ii  liblircclient0     0.8.0-9.2             LIRC client library
ii  liblzo1            1.08-3                data compression library (old vers
ii  libmad0            0.15.1b-2.1           MPEG audio decoder library
ii  libncurses5        5.5-5                 Shared libraries for terminal hand
ii  libogg0            1.1.3-2               Ogg Bitstream Library
ii  libpango1.0-0      1.14.8-5              Layout and rendering of internatio
ii  libpng12-0         1.2.15~beta5-1        PNG library - runtime
ii  libsdl1.2debian    1.2.11-8              Simple DirectMedia Layer
ii  libspeex1          1.1.12-3              The Speex Speech Codec
ii  libtheora0         0.0.0.alpha7.dfsg-1.1 The Theora Video Compression Codec
ii  libungif4g         4.1.4-4               shared library for GIF images
ii  libx11-6           2:1.0.3-7             X11 client-side library
ii  libxcursor1        1.1.7-4               X cursor management library
ii  libxext6           1:1.0.1-2             X11 miscellaneous extension librar
ii  libxfixes3         1:4.0.1-5             X11 miscellaneous 'fixes' extensio
ii  libxi6             1:1.0.1-4             X11 Input extension library
ii  libxinerama1       1:1.0.1-4.1           X11 Xinerama extension library
ii  libxrandr2         2:1.1.0.2-5           X11 RandR extension library
ii  libxrender1        1:0.9.1-3             X Rendering Extension client libra
ii  libxv1             1:1.0.2-1             X11 Video extension library
ii  libxvmc1           1:1.0.2-2             X11 Video extension library
ii  libxxf86dga1       2:1.0.1-2             X11 Direct Graphics Access extensi
ii  libxxf86vm1        1:1.0.1-2             X11 XFree86 video mode extension l
ii  mplayer-skin-blue  1.6-1                 blue skin for mplayer
ii  zlib1g             1:1.2.3-13            compression library - runtime

mplayer recommends no packages.

-- debconf information:
  mplayer/voutput: autodetect
  mplayer/rtc: false
  mplayer/ttfont: ${ttfontdefault}
  mplayer/cfgnote:
  mplayer/replace-existing-files-bail:
  mplayer/replace-existing-files: false
  mplayer/no-ttfont:
  mplayer/install_codecs:
  mplayer/dvd_device: /dev/cdrom

Message #37 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 6 Jul 2008 12:11:28 +0200

On Thu, Jan 25, 2007 at 02:30:42PM +0100, Diego Biurrun wrote:
> Some status information about those crashes ..
> 
> On Mon, Jan 15, 2007 at 05:04:55PM +0100, Sam Hocevar (Debian packages) wrote:
> > 
> >    MPlayer crashes at various places with the following files:
> > 
> >       http://sam.zoy.org/zzuf/lol-mplayer.mp3 (SIGSEGV)
> 
> Crash in mp3lib.
> 
> >       http://sam.zoy.org/zzuf/lol-mplayer.ogg (SIGSEGV)
> 
> Crash in libvorbis.
> 
> >       http://sam.zoy.org/zzuf/lol-mplayer.aac (SIGSEGV)
> 
> Crash in libfaad.
> 
> >       http://sam.zoy.org/zzuf/lol-mplayer.avi (SIGSEGV)
> 
> Unreproducible with HEAD.
> 
> >       http://sam.zoy.org/zzuf/lol-mplayer.mpg (SIGSEGV)
> >       http://sam.zoy.org/zzuf/lol-mplayer.m2v (SIGSEGV)
> >       http://sam.zoy.org/zzuf/lol-mplayer.flac (SIGSEGV)
> >       http://sam.zoy.org/zzuf/lol-mplayer.ogm (SIGSEGV)
> >       http://sam.zoy.org/zzuf/lol-mplayer.wmv (SIGSEGV)
> 
> All fixed.

I cannot reproduce any of the crashes anymore with the latest Debian
package on PowerPC.  I think this report should be closed.

Diego

Message #42 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Diego Biurrun <diego@biurrun.de>, 407010@bugs.debian.org

Cc: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 6 Jul 2008 12:49:05 +0200

[Message part 1 (text/plain, inline)]

Hi Diego,
* Diego Biurrun <diego@biurrun.de> [2008-07-06 12:40]:
> On Thu, Jan 25, 2007 at 02:30:42PM +0100, Diego Biurrun wrote:
[...] 
> > All fixed.
> 
> I cannot reproduce any of the crashes anymore with the latest Debian
> package on PowerPC.  I think this report should be closed.

Since you seem to have a copy of these files, can you put 
them online somewhere as they are no longer available on the 
original website?

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #47 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: Nico Golde <nion@debian.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 6 Jul 2008 13:49:43 +0200

On Sun, Jul 06, 2008 at 12:49:05PM +0200, Nico Golde wrote:
> * Diego Biurrun <diego@biurrun.de> [2008-07-06 12:40]:
> > On Thu, Jan 25, 2007 at 02:30:42PM +0100, Diego Biurrun wrote:
> [...] 
> > > All fixed.
> > 
> > I cannot reproduce any of the crashes anymore with the latest Debian
> > package on PowerPC.  I think this report should be closed.
> 
> Since you seem to have a copy of these files, can you put 
> them online somewhere as they are no longer available on the 
> original website?

