Use flags: (a52) (aac) (alsa) (amr) (-debug) (ffmpeg) (ipv6) (-jack) (-javascript) (jpeg) (jpeg2k) (mad) (ogg) (opengl) (-oss) (png) (pulseaudio) (sdl) (ssl) (theora) (truetype) (vorbis) (-wxwindows) (xml) (xvid) ogmrip shows a buffer overflow: ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x32)[0x7f2f6ae453a2] /lib/libc.so.6[0x7f2f6ae43370] /usr/lib/libgpac.so(chpl_New+0x27)[0x7f2f6b81f187] /usr/lib/libgpac.so(gf_isom_add_chapter+0x188)[0x7f2f6b843131] /usr/lib/libgpac.so(gf_media_import_chapters+0x884)[0x7f2f6b8882e2] MP4Box[0x40ab43] /lib/libc.so.6(__libc_start_main+0xf4)[0x7f2f6ad895e4] MP4Box[0x4072c9] ======= Memory map: ======== 00400000-00429000 r-xp 00000000 08:02 407477204 /usr/bin/MP4Box 00628000-00629000 r--p 00028000 08:02 407477204 /usr/bin/MP4Box 00629000-0062a000 rw-p 00029000 08:02 407477204 /usr/bin/MP4Box 016b7000-021ef000 rw-p 016b7000 00:00 0 [heap] 40cd3000-40cd5000 rwxp 00000000 00:0c 2999 /dev/zero 7f2f6678e000-7f2f6678f000 rw-p 7f2f6678e000 00:00 0 7f2f6678f000-7f2f66a3c000 rw-p 7f2f67043000 00:00 0 7f2f67315000-7f2f6731a000 r-xp 00000000 08:02 342 /usr/lib64/libXdmcp.so.6.0.0 7f2f6731a000-7f2f67519000 ---p 00005000 08:02 342 /usr/lib64/libXdmcp.so.6.0.0 7f2f67519000-7f2f6751a000 r--p 00004000 08:02 342 /usr/lib64/libXdmcp.so.6.0.0 7f2f6751a000-7f2f6751b000 rw-p 00005000 08:02 342 /usr/lib64/libXdmcp.so.6.0.0 7f2f6751b000-7f2f67530000 r-xp 00000000 08:02 275724979 /lib64/libgcc_s.so.1 7f2f67530000-7f2f6772f000 ---p 00015000 08:02 275724979 /lib64/libgcc_s.so.1 7f2f6772f000-7f2f67730000 r--p 00014000 08:02 275724979 /lib64/libgcc_s.so.1 7f2f67730000-7f2f67731000 rw-p 00015000 08:02 275724979 /lib64/libgcc_s.so.1 7f2f67731000-7f2f67818000 r-xp 00000000 08:02 275724933 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.3/libstdc++.so.6.0.10 7f2f67818000-7f2f67a18000 ---p 000e7000 08:02 275724933 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.3/libstdc++.so.6.0.10 7f2f67a18000-7f2f67a1f000 r--p 000e7000 08:02 275724933 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.3/libstdc++.so.6.0.10 7f2f67a1f000-7f2f67a21000 rw-p 000ee000 08:02 275724933 /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.3/libstdc++.so.6.0.10 7f2f67a21000-7f2f67a34000 rw-p 7f2f67a21000 00:00 0 7f2f67a34000-7f2f67a4f000 r-xp 00000000 08:02 276040 /usr/lib64/libxcb.so.1.0.0 7f2f67a4f000-7f2f67c4e000 ---p 0001b000 08:02 276040 /usr/lib64/libxcb.so.1.0.0 7f2f67c4e000-7f2f67c4f000 r--p 0001a000 08:02 276040 /usr/lib64/libxcb.so.1.0.0 7f2f67c4f000-7f2f67c50000 rw-p 0001b000 08:02 