Debian Bug report logs -
#716525
[Mayhem] Bug report on oggvideotools: oggThumb crashes with exit status 139
Reported by: Alexandre Rebert <alexandre@cmu.edu>
Date: Wed, 10 Jul 2013 20:23:37 UTC
Severity: normal
Found in version oggvideotools/0.8a-1
Fixed in version oggvideotools/0.8a-3
Done: Petter Reinholdtsen <pere@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>:
Bug#716525; Package oggvideotools.
(Wed, 10 Jul 2013 20:23:41 GMT) (full text, mbox, link).
Acknowledgement sent
to Alexandre Rebert <alexandre@cmu.edu>:
New Bug report received and forwarded. Copy sent to Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>.
(Wed, 10 Jul 2013 20:23:41 GMT) (full text, mbox, link).
Message #5 received at maintonly@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: oggvideotools
Version: 0.8a-1+b1
Severity: normal
User: mayhem@forallsecure.com
Usertags: mayhem
oggThumb crashes with exit status 139. We confirmed the crash by
re-running it in a fresh debian unstable installation.
The attachment [1] contains a testcase (under ./crash) crashing the
program. It ensures that you can easily reproduce the bug. Additionally,
under ./crash_info/, we include more information about the crash such as
a core dump, the dmesg generated by the crash, and its output.
Regards,
The Mayhem Team (Alexandre Rebert, Thanassis Avgerinos, Sang Kil Cha, David Brumley, Manuel Egele)
Cylab, Carnegie Mellon University
[1] http://www.forallsecure.com/bug-reports/8db6b17de0b40d69b917b0f74b3dea9035264638/full_report
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 3.9-1-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages oggvideotools depends on:
ii libc6 2.17-6
ii libgcc1 1:4.8.1-4
ii libgd3 2.1.0~rc2-2
ii libogg0 1.3.1-1
ii libstdc++6 4.8.1-4
ii libtheora0 1.1.1+dfsg.1-3.1
ii libvorbis0a 1.3.2-1.3
ii libvorbisenc2 1.3.2-1.3
oggvideotools recommends no packages.
oggvideotools suggests no packages.
-- no debconf information
[oggThumb-report.tar.bz2 (application/octet-stream, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>:
Bug#716525; Package oggvideotools.
(Wed, 22 Oct 2014 07:42:11 GMT) (full text, mbox, link).
Acknowledgement sent
to Petter Reinholdtsen <pere@hungry.com>:
Extra info received and forwarded to list. Copy sent to Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>.
(Wed, 22 Oct 2014 07:42:12 GMT) (full text, mbox, link).
Message #10 received at 716525@bugs.debian.org (full text, mbox, reply):
I'm able to reproduce this issue. Note that the stdin input is not
required for the crash. This is the output from valgrind when the
program crash:
==18469== Memcheck, a memory error detector
==18469== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==18469== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==18469== Command: /usr/bin/oggThumb --E�===A
==18469==
==18469== Conditional jump or move depends on uninitialised value(s)
==18469== at 0x4C299DE: __GI_strncmp (mc_replace_strmem.c:535)
==18469== by 0x662A915: _getopt_internal_r (getopt.c:542)
==18469== by 0x662B74A: _getopt_internal (getopt.c:1131)
==18469== by 0x662B832: getopt_long (getopt1.c:66)
==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469==
==18469== Invalid read of size 1
==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535)
==18469== by 0x662A915: _getopt_internal_r (getopt.c:542)
==18469== by 0x662B74A: _getopt_internal (getopt.c:1131)
==18469== by 0x662B832: getopt_long (getopt1.c:66)
==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469== Address 0x83f1330 is 0 bytes after a block of size 512 alloc'd
==18469== at 0x4C286E7: operator new(unsigned long) (vg_replace_malloc.c:287)
==18469== by 0x42F22B: __gnu_cxx::new_allocator<double>::allocate(unsigned long, void const*) (in /usr/bin/oggThumb)
==18469== by 0x42D298: std::_Deque_base<double, std::allocator<double> >::_M_allocate_node() (in /usr/bin/oggThumb)
==18469== by 0x42F5FE: std::_Deque_base<double, std::allocator<double> >::_M_create_nodes(double**, double**) (in /usr/bin/oggThumb)
==18469== by 0x42DB29: std::_Deque_base<double, std::allocator<double> >::_M_initialize_map(unsigned long) (in /usr/bin/oggThumb)
==18469== by 0x42B199: std::_Deque_base<double, std::allocator<double> >::_Deque_base() (in /usr/bin/oggThumb)
==18469== by 0x429A49: std::deque<double, std::allocator<double> >::deque() (in /usr/bin/oggThumb)
==18469== by 0x427842: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469==
==18469== Conditional jump or move depends on uninitialised value(s)
==18469== at 0x662A902: _getopt_internal_r (getopt.c:541)
==18469== by 0x662B74A: _getopt_internal (getopt.c:1131)
==18469== by 0x662B832: getopt_long (getopt1.c:66)
==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469==
==18469== Use of uninitialised value of size 8
==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535)
==18469== by 0x662A915: _getopt_internal_r (getopt.c:542)
==18469== by 0x662B74A: _getopt_internal (getopt.c:1131)
==18469== by 0x662B832: getopt_long (getopt1.c:66)
==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469==
==18469==
==18469== Process terminating with default action of signal 11 (SIGSEGV)
==18469== Access not within mapped region at address 0x700000467
==18469== at 0x4C299D9: __GI_strncmp (mc_replace_strmem.c:535)
==18469== by 0x662A915: _getopt_internal_r (getopt.c:542)
==18469== by 0x662B74A: _getopt_internal (getopt.c:1131)
==18469== by 0x662B832: getopt_long (getopt1.c:66)
==18469== by 0x427FD9: oggThumbCmd(int, char**) (in /usr/bin/oggThumb)
==18469== by 0x429160: main (in /usr/bin/oggThumb)
==18469== If you believe this happened as a result of a stack
==18469== overflow in your program's main thread (unlikely but
==18469== possible), you can try to increase the size of the
==18469== main thread stack using the --main-stacksize= flag.