Umm, I got them from the original website...

Diego

Message #52 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Diego Biurrun <diego@biurrun.de>

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 6 Jul 2008 14:11:13 +0200

[Message part 1 (text/plain, inline)]

Hi Diego,
* Diego Biurrun <diego@biurrun.de> [2008-07-06 13:51]:
> On Sun, Jul 06, 2008 at 12:49:05PM +0200, Nico Golde wrote:
> > * Diego Biurrun <diego@biurrun.de> [2008-07-06 12:40]:
> > > On Thu, Jan 25, 2007 at 02:30:42PM +0100, Diego Biurrun wrote:
> > [...] 
> > > > All fixed.
> > > 
> > > I cannot reproduce any of the crashes anymore with the latest Debian
> > > package on PowerPC.  I think this report should be closed.
> > 
> > Since you seem to have a copy of these files, can you put 
> > them online somewhere as they are no longer available on the 
> > original website?
> 
> Umm, I got them from the original website...

HEAD /zzuf/lol-mplayer.mp3 HTTP/1.1
Host: sam.zoy.org

HTTP/1.1 301 Moved Permanently
Date: Sun, 06 Jul 2008 12:11:09 GMT
Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch6 mod_ssl/2.8.25 OpenSSL/0.9.8c mod_perl/1.29 DAV/1.0.3
Location: http://libcaca.zoy.org/wiki/zzuf
Content-Type: text/html; charset=iso-8859-1

So if you reproduced it with this, you tried to reproduce it on
an html page :)

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #57 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: Nico Golde <nion@debian.org>

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 6 Jul 2008 14:25:14 +0200

On Sun, Jul 06, 2008 at 02:11:13PM +0200, Nico Golde wrote:
> Hi Diego,
> * Diego Biurrun <diego@biurrun.de> [2008-07-06 13:51]:
> > On Sun, Jul 06, 2008 at 12:49:05PM +0200, Nico Golde wrote:
> > > * Diego Biurrun <diego@biurrun.de> [2008-07-06 12:40]:
> > > > On Thu, Jan 25, 2007 at 02:30:42PM +0100, Diego Biurrun wrote:
> > > [...] 
> > > > > All fixed.
> > > > 
> > > > I cannot reproduce any of the crashes anymore with the latest Debian
> > > > package on PowerPC.  I think this report should be closed.
> > > 
> > > Since you seem to have a copy of these files, can you put 
> > > them online somewhere as they are no longer available on the 
> > > original website?
> > 
> > Umm, I got them from the original website...
> 
> HEAD /zzuf/lol-mplayer.mp3 HTTP/1.1
> Host: sam.zoy.org
> 
> HTTP/1.1 301 Moved Permanently
> Date: Sun, 06 Jul 2008 12:11:09 GMT
> Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch6 mod_ssl/2.8.25 OpenSSL/0.9.8c mod_perl/1.29 DAV/1.0.3
> Location: http://libcaca.zoy.org/wiki/zzuf
> Content-Type: text/html; charset=iso-8859-1
> 
> So if you reproduced it with this, you tried to reproduce it on
> an html page :)

ROTFL :)

Anyway, I found the files locally, lol-mplayer.ogm and lol-mplayer.aac
and lol-mplayer.mpg still crash with Subversion HEAD.  The Debian
package currently crashes with anything ;-p

I put the files online at

http://www1.mplayerhq.hu/~diego/zzuf/

Diego

Message #62 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Sam Hocevar <sam@zoy.org>

To: Diego Biurrun <diego@biurrun.de>

Cc: Nico Golde <nion@debian.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Wed, 9 Jul 2008 18:26:07 +0200

On Sun, Jul 06, 2008, Diego Biurrun wrote:

> > HEAD /zzuf/lol-mplayer.mp3 HTTP/1.1
> > Host: sam.zoy.org
> > 
> > HTTP/1.1 301 Moved Permanently
> > Date: Sun, 06 Jul 2008 12:11:09 GMT
> > Server: Apache/1.3.34 (Debian) PHP/4.4.4-8+etch6 mod_ssl/2.8.25 OpenSSL/0.9.8c mod_perl/1.29 DAV/1.0.3
> > Location: http://libcaca.zoy.org/wiki/zzuf
> > Content-Type: text/html; charset=iso-8859-1
> > 
> > So if you reproduced it with this, you tried to reproduce it on
> > an html page :)
> 
> ROTFL :)
> 
> Anyway, I found the files locally, lol-mplayer.ogm and lol-mplayer.aac
> and lol-mplayer.mpg still crash with Subversion HEAD.  The Debian
> package currently crashes with anything ;-p
> 
> I put the files online at
> 
> http://www1.mplayerhq.hu/~diego/zzuf/

   Sorry about the broken redirects. Everything should be fine again
(the new page location is at http://libcaca.zoy.org/wiki/zzuf/bugs which
isn't very well organised yet but at least other people can fix it,
too).

Cheers,
-- 
Sam.

Message #67 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <mennucc1@debian.org>

To: Diego Biurrun <diego@biurrun.de>, 407010@bugs.debian.org

Cc: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Sun, 20 Jul 2008 14:27:16 +0200

hi,

I tried the files once again, buy some of them stll crash MPlayer (both
my packaged version, and/or SVN)

I am adding bugs in MPlayer bugzilla, and I will now post separate
emails for each of them

a.