276040 /usr/lib64/libxcb.so.1.0.0 7f2f67c50000-7f2f67c51000 r-xp 00000000 08:02 276044 /usr/lib64/libxcb-xlib.so.0.0.0 7f2f67c51000-7f2f67e50000 ---p 00001000 08:02 276044 /usr/lib64/libxcb-xlib.so.0.0.0 7f2f67e50000-7f2f67e51000 r--p 00000000 08:02 276044 /usr/lib64/libxcb-xlib.so.0.0.0 7f2f67e51000-7f2f67e52000 rw-p 00001000 08:02 276044 /usr/lib64/libxcb-xlib.so.0.0.0 7f2f67e52000-7f2f67e54000 r-xp 00000000 08:02 134218122 /usr/lib64/libXau.so.6.0.0 7f2f67e54000-7f2f68053000 ---p 00002000 08:02 134218122 /usr/lib64/libXau.so.6.0.0 7f2f68053000-7f2f68054000 r--p 00001000 08:02 134218122 /usr/lib64/libXau.so.6.0.0 7f2f68054000-7f2f68055000 rw-p 00002000 08:02 134218122 /usr/lib64/libXau.so.6.0.0 7f2f68055000-7f2f6805a000 r-xp 00000000 08:02 402731116 /usr/lib64/libXxf86vm.so.1.0.0 7f2f6805a000-7f2f68259000 ---p 00005000 08:02 402731116 /usr/lib64/libXxf86vm.so.1.0.0 7f2f68259000-7f2f6825a000 r--p 00004000 08:02 402731116 /usr/lib64/libXxf86vm.so.1.0.0 7f2f6825a000-7f2f6825b000 rw-p 00005000 08:02 402731116 /usr/lib64/libXxf86vm.so.1.0.0 7f2f6825b000-7f2f682c4000 r-xp 00000000 08:02 408276991 /usr/lib64/libGLU.so.1.3.070300 7f2f682c4000-7f2f684c3000 ---p 00069000 08:02 408276991 /usr/lib64/libGLU.so.1.3.070300 7f2f684c3000-7f2f684c5000 r--p 00068000 08:02 408276991 /usr/lib64/libGLU.so.1.3.070300 7f2f684c5000-7f2f684c6000 rw-p 0006a000 08:02 408276991 /usr/lib64/libGLU.so.1.3.070300 7f2f684c6000-7f2f685bf000 r-xp 00000000 08:02 848761 /usr/lib64/libX11.so.6.2.0 7f2f685bf000-7f2f687bf000 ---p 000f9000 08:02 848761 /usr/lib64/libX11.so.6.2.0 7f2f687bf000-7f2f687c0000 r--p 000f9000 08:02 848761 /usr/lib64/libX11.so.6.2.0 7f2f687c0000-7f2f687c5000 rw-p 000fa000 08:02 848761 /usr/lib64/libX11.so.6.2.0 7f2f687c5000-7f2f687d5000 r-xp 00000000 08:02 278 /usr/lib64/libXext.so.6.4.0 7f2f687d5000-7f2f689d4000 ---p 00010000 08:02 278 /usr/lib64/libXext.so.6.4.0 7f2f689d4000-7f2f689d5000 r--p 0000f000 08:02 278 /usr/lib64/libXext.so.6.4.0 7f2f689d5000-7f2f689d6000 rw-p 00010000 08:02 278 /usr/lib64/libXext.so.6.4.0 7f2f689d6000-7f2f69776000 r-xp 00000000 08:02 53385095 /usr/lib64/opengl/nvidia/lib/libGLcore.so.180.29 7f2f69776000-7f2f69875000 ---p 00da0000 08:02 53385095 /usr/lib64/opengl/nvidia/lib/libGLcore.so.180.29 7f2f69875000-7f2f69cac000 rwxp 00d9f000 08:02 53385095 /usr/lib64/opengl/nvidia/lib/libGLcore.so.180.29 7f2f69cac000-7f2f69cbe000 rwxp 7f2f69cac000 00:00 0 7f2f69cbe000-7f2f69cc0000 r-xp 00000000 08:02 293632292 /lib64/libdl-2.9.so 7f2f69cc0000-7f2f69ec0000 ---p 00002000 08:02 293632292 /lib64/libdl-2.9.so 7f2f69ec0000-7f2f69ec1000 r--p 00002000 08:02 293632292 /lib64/libdl-2.9.so 7f2f69ec1000-7f2f69ec2000 rw-p 00003000 08:02 293632292 /lib64/libdl-2.9.so 7f2f69ec2000-7f2f69ed8000 r-xp 00000000 08:02 293632301 /lib64/libpthread-2.9.so 7f2f69ed8000-7f2f6a0d7000 ---p 00016000 08:02 293632301 /lib64/libpthread-2.9.so 7f2f6a0d7000-7f2f6a0d8000 r--p 00015000 08:02 293632301 /lib64/libpthread-2.9.so 7f2f6a0d8000-7f2f6a0d9000 rw-p 00016000 08:02 293632301 /lib64/libpthread-2.9.so 7f2f6a0d9000-7f2f6a0dd000 rw-p 7f2f6a0d9000 00:00 0 7f2f6a0dd000-7f2f6a100000 r-xp 00000000 08:02 269015984 /usr/lib64/libpng12.so.0.34.0 7f2f6a100000-7f2f6a2ff000 ---p 00023000 08:02 269015984 /usr/lib64/libpng12.so.0.34.0 7f2f6a2ff000-7f2f6a300000 r--p 00022000 08:02 269015984 /usr/lib64/libpng12.so.0.34.0 7f2f6a300000-7f2f6a301000 rw-p 00023000 08:02 269015984 /usr/lib64/libpng12.so.0.34.0 7f2f6a301000-7f2f6a322000 r-xp 00000000 08:02 402798342 /usr/lib64/libjpeg.so.62.0.0 7f2f6a322000-7f2f6a521000 ---p 00021000 08:02 402798342 /usr/lib64/libjpeg.so.62.0.0 7f2f6a521000-7f2f6a522000 r--p 00020000 08:02 402798342 /usr/lib64/libjpeg.so.62.0.0 7f2f6a522000-7f2f6a523000 rw-p 00021000 08:02 402798342 /usr/lib64/libjpeg.so.62.0.0 7f2f6a523000-7f2f6a673000 r-xp 00000000 08:02 8182521 /usr/lib64/libcrypto.so.0.9.8 7f2f6a673000-7f2f6a873000 ---p 00150000 08:02 8182521 /usr/lib64/libcrypto.so.0.9.8 7f2f6a873000-7f2f6a881000 r--p 00150000 08:02 8182521 /usr/lib64/libcrypto.so.0.9.8 7f2f6a881000-7f2f6a899000 rw-p 0015e000 08:02 8182521 /usr/lib64/libcrypto.so.0.9.8 7f2f6a899000-7f2f6a89d000 rw-p 7f2f6a899000 00:00 0 7f2f6a89d000-7f2f6a8e3000 r-xp 00000000 08:02 8182524 /usr/lib64/libssl.so.0.9.8 7f2f6a8e3000-7f2f6aae2000 ---p 00046000 08:02 8182524 /usr/lib64/libssl.so.0.9.8 7f2f6aae2000-7f2f6aae4000 r--p 00045000 08:02 8182524 /usr/lib64/libssl.so.0.9.8 7f2f6aae4000-7f2f6aaea000 rw-p 00047000 08:02 8182524 /usr/lib64/libssl.so.0.9.8 7f2f6aaea000-7f2f6ab6a000 r-xp 00000000 08:02 293632288 /lib64/libm-2.9.so 7f2f6ab6a000-7f2f6ad69000 ---p 00080000 08:02 293632288 /lib64/libm-2.9.so 7f2f6ad69000-7f2f6ad6a000 r--p 0007f000 08:02 293632288 /lib64/libm-2.9.so 7f2f6ad6a000-7f2f6ad6b000 rw-p 00080000 08:02 293632288 /lib64/libm-2.9.so 7f2f6ad6b000-7f2f6aeaa000 r-xp 00000000 08:02 293632321 /lib64/libc-2.9.so 7f2f6aeaa000-7f2f6b0aa000 ---p 0013f000 08:02 293632321 /lib64/libc-2.9.so 7f2f6b0aa000-7f2f6b0ae000 r--p 0013f000 08:02 293632321 /lib64/libc-2.9.so 7f2f6b0ae000-7f2f6b0af000 rw-p 00143000 08:02 293632321 /lib64/libc-2.9.so 