Debian Bug report logs - #504200
segmentation violation when running recite

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: reportbug_recite.to.peejay@spamgourmet.com

To: submit@bugs.debian.org

Subject: segmentation violation when running recite

Date: Sat, 1 Nov 2008 12:32:16 -0400 (EDT)

Package: recite
Version: 1.0-8
Severity: grave
Tags: security
Justification: renders package unusable


When running "recite ok", me and two other fairly random lenny users
get a segmentation violation. Also a fairly random sid user reported
this problem.

("Fairly random" here means people on an irc #debian channel who responded
to a request to test it).

The bug makes the current lenny package unusable. And also lets audio
users do a buffer overflow.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-486
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages recite depends on:
ii  libc6                         2.7-15     GNU C Library: Shared libraries

recite recommends no packages.

recite suggests no packages.

-- no debconf information

Message #10 received at 504200@bugs.debian.org (full text, mbox, reply):

From: Sven Joachim <svenjoac@gmx.de>

To: 504200@bugs.debian.org

Cc: reportbug_recite.to.peejay@spamgourmet.com

Subject: Re: Bug#504200: segmentation violation when running recite

Date: Tue, 04 Nov 2008 16:40:45 +0100

On 2008-11-01 17:32 +0100, reportbug_recite.to.peejay@spamgourmet.com wrote:

> Package: recite
> Version: 1.0-8
> Severity: grave
> Tags: security
> Justification: renders package unusable
>
>
> When running "recite ok", me and two other fairly random lenny users
> get a segmentation violation. Also a fairly random sid user reported
> this problem.

And another fairly random sid user (me) can confirm this as well.
However, when I rebuilt the package to get a backtrace of the segfault,
the crash magically disappeared.

Sven

Message #15 received at 504200@bugs.debian.org (full text, mbox, reply):

From: Robert Lemmen <robertle@semistable.com>

To: 504200@bugs.debian.org

Subject: perhaps a buildd failure of sorts

Date: Tue, 4 Nov 2008 23:24:40 +0000

[Message part 1 (text/plain, inline)]

some additional, although not very halpfull, info:

i tried this on two of my machines with the following result:

on my amd64 it doesn't show up at all. on a i386 the regular package
fails, if i rebuild it (nothing changed in the package), it works and
the binary has a different size. i had a look at the strace of both, but
nothing really strange shows up...

cu  robert

-- 
Robert Lemmen                               http://www.semistable.com 

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 504200@bugs.debian.org (full text, mbox, reply):

From: "Neil Muller" <drnlmuller+bugs@gmail.com>

To: 504200@bugs.debian.org

Subject: Extra data point

Date: Wed, 5 Nov 2008 12:23:58 +0200

On i386, it doesn't segfault if using the -Write_Phonemes option or
the undocumented -Write_Klatt option, but does segfault when using
-Write_Ulaw, so the error looks to be in the conversion from the klatt
representation to ulaw.


-- 
Neil Muller

Message #25 received at 504200@bugs.debian.org (full text, mbox, reply):

From: Steve Cotton <steve0001@s.cotton.clara.co.uk>

To: Debian Bug Tracking System <504200@bugs.debian.org>

Subject: recite: stack trace points to 1950 dB sound

Date: Thu, 06 Nov 2008 15:35:46 +0000

I can replicate this with a rebuilt, debugging version of the program (and
also with the official package).

Program received signal SIGSEGV, Segmentation fault.
0x0000000000407458 in DBtoLIN (dB=1950) at klatt/parwave.c:584
584             lgtemp = amptable[dB] * .001;
(gdb) bt
#0  0x0000000000407458 in DBtoLIN (dB=1950) at klatt/parwave.c:584
#1  0x0000000000407a28 in gethost (pars=0x8d3520) at klatt/parwave.c:780
#2  0x000000000040913d in parwav (pars=0x8d3520, jwave=0x7fff51320ad0) at klatt/parwave.c:1759
#3  0x00000000004070f7 in klatt_to_ulaw (in=0x8ff0c0 "\024\005\220\001x\005\214\n�, inlen=26000, out=0x7fff51320bc0, outlen=0x7fff51320bb8) at klatt/klatt.c:241
#4  0x000000000040fb69 in main (argc=2, argv=0x7fff51320d08) at recite/main.c:442

DBtoLIN does a lower-bounds-check on the volume, but not an
upper-bounds-check.  I haven't traced where that excessive volume setting
comes from.


According to the man page, "recite ok" tries to read text from a file called
"ok".  Observed behaviour suggests that the man page is wrong.


Whether it segfaults or not depends on what it's asked to say:
steve@localhost:~/development/deb-source/recite/recite-1.0$ echo "ok" | recite
Segmentation fault
steve@localhost:~/development/deb-source/recite/recite-1.0$ echo "aa" | recite
recite: could not open "/dev/dsp": No such file or directory

(I have an ALSA-only kernel.  It doesn't work for me with the aoss wrapper
either, but that could be something misconfigured on my machine).