Message #72 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <mennucc1@debian.org>

To: Diego Biurrun <diego@biurrun.de>, 407010@bugs.debian.org

Cc: "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: lol-mplayer.mpg

Date: Sun, 20 Jul 2008 14:30:59 +0200

the file
http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-mplayer.mpg?format=raw
crashes both my packaged version 1.0~rc2-15
and SVN 27184

according to the backtrace, the crash is in libavcodec

see in
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212
for more details

a.

Message #77 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <mennucc1@debian.org>

To: 407010@bugs.debian.org

Subject: lol-mplayer.ogg

Date: Sun, 20 Jul 2008 14:33:45 +0200

lol-mplayer.ogg
crashes the Debian version but not SVN; the backtrace is

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5ccb940 (LWP 2866)]
0x08299c5f in vorbis_book_decode (book=0x9dd546c, b=0x9dcf8ac)
    at codebook.c:158
158	    long entry = book->dec_firsttable[lok];
(gdb) bt
#0  0x08299c5f in vorbis_book_decode (book=0x9dd546c, b=0x9dcf8ac)
    at codebook.c:158
#1  0x0829c3e6 in floor1_inverse1 (vb=0x9dcf8a8, in=0x9dd35a8) at
floor1.c:337
#2  0x0829c9dd in mapping0_inverse (vb=0x9dcf8a8, l=0x9dbb958)
    at mapping0.c:205
#3  0x08176904 in decode_audio (sh=0x9dbd918, buf=0x9dbe800 "",
minlen=7524,
    maxlen=69632) at ad_libvorbis.c:238
#4  0x08135c8a in decode_audio (sh_audio=0x9dbd918, buf=0x9e0da60 "",
    minlen=16384, maxlen=16384) at dec_audio.c:387
#5  0x0809d26d in main (argc=2, argv=0xbf937f84) at mplayer.c:1790
(gdb) quit
The program is running.  Exit anyway? (y or n) y

I did not post anything in mplayer bugzilla

a.

Message #82 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <mennucc1@debian.org>

To: 407010@bugs.debian.org

Subject: lol-mplayer.wmv

Date: Sun, 20 Jul 2008 14:36:25 +0200

when playing
lol-mplayer.wmv
mplayer hangs forever (or, at least, more than I wish to wait)

it happens with both Debian and SVN version

a.

Message #91 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: A Mennucc <mennucc1@debian.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.wmv

Date: Fri, 21 Nov 2008 17:01:17 +0100

[Message part 1 (text/plain, inline)]

Hi,
* A Mennucc <mennucc1@debian.org> [2008-07-20 15:58]:
> when playing
> lol-mplayer.wmv
> mplayer hangs forever (or, at least, more than I wish to wait)
> 
> it happens with both Debian and SVN version

I am rechecking these issues atm.
1.0~rc2-18 does crash on amd64 here, the reason is a null 
ptr dererence in libfaad2 line 221:
#0  ifilter_bank (fb=<value optimized out>, window_sequence=<value optimized out>, window_shape=<value optimized out>, window_shape_prev=<value optimized out>, freq_in=0x7fff1d48f5f0, time_out=0x0, overlap=0x0, object_type=0x2, frame_len=<value optimized out>) at filtbank.c:221
#1  0x0000000000640278 in reconstruct_single_channel (hDecoder=0x1290a20, ics=0x7fff1d490646, sce=0x7fff1d490640, spec_data=0x7fff1d4957f0) at specrec.c:928
#2  0x000000000062e23d in single_lfe_channel_element (hDecoder=0x1290a20, ld=0x7fff1d4960d0, channel=0x2, tag=0x7fff1d496047 "\n\003") at syntax.c:596
#3  0x000000000062e35a in decode_sce_lfe (hDecoder=0x4, hInfo=0xa92280, ld=0x0, id_syn_ele=<value optimized out>) at syntax.c:345

filtbank.c:
219         for (i = 0; i < nlong; i+=4)
220         {
221             time_out[i]   = overlap[i]   + MUL_F(transf_buf[i],window_long_prev[i]);
222             time_out[i+1] = overlap[i+1] + MUL_F(transf_buf[i+1],window_long_prev[i+1]);
223             time_out[i+2] = overlap[i+2] + MUL_F(transf_buf[i+2],window_long_prev[i+2]);
224             time_out[i+3] = overlap[i+3] + MUL_F(transf_buf[i+3],window_long_prev[i+3]);
225         }

The function is called from libfaad2/specrec.c reconstruct_single_channel:
 928         ifilter_bank(hDecoder->fb, ics->window_sequence, ics->window_shape,
 929             hDecoder->window_shape_prev[sce->channel], spec_coef,
 930             hDecoder->time_out[sce->channel], hDecoder->fb_intermed[sce->channel],
 931             hDecoder->object_type, hDecoder->frameLength);

sce->channel is is not NULL at the beginning of the function.
sce->channel is 2 while the lenght of fb_intermed is only 2 and [2] is NULL.
The value gets lost between decode_sce_lfe() and single_lfe_channel_element().

fb_intermed gets allocated in specrec.c line 788 and following:
gdb> break specrec.c :794
Breakpoint 4 at 0x63fc20: file specrec.c, line 794.
gdb> continue
_______________________________________________________________________________
Error while running hook_stop:
Value can't be converted to integer.
Breakpoint 4, reconstruct_channel_pair (hDecoder=0x211aa20, ics1=0x7fff93dd7796, ics2=0x7fff93dda068, cpe=0x7fff93dd7790, spec_data1=0x7fff93ddd140, spec_data2=0x7fff93ddc940) at specrec.c:795
795     in specrec.c
gdb> print hDecoder->frameLength
$6 = 0x400
gdb> print hDecoder->fb_intermed[0]
$7 = (real_t *) 0x219f300
gdb> print hDecoder->fb_intermed[2]
$8 = (real_t *) 0x0

 788     if (hDecoder->fb_intermed[channel] == NULL)
 789     {
 790         hDecoder->fb_intermed[channel] = (real_t*)faad_malloc(hDecoder->frameLength*sizeof(real_t));
 791         memset(hDecoder->fb_intermed[channel], 0, hDecoder->frameLength*sizeof(real_t));
 792     }

If I made no mistake before and after hDecoder->fb_intermed[channel] is NULL.
gdb> print hDecoder->frameLength 
$11 = 0x400
gdb> print sizeof(real_t)
$12 = 0x4
So it tries to allocate 4096 bytes.

Andreas, I fail to see why this should result in NULL. Any idea?

At the time of the crash it definitely only crashes because of a null ptr derefence which
is no security issue in this case. But as it writes data to the location before dereferencing
this could be more problematic.

Kind regards
Nico


-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #96 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: A Mennucc <mennucc1@debian.org>, 407010@bugs.debian.org

Cc: Diego Biurrun <diego@biurrun.de>, "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Fri, 21 Nov 2008 17:17:16 +0100

[Message part 1 (text/plain, inline)]

Hi,
* A Mennucc <mennucc1@debian.org> [2008-07-20 14:43]:
> the file
> http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-mplayer.mpg?format=raw
> crashes both my packaged version 1.0~rc2-15
> and SVN 27184
> 
> according to the backtrace, the crash is in libavcodec
> 
> see in
> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212
> for more details

According my backtrace the problem is in pred_direct_motion():
mb_type_col = <value optimized out>
l1mv0 = <value optimized out>
l1mv1 = <value optimized out>
l1ref0 = <value optimized out>
l1ref1 = <value optimized out>
is_b8x8 = 0x0
sub_mb_type = <value optimized out>
i8 = <value optimized out>

Looking at the code I think this is just a null ptr dereference:
1062     if(!is_b8x8)
1063         *mb_type |= MB_TYPE_DIRECT2;
1064     if(MB_FIELD)
1065         *mb_type |= MB_TYPE_INTERLACED;
1066 
1067     tprintf(s->avctx, "mb_type = %08x, sub_mb_type = %08x, is_b8x8 = %d, mb_type_col = %08x\n", *mb_type, sub_mb_type, is_b8x8, mb_type_col);

is_b8x8 is checked before but not when dereferencing it in tprintf.

I could not check this as I have no possibility to recompile mplayer right now,
Andrea can you test this?


Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #101 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: A Mennucc <mennucc1@debian.org>, 407010@bugs.debian.org

Cc: Diego Biurrun <diego@biurrun.de>, "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Sun, 14 Dec 2008 18:25:22 +0100

[Message part 1 (text/plain, inline)]

Hi,
* Nico Golde <nion@debian.org> [2008-11-21 17:30]:
[...] 
> Looking at the code I think this is just a null ptr dereference:
> 1062     if(!is_b8x8)
> 1063         *mb_type |= MB_TYPE_DIRECT2;
> 1064     if(MB_FIELD)
> 1065         *mb_type |= MB_TYPE_INTERLACED;
> 1066 
> 1067     tprintf(s->avctx, "mb_type = %08x, sub_mb_type = %08x, is_b8x8 = %d, mb_type_col = %08x\n", *mb_type, sub_mb_type, is_b8x8, mb_type_col);
> 
> is_b8x8 is checked before but not when dereferencing it in tprintf.

This is of course wrong as I overlooked that this will be 
casted to an integer.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #106 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Tue, 23 Dec 2008 21:21:44 +0100

[Message part 1 (text/plain, inline)]

Hi,
I tracked the ogm file issue down to ffmpeg, it's not an 
mplayer issue. I reported this as: #509616..
Since the aac vulnerability is fixed by building against the 
system-wide faad copy, Andrea is there any issue in this bug 
report missing then which is not fixed?

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #111 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <debdev@tonelli.sns.it>

To: Nico Golde <nion@debian.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Tue, 23 Dec 2008 21:56:15 +0100

On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
> Hi,
> I tracked the ogm file issue down to ffmpeg, it's not an 
> mplayer issue. I reported this as: #509616..

you may propose your patch into 
http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212

> Since the aac vulnerability is fixed by building against the 
> system-wide faad copy, Andrea is there any issue in this bug 
> report missing then which is not fixed?

lol-mplayer.ogg, that is fixed in SVN

a.

Message #116 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: mennucc1@debian.org, 407010@bugs.debian.org

Cc: Nico Golde <nion@debian.org>

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Wed, 24 Dec 2008 19:24:05 +0100

On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
> On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
> > I tracked the ogm file issue down to ffmpeg, it's not an 
> > mplayer issue. I reported this as: #509616..

Your patch is incorrect and insufficient.  You should submit your
patches upstream to FFmpeg instead of posting it to a distro bug
tracker.  It was reviewed no more than 15 minutes (on a December
24) after I sent it to the ffmpeg-devel mailing list.

Please do not add not fully understood patches to your distro packages.
We all know the troubles this caused with openssl.

> you may propose your patch into 
> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212

No, because that bug report is about the MPEG demuxer, not the
ogm issue.

Diego

Message #121 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Diego Biurrun <diego@biurrun.de>

Cc: mennucc1@debian.org, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Wed, 24 Dec 2008 23:12:34 +0100

[Message part 1 (text/plain, inline)]

Hi,
* Diego Biurrun <diego@biurrun.de> [2008-12-24 22:50]:
> On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
> > On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
> > > I tracked the ogm file issue down to ffmpeg, it's not an 
> > > mplayer issue. I reported this as: #509616..
> 
> Your patch is incorrect and insufficient.  You should submit your
> patches upstream to FFmpeg instead of posting it to a distro bug
> tracker.  It was reviewed no more than 15 minutes (on a December
> 24) after I sent it to the ffmpeg-devel mailing list.
> 
> Please do not add not fully understood patches to your distro packages.

You do read the referenced bugs before starting to throw 
with mud do you?
I guess not otherwise you would have read
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616#5:
"Attached is a patch to fix this, I am not sure if that is 
the correct way to fix this as I have no insight on the code 
functionality itself but at least it prevents mplayer from 
crashing. So you might want to check back with upstream."

> We all know the troubles this caused with openssl.

What a miserable comparison.

Cheers
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #126 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: Nico Golde <nion@debian.org>

Cc: mennucc1@debian.org, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Thu, 25 Dec 2008 14:18:42 +0100

On Wed, Dec 24, 2008 at 11:12:34PM +0100, Nico Golde wrote:
> * Diego Biurrun <diego@biurrun.de> [2008-12-24 22:50]:
> > On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
> > > On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
> > > > I tracked the ogm file issue down to ffmpeg, it's not an 
> > > > mplayer issue. I reported this as: #509616..
> > 
> > Your patch is incorrect and insufficient.  You should submit your
> > patches upstream to FFmpeg instead of posting it to a distro bug
> > tracker.  It was reviewed no more than 15 minutes (on a December
> > 24) after I sent it to the ffmpeg-devel mailing list.
> > 
> > Please do not add not fully understood patches to your distro packages.
> 
> You do read the referenced bugs before starting to throw 
> with mud do you?
> I guess not otherwise you would have read
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616#5:
> "Attached is a patch to fix this, I am not sure if that is 
> the correct way to fix this as I have no insight on the code 
> functionality itself but at least it prevents mplayer from 
> crashing. So you might want to check back with upstream."

And here is your upstream, confirming what you already suspected: Your
patch papers over the problem without fixing the root cause.

So if you knew this all along, why act offended now?

This is upstream appearing on your distribution channels and helping
you out directly.

> > We all know the troubles this caused with openssl.
> 
> What a miserable comparison.

I beg to differ.  It is not a distributions job to patch programs.
There are hardly any exceptions to this rule.

The openssl fiasco was just a very visible and catastrophic example.
The root problem, however, is the same: Distributions patching programs
without upstream coordination and review.

Unfortunately this mindset is entrenched in distro people's minds and
changing your habits will be difficult.  If the openssl fiasco leads to
change in this area, it will end up having had a positive effect in the
long run.

merry xmas

Diego

Message #131 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: Diego Biurrun <diego@biurrun.de>

Cc: mennucc1@debian.org, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Thu, 25 Dec 2008 22:32:45 +0100

[Message part 1 (text/plain, inline)]

Hi,
* Diego Biurrun <diego@biurrun.de> [2008-12-25 22:19]:
> On Wed, Dec 24, 2008 at 11:12:34PM +0100, Nico Golde wrote:
> > * Diego Biurrun <diego@biurrun.de> [2008-12-24 22:50]:
> > > On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
[...] 
> > > Your patch is incorrect and insufficient.  You should submit your
> > > patches upstream to FFmpeg instead of posting it to a distro bug
> > > tracker.  It was reviewed no more than 15 minutes (on a December
> > > 24) after I sent it to the ffmpeg-devel mailing list.
> > > 
> > > Please do not add not fully understood patches to your distro packages.
> > 
> > You do read the referenced bugs before starting to throw 
> > with mud do you?
> > I guess not otherwise you would have read
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616#5:
> > "Attached is a patch to fix this, I am not sure if that is 
> > the correct way to fix this as I have no insight on the code 
> > functionality itself but at least it prevents mplayer from 
> > crashing. So you might want to check back with upstream."
> 
> And here is your upstream, confirming what you already suspected: Your
> patch papers over the problem without fixing the root cause.
> 
> So if you knew this all along, why act offended now?

Because I have better things to do than reading arrogant 
upstream replies who fail to read the references but instead 
act like people would blindly apply patches?
Or since you are German, let's say "wie man in den Wald 
hineinruft, so schallt es heraus"

> This is upstream appearing on your distribution channels and helping
> you out directly.

I'm impressed.

> > > We all know the troubles this caused with openssl.
> > 
> > What a miserable comparison.
> 
> I beg to differ.  It is not a distributions job to patch programs.
> There are hardly any exceptions to this rule.
> 
> The openssl fiasco was just a very visible and catastrophic example.
> The root problem, however, is the same: Distributions patching programs
> without upstream coordination and review.

I see no need to discuss this with you as you seem to miss 
the necessary background, please consult your favorite 
search engine. You know http://marc.info/?l=openssl-dev&m=114652287210110&w=2
do you?

> Unfortunately this mindset is entrenched in distro people's minds and
> changing your habits will be difficult.  If the openssl fiasco leads to
> change in this area, it will end up having had a positive effect in the
> long run.

There is no need to explain the need of checking-back with 
upstream. As you see in my previous mail this was already 
done or at least there was the advice to do this. 
EOD from my side.

> merry xmas

same to you, let's start on fixing the bug.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #136 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: Nico Golde <nion@debian.org>, 407010@bugs.debian.org

Cc: mennucc1@debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Fri, 26 Dec 2008 17:28:12 +0100

On Thu, Dec 25, 2008 at 10:32:45PM +0100, Nico Golde wrote:
> * Diego Biurrun <diego@biurrun.de> [2008-12-25 22:19]:
> > On Wed, Dec 24, 2008 at 11:12:34PM +0100, Nico Golde wrote:
> > > * Diego Biurrun <diego@biurrun.de> [2008-12-24 22:50]:
> > > > On Tue, Dec 23, 2008 at 09:56:15PM +0100, A Mennucc wrote:
> [...] 
> > > > Your patch is incorrect and insufficient.  You should submit your
> > > > patches upstream to FFmpeg instead of posting it to a distro bug
> > > > tracker.  It was reviewed no more than 15 minutes (on a December
> > > > 24) after I sent it to the ffmpeg-devel mailing list.
> > > > 
> > > > Please do not add not fully understood patches to your distro packages.
> > > 
> > > You do read the referenced bugs before starting to throw 
> > > with mud do you?
> > > I guess not otherwise you would have read
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509616#5:
> > > "Attached is a patch to fix this, I am not sure if that is 
> > > the correct way to fix this as I have no insight on the code 
> > > functionality itself but at least it prevents mplayer from 
> > > crashing. So you might want to check back with upstream."
> > 
> > And here is your upstream, confirming what you already suspected: Your
> > patch papers over the problem without fixing the root cause.
> > 
> > So if you knew this all along, why act offended now?
> 
> Because I have better things to do than reading arrogant 
> upstream replies who fail to read the references but instead 
> act like people would blindly apply patches?

Sorry, but I have personally reviewed looked at about a dozen FFmpeg and
MPlayer packages[1] and "blindly apply patches" was often enough an
accurate description of my findings.

Debian is no exception.  Before Reinhard Tartler took over as FFmpeg
packager about a dozen patches were being applied to FFmpeg by Debian.
Thankfully Reinhard works much more closely with upstream (and me in
particular) than his predecessors.

I reviewed that dozen of patches. The end result was that >50% could be
discarded, two or so were applied and another two or so I implemented
better within FFmpeg.  The next time Reinhard updates FFmpeg only one
local patch will remain (IIRC).

So you will have to forgive me if I step in when I see a patch being
proposed for the FFmpeg package in Debian.  It would not have been the
first time that incomplete workarounds got applied.

> > > > We all know the troubles this caused with openssl.
> > > 
> > > What a miserable comparison.
> > 
> > I beg to differ.  It is not a distributions job to patch programs.
> > There are hardly any exceptions to this rule.
> > 
> > The openssl fiasco was just a very visible and catastrophic example.
> > The root problem, however, is the same: Distributions patching programs
> > without upstream coordination and review.
> 
> I see no need to discuss this with you as you seem to miss 
> the necessary background, please consult your favorite 
> search engine. You know http://marc.info/?l=openssl-dev&m=114652287210110&w=2
> do you?

I know.  And the root cause of the problem was distros applying patches
without fully understanding them.  I do not see this issue resolved.

This is not at all specific to Debian.  Sooner or later something like
this was bound to happen.  It's just sheer bad luck that it hit Debian.
It could have been any other Linux (or BSD) distro.

The only way forward is closer cooperation with upstream.  However,
if you are going to get offended every time someone utters the term
"openssl" your life as packager will be difficult.  It's going to be
cited for years as a bad example of where things can end...

> > merry xmas
> 
> same to you, let's start on fixing the bug.

Working on it.  I already proposed your patch and entered the issue
into our project bug tracker so that it is not forgotten.  I will let
Reinhard know if/when a proper solution appears that he can backport.

Diego

[1] Note that I do not make a difference between Linux distributions and
    BSD flavors.  From the upstream perspective they are just another
    packager.

Message #141 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: mennucc1@debian.org

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Mon, 12 Jan 2009 17:22:47 +0100

[Message part 1 (text/plain, inline)]

Hi,
* A Mennucc <debdev@tonelli.sns.it> [2008-12-23 22:08]:
> On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
[...] 
> > Since the aac vulnerability is fixed by building against the 
> > system-wide faad copy, Andrea is there any issue in this bug 
> > report missing then which is not fixed?
> 
> lol-mplayer.ogg, that is fixed in SVN

Can you incorporate this fix into the debian package so we 
can get this fixed for lenny?