7f2f6b0af000-7f2f6b0b4000 rw-p 7f2f6b0af000 00:00 0 7f2f6b0b4000-7f2f6b0f0000 r-xp 00000000 08:02 269017383 /usr/lib64/libglut.so.3.8.0 7f2f6b0f0000-7f2f6b2f0000 ---p 0003c000 08:02 269017383 /usr/lib64/libglut.so.3.8.0 7f2f6b2f0000-7f2f6b2f3000 r--p 0003c000 08:02 269017383 /usr/lib64/libglut.so.3.8.0 7f2f6b2f3000-7f2f6b2f8000 rw-p 0003f000 08:02 269017383 /usr/lib64/libglut.so.3.8.0 7f2f6b2f8000-7f2f6b2f9000 rw-p 7f2f6b2f8000 00:00 0 7f2f6b2f9000-7f2f6b39d000 r-xp 00000000 08:02 53385091 /usr/lib64/opengl/nvidia/lib/libGL.so.180.29 7f2f6b39d000-7f2f6b49d000 ---p 000a4000 08:02 53385091 /usr/lib64/opengl/nvidia/lib/libGL.so.180.29 7f2f6b49d000-7f2f6b4d5000 rwxp 000a4000 08:02 53385091 /usr/lib64/opengl/nvidia/lib/libGL.so.180.29 7f2f6b4d5000-7f2f6b4eb000 rwxp 7f2f6b4d5000 00:00 0 7f2f6b4eb000-7f2f6b4ff000 r-xp 00000000 08:02 134654061 /lib64/libz.so.1.2.3 7f2f6b4ff000-7f2f6b6fe000 ---p 00014000 08:02 134654061 /lib64/libz.so.1.2.3 7f2f6b6fe000-7f2f6b6ff000 r--p 00013000 08:02 134654061 /lib64/libz.so.1.2.3 7f2f6b6ff000-7f2f6b700000 rw-p 00014000 08:02 134654061 /lib64/libz.so.1.2.3 7f2f6b700000-7f2f6b9eb000 r-xp 00000000 08:02 9155704 /usr/lib64/libgpac-0.4.5.so 7f2f6b9eb000-7f2f6bbea000 ---p 002eb000 08:02 9155704 /usr/lib64/libgpac-0.4.5.so 7f2f6bbea000-7f2f6bbef000 r--p 002ea000 08:02 9155704 /usr/lib64/libgpac-0.4.5.so 7f2f6bbef000-7f2f6bbf8000 rw-p 002ef000 08:02 9155704 /usr/lib64/libgpac-0.4.5.so 7f2f6bbf8000-7f2f6bbfb000 rw-p 7f2f6bbf8000 00:00 0 7f2f6bbfb000-7f2f6bc17000 r-xp 00000000 08:02 293632322 /lib64/ld-2.9.so 7f2f6bcd9000-7f2f6bce0000 rw-p 7f2f6bcd9000 00:00 0 7f2f6bce0000-7f2f6bce1000 r-xp 00000000 08:02 272932233 /usr/lib64/opengl/nvidia/tls/libnvidia-tls.so.180.29 7f2f6bce1000-7f2f6bde1000 ---p 00001000 08:02 272932233 /usr/lib64/opengl/nvidia/tls/libnvidia-tls.so.180.29 7f2f6bde1000-7f2f6bde2000 rw-p 00001000 08:02 272932233 /usr/lib64/opengl/nvidia/tls/libnvidia-tls.so.180.29 7f2f6bde2000-7f2f6bde6000 rw-p 7f2f6bde2000 00:00 0 7f2f6bde7000-7f2f6bde8000 rw-p 7f2f6bde7000 00:00 0 7f2f6bde9000-7f2f6be16000 rw-p 7f2f6bde9000 00:00 0 7f2f6be16000-7f2f6be17000 r--p 0001b000 08:02 293632322 /lib64/ld-2.9.so 7f2f6be17000-7f2f6be18000 rw-p 0001c000 08:02 293632322 /lib64/ld-2.9.so 7fff73deb000-7fff73e18000 rwxp 7ffffffd2000 00:00 0 [stack] 7fff73fff000-7fff74000000 r-xp 7fff73fff000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Created attachment 182355 [details] paludis --info
Thanks for the report. Do you have a test case to help developers reproduce this bug?