==18469== The main thread stack size used in this run was 8388608.
==18469==
==18469== HEAP SUMMARY:
==18469== in use at exit: 1,261 bytes in 7 blocks
==18469== total heap usage: 7 allocs, 0 frees, 1,261 bytes allocated
==18469==
==18469== LEAK SUMMARY:
==18469== definitely lost: 0 bytes in 0 blocks
==18469== indirectly lost: 0 bytes in 0 blocks
==18469== possibly lost: 109 bytes in 3 blocks
==18469== still reachable: 1,152 bytes in 4 blocks
==18469== suppressed: 0 bytes in 0 blocks
==18469== Rerun with --leak-check=full to see details of leaked memory
==18469==
==18469== For counts of detected and suppressed errors, rerun with: -v
==18469== Use --track-origins=yes to see where uninitialised values come from
==18469== ERROR SUMMARY: 8 errors from 4 contexts (suppressed: 4 from 4)
./crash.sh: line 16: 18469 Segmentation fault env -i MALLOC_CHECK_=0 $GDB valgrind /usr/bin/oggThumb "`cat $DIR/argv_1.symb`"
Not quite sure how to fix it.
--
Happy hacking
Petter Reinholdtsen
Reply sent
to Petter Reinholdtsen <pere@debian.org>:
You have taken responsibility.
(Wed, 22 Oct 2014 19:06:23 GMT) (full text, mbox, link).
Notification sent
to Alexandre Rebert <alexandre@cmu.edu>:
Bug acknowledged by developer.
(Wed, 22 Oct 2014 19:06:23 GMT) (full text, mbox, link).
Message #15 received at 716525-close@bugs.debian.org (full text, mbox, reply):
Source: oggvideotools
Source-Version: 0.8a-3
We believe that the bug you reported is fixed in the latest version of
oggvideotools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 716525@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated oggvideotools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Oct 2014 20:52:55 +0200
Source: oggvideotools
Binary: oggvideotools oggvideotools-dbg
Architecture: source amd64
Version: 0.8a-3
Distribution: unstable
Urgency: low
Maintainer: Debian Xiph.org Maintainers <pkg-xiph-maint@lists.alioth.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Description:
oggvideotools - A toolbox for manipulating and creating Ogg video files
oggvideotools-dbg - A toolbox for manipulating and creating Ogg video files (debug sy
Closes: 716525
Changes:
oggvideotools (0.8a-3) unstable; urgency=low
.
* Switch from debhelper 7 to 9. No code changes needed.
* Added manual-typos.patch to fix a handful typos in the manual
pages, discovered by lintian.
* Added oggThumb-zero-getopt-long.patch to fix crash when given
unknown command line arguments (Closes: #716525). Thanks to
Alexandre Rebert and the Mayhem project for discovering this.
Checksums-Sha1:
be0c08bc45912653900cfd6db5f13d05a58c6e25 1515 oggvideotools_0.8a-3.dsc
4fa540b042524df6d458380efe440a823487d13b 6544 oggvideotools_0.8a-3.debian.tar.xz
cd436e3a5934236c9fa915058a89c9e6be423ecb 474054 oggvideotools_0.8a-3_amd64.deb
14f08092395cb476328728e8bbfa18822849b433 136762 oggvideotools-dbg_0.8a-3_amd64.deb
Checksums-Sha256:
578853686c61792ad32e9e5a2b4f40fd8ebfb09a73de8ab89dd14d95e0513f31 1515 oggvideotools_0.8a-3.dsc
b55c2d1a9005f09a533f2a00d36e828e8f85f9151fdbc87e39b920c251b29935 6544 oggvideotools_0.8a-3.debian.tar.xz
46dda55efad937a7ee25114ec26d9d700a7841d6dc0d2591fe9f91ce43a21bf9 474054 oggvideotools_0.8a-3_amd64.deb
87c8103c96c5495f6aa09919bee9d9984d9c8fedcbdf14f07f8590eed37b6438 136762 oggvideotools-dbg_0.8a-3_amd64.deb
Files:
4ec8de25759330da29af480e4f6af54c 1515 video optional oggvideotools_0.8a-3.dsc
58747ad808396cdce6013834b6b309a5 6544 video optional oggvideotools_0.8a-3.debian.tar.xz
07e8b50b663e0a0ee3a7046f7c8d441c 474054 video optional oggvideotools_0.8a-3_amd64.deb
bde82ee7245212646772acf1aa09beed 136762 debug extra oggvideotools-dbg_0.8a-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFUR/7N20zMSyow1ykRAm6nAKDZg+dASaWVDYxH1zv+OCKBsB8oOQCZAQ4w
6OZPVVn9g291+lOWCPFHS3Q=
=5LLD
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 20 Nov 2014 07:28:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sun Jul 2 00:16:36 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.