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #146 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <debdev@tonelli.sns.it>

To: Diego Biurrun <diego@biurrun.de>

Cc: Nico Golde <nion@debian.org>, 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Tue, 13 Jan 2009 15:55:27 +0100

hi,

I don't see this distinction between "upstream" and "mantainer" so
rigid, it would be rather a distinction between "people who know the
code very well" and "people who know the code half well but try to
contribute nonetheless". I for example fall in this second category
regarding freevo, I have submitted many patches and snippets of code,
most are now part of upstream.

On Thu, Dec 25, 2008 at 02:18:42PM +0100, Diego Biurrun wrote:
> The openssl fiasco was just a very visible and catastrophic example.

But let's not forget that most of the time the upstream code is flawed
by itself, with not help from the mantainer:

http://www.ocert.org/advisories/ocert-2008-016.html

a.

Message #151 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <debdev@tonelli.sns.it>

To: Nico Golde <nion@debian.org>

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Tue, 13 Jan 2009 15:56:36 +0100

On Mon, Jan 12, 2009 at 05:22:47PM +0100, Nico Golde wrote:
> Hi,
> * A Mennucc <debdev@tonelli.sns.it> [2008-12-23 22:08]:
> > On Tue, Dec 23, 2008 at 09:21:44PM +0100, Nico Golde wrote:
> [...] 
> > > Since the aac vulnerability is fixed by building against the 
> > > system-wide faad copy, Andrea is there any issue in this bug 
> > > report missing then which is not fixed?
> > 
> > lol-mplayer.ogg, that is fixed in SVN
> 
> Can you incorporate this fix into the debian package so we 
> can get this fixed for lenny?

I cannot tell how it was fixed. I can only tell that, SVN MPlayer
does not crash.

a.

Message #156 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Diego Biurrun <diego@biurrun.de>

To: mennucc1@debian.org, 407010@bugs.debian.org

Cc: Nico Golde <nion@debian.org>

Subject: Re: Bug#407010: lol-mplayer.mpg

Date: Tue, 13 Jan 2009 17:26:38 +0100

On Tue, Jan 13, 2009 at 03:55:27PM +0100, A Mennucc wrote:
> 
> I don't see this distinction between "upstream" and "mantainer" so
> rigid, it would be rather a distinction between "people who know the
> code very well" and "people who know the code half well but try to
> contribute nonetheless". I for example fall in this second category
> regarding freevo, I have submitted many patches and snippets of code,
> most are now part of upstream.

Maybe we can start talking about your MPlayer package again then.  We as
upstream have multiple issues we want to talk about and see rectified...

> On Thu, Dec 25, 2008 at 02:18:42PM +0100, Diego Biurrun wrote:
> > The openssl fiasco was just a very visible and catastrophic example.
> 
> But let's not forget that most of the time the upstream code is flawed
> by itself, with not help from the mantainer:
> 
> http://www.ocert.org/advisories/ocert-2008-016.html

Well, if "people who know the code very well" make these fatal mistakes,
it's all the more reason for "people who know the code half well but try
to contribute nonetheless" to be doubly careful, don't you think?

Diego

Message #161 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: A Mennucc <mennucc1@debian.org>

Cc: Diego Biurrun <diego@biurrun.de>, 407010@bugs.debian.org, "Sam Hocevar \(Debian packages\)" <sam+deb@zoy.org>

Subject: Re: lol-mplayer.mpg

Date: Wed, 11 Mar 2009 23:12:47 +0100

A Mennucc <mennucc1@debian.org> writes:

> the file
> http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-mplayer.mpg?format=raw
> crashes both my packaged version 1.0~rc2-15
> and SVN 27184
>
> according to the backtrace, the crash is in libavcodec
>
> see in
> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212
> for more details

I've just retried all posted samples in this bug, and this sample is the
only one that keeps on crashing with mplayer svn from 20090303

That is btw the svn snapshot I intend to upload to debian RSN.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #166 received at 407010@bugs.debian.org (full text, mbox, reply):

From: A Mennucc <debdev@tonelli.sns.it>

To: Reinhard Tartler <siretart@tauware.de>

Cc: A Mennucc <mennucc1@debian.org>, Diego Biurrun <diego@biurrun.de>, 407010@bugs.debian.org, "Sam Hocevar (Debian packages)" <sam+deb@zoy.org>

Subject: Re: lol-mplayer.mpg

Date: Wed, 18 Mar 2009 00:21:16 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Reinhard Tartler ha scritto:
> A Mennucc <mennucc1@debian.org> writes:
> 
>> the file
>> http://libcaca.zoy.org/attachment/wiki/zzuf/bugs/lol-mplayer.mpg?format=raw
>> crashes both my packaged version 1.0~rc2-15
>> and SVN 27184
>>
>> according to the backtrace, the crash is in libavcodec
>>
>> see in
>> http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1212
>> for more details

hi,

just for the record, this file crashes also 'ffplay', but in a call to SDL

a.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAknAMGwACgkQ9B/tjjP8QKSXswCfbp+ziisYgX1OD90wAefVSreI
d5QAn1sBHOK0iDKF/lzAzC+KitXiOybG
=YjlF
-----END PGP SIGNATURE-----

Message #171 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 407010@bugs.debian.org

Subject: re: Bug#407010: mplayer: multiple segmentation faults

Date: Tue, 6 Apr 2010 00:33:12 -0400

fyi, i've just tested upstream mplayer svn 20100405. it does not crash
with lol-mplayer.mpg.  on the other hand, the currently packaged
version, svn 20090405, still crashes.  does it make sense to upgrade to
a newer upstream version? thanks.

mike

Message #176 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Tue, 6 Apr 2010 01:45:18 -0400

On Tue, 06 Apr 2010 07:32:36 +0200 Reinhard Tartler wrote:

> On Tue, Apr 06, 2010 at 06:33:12 (CEST), Michael Gilbert wrote:
> 
> > fyi, i've just tested upstream mplayer svn 20100405. it does not crash
> > with lol-mplayer.mpg.  on the other hand, the currently packaged
> > version, svn 20090405, still crashes.  does it make sense to upgrade to
> > a newer upstream version? thanks.
> 
> The newer mplayer won't work with our system ffmpeg, so we would need to
> compile in ffmpeg statically? Would this be acceptable for the security
> team? I suppose not.

not likely.  is it because mplayer uses an old/incompatible ffmpeg?
could you convince them to keep in sync?

> Moreover, ftp-master blocks any work on mplayer. If you could talk to
> someone to get mplayer out of (binary) NEW, that would allow me to work
> again on the package.

i had no idea.  what do they disapprove about the package?  i suppose i
could send a message indicating that some action really needs to be
taken since this issue does have security relevance.

mike

Message #181 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Michael Gilbert <michael.s.gilbert@gmail.com>

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Tue, 06 Apr 2010 07:32:36 +0200

On Tue, Apr 06, 2010 at 06:33:12 (CEST), Michael Gilbert wrote:

> fyi, i've just tested upstream mplayer svn 20100405. it does not crash
> with lol-mplayer.mpg.  on the other hand, the currently packaged
> version, svn 20090405, still crashes.  does it make sense to upgrade to
> a newer upstream version? thanks.

The newer mplayer won't work with our system ffmpeg, so we would need to
compile in ffmpeg statically? Would this be acceptable for the security
team? I suppose not.

Moreover, ftp-master blocks any work on mplayer. If you could talk to
someone to get mplayer out of (binary) NEW, that would allow me to work
again on the package.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #186 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Reinhard Tartler <siretart@tauware.de>

To: Michael Gilbert <michael.s.gilbert@gmail.com>

Cc: 407010@bugs.debian.org

Subject: Re: Bug#407010: mplayer: multiple segmentation faults

Date: Tue, 06 Apr 2010 09:03:02 +0200

On Di, Apr 06, 2010 at 07:45:18 (CEST), Michael Gilbert wrote:

> On Tue, 06 Apr 2010 07:32:36 +0200 Reinhard Tartler wrote:
>
>> On Tue, Apr 06, 2010 at 06:33:12 (CEST), Michael Gilbert wrote:
>> 
>> > fyi, i've just tested upstream mplayer svn 20100405. it does not crash
>> > with lol-mplayer.mpg.  on the other hand, the currently packaged
>> > version, svn 20090405, still crashes.  does it make sense to upgrade to
>> > a newer upstream version? thanks.
>> 
>> The newer mplayer won't work with our system ffmpeg, so we would need to
>> compile in ffmpeg statically? Would this be acceptable for the security
>> team? I suppose not.
>
> not likely.  is it because mplayer uses an old/incompatible ffmpeg?
> could you convince them to keep in sync?

mplayer includes various FFmpeg components via svn:externals, so FFmpeg
is always kept in sync by definition. Splitting FFmpeg apart is not
easy, as various parts of mplayer use internals of FFmpeg. This whole
dynamic linking only works at all because I personally make sure that
mplayer's copy of FFmpeg is kept in sync with debian's system FFmpeg.

>> Moreover, ftp-master blocks any work on mplayer. If you could talk to
>> someone to get mplayer out of (binary) NEW, that would allow me to work
>> again on the package.
>
> i had no idea.  what do they disapprove about the package?  i suppose i
> could send a message indicating that some action really needs to be
> taken since this issue does have security relevance.

I'd appreciate that. And feel free to copy leader@

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Message #191 received at 407010@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: ftpmaster@debian.org

Cc: leader@debian.org, 407010@bugs.debian.org

Subject: mplayer security

Date: Tue, 6 Apr 2010 19:16:44 -0400

hi, 

the latest upstream version (svn20100405) of mplayer fixes a
long-standing open security issue [0]. if this version were to be
packaged and uploaded, would it have a chance of getting through the
ftp-master new queue in a reasonable time frame? the current version
has already been delayed 10 months now [1]. is there a list of
specific problems in that version that need to be addressed? thanks!

mike

[0] http://bugs.debian.org/407010
[1] http://ftp-master.debian.org/new.html

Message #196 received at 407010-done@bugs.debian.org (full text, mbox, reply):

From: Michael Gilbert <michael.s.gilbert@gmail.com>

To: 407010-done@bugs.debian.org

Subject: fixed

Date: Tue, 11 May 2010 18:31:36 -0400

version: 1.0~rc3+svn20100502-1

Send a report that this bug log contains spam.