Comment on attachment 182355 [details] paludis --info paludis --info isn't like emerge --info
I don't have a testcase, though this is totally reproducable here. Here's a probably better bittrace. #0 0x00007fbc6945f1e5 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007fbc69460703 in *__GI_abort () at abort.c:88 #2 0x00007fbc6949a998 in __libc_message (do_abort=2, fmt=0x7fbc6954a2a2 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:170 #3 0x00007fbc69511d97 in *__GI___fortify_fail (msg=0x7fbc6954a262 "buffer overflow detected") at fortify_fail.c:32 #4 0x00007fbc6950fb70 in *__GI___chk_fail () at chk_fail.c:29 #5 0x00007fbc69eed187 in chpl_New () at /usr/include/bits/string3.h:85 #6 0x00007fbc69f11131 in gf_isom_add_chapter (movie=<value optimized out>, trackNumber=<value optimized out>, timestamp=0, name=0x7fff724bbd80 "Chapter 02") at isomedia/isom_write.c:1660 #7 0x00007fbc69f562e2 in gf_media_import_chapters (file=0x1ac7660, chap_file=<value optimized out>, import_fps=0) at media_tools/isom_tools.c:933 #8 0x000000000040ab43 in main (argc=<value optimized out>, argv=<value optimized out>) at main.c:2679 I'll attach the created binary, the core and the profiles directory.
Created attachment 182481 [details] The corefile and the binary.
Created attachment 182483 [details] The /root/.gconf/apps/ogmrip/profiles directory.
I should mention that I run ogmrip as root as it's completely not working with non-superuser at the moment (separate issue).
(In reply to comment #7) > I should mention that I run ogmrip as root as it's completely not working with > non-superuser at the moment (separate issue). Please file a new bug report for that problem.
And please post your `emerge --info' too.
Created attachment 182556 [details] Try two info (paludis --info media-video/gpac) As stated yesterday on gentoo-dev, if I gave my emerge --info it would be much outdated. If this info information isn't acceptable please tell me what is necessary.
Created attachment 182666 [details] gpac use/error/emerge --info same problem with using gpac itself to join video/audio
(In reply to comment #4) > I don't have a testcase, though this is totally reproducable here. Here's a > probably better bittrace. please try to extract a command line that would trigger the crash with gpac tools or explain how to trigger the crash with ogmrip otherwise it's totally impossible to debug.
Buffer overflow in my case appears to be caused by a nerolinux created mp4 audio, renamed as aac format. Although it worked ok with previous versions of MP4Box. Problem solved by extracting the mp4 with mp4creator and then changing extracted file to aac.
create file /etc/portage/env/media-video/gpac and put in it these lines: CFLAGS="-O1 -D_FORTIFY_SOURCE=0" CXXFLAGS="-O