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26 (SMP w/2 CPU cores; PREEMPT) [custom-built]
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages recite depends on:
ii  libc6                         2.7-16     GNU C Library: Shared libraries

recite recommends no packages.

recite suggests no packages.

This gives no hints for working out why it builds differently on my machine
compared to Robert's.

-- no debconf information

Message #30 received at 504200@bugs.debian.org (full text, mbox, reply):

From: Marco Rodrigues <gothicx@sapo.pt>

To: 504200@bugs.debian.org

Subject: How about espeak ?

Date: Thu, 06 Nov 2008 20:35:08 +0000

Hi!

Maybe this package should be removed from Debian and people can use a better
one.. like espeak.

At Paul Miller's Homepage, I don't see anything about "recite", so it should be
dead upstream.

-- 
Marco Rodrigues

http://Marco.Tondela.org

Message #35 received at 504200-close@bugs.debian.org (full text, mbox, reply):

From: Barry deFreese <bdefreese@debian.org>

To: 504200-close@bugs.debian.org

Subject: Bug#504200: fixed in recite 1.0-8.1

Date: Thu, 06 Nov 2008 21:32:08 +0000

Source: recite
Source-Version: 1.0-8.1

We believe that the bug you reported is fixed in the latest version of
recite, which is due to be installed in the Debian FTP archive:

recite_1.0-8.1.diff.gz
  to pool/main/r/recite/recite_1.0-8.1.diff.gz
recite_1.0-8.1.dsc
  to pool/main/r/recite/recite_1.0-8.1.dsc
recite_1.0-8.1_i386.deb
  to pool/main/r/recite/recite_1.0-8.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 504200@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Barry deFreese <bdefreese@debian.org> (supplier of updated recite package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 06 Nov 2008 15:23:30 -0500
Source: recite
Binary: recite
Architecture: source i386
Version: 1.0-8.1
Distribution: unstable
Urgency: medium
Maintainer: Sam Hocevar (Debian packages) <sam+deb@zoy.org>
Changed-By: Barry deFreese <bdefreese@debian.org>
Description: 
 recite     - English text speech synthesizer
Closes: 504200
Changes: 
 recite (1.0-8.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
     + With permission from maintainer.
   * klatt/parwave.c: Check upper bound on DBtoLIN. (Closes: #504200).
     + Not a real solution but exits more gracefully.
     + Thanks to Emmet Hikory for the help.
   * Priority medium for RC bug fix.
   * Escape hyphens in manpage.
   * debian/copyright: Add Copyright holder.
     + Update FSF address.
   * Bump Standards Version to 3.8.0. (No changes needed).
Checksums-Sha1: 
 12c80ad5ed74bc88aba25262724013279659bd4a 943 recite_1.0-8.1.dsc
 0adc3068ed80516ed769f5eb74fc92fdc30e76e0 9106 recite_1.0-8.1.diff.gz
 b717e0a91a57c2c2f3685ff74270948bdeaecee3 49772 recite_1.0-8.1_i386.deb
Checksums-Sha256: 
 7a0b099ce511f7e4cde7933118353400e4168619fdf8b3ed354b1460c6afbcc1 943 recite_1.0-8.1.dsc
 c1c8e9d3e8d5dab9d5c72742e16447c52517abeb7fa706d1efc552af9a9f6510 9106 recite_1.0-8.1.diff.gz
 d705613fe19526b08259fe153a4c916062d87369d3f8f5097dcb420125703c59 49772 recite_1.0-8.1_i386.deb
Files: 
 9791f7b4f8e01c985d2e38947006baf0 943 sound optional recite_1.0-8.1.dsc
 9205b6ee29a59d89b3e8effca00b0401 9106 sound optional recite_1.0-8.1.diff.gz
 400fa55fcdb82387fddc9bedd1d1b7d4 49772 sound optional recite_1.0-8.1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkTYWMACgkQ5ItltUs5T37V6ACfUghuZyendVz4Qekiz8i5NXEv
ZpYAoLV+oI8JazoO4w2akT5Nw2W3sME6
=TgdZ
-----END PGP SIGNATURE-----

Message #40 received at 504200@bugs.debian.org (full text, mbox, reply):

From: reportbug_recite.to.peejay@spamgourmet.com

To: 504200@bugs.debian.org

Subject: confirmation that it is fixed

Date: Tue, 18 Nov 2008 23:36:31 -0500 (EST)

"recite ok" works for me now (actually, "recite o kay" does what I really
intended when it comes to the sound output phonemes (not a bug)).

In lenny it still needs a "modprobe snd_pcm_oss" or it complains about not
finding /dev/dsp. But that's a devfs or kernel bug, not a recite bug.

happy end user
PJ

Send a report that this bug log contains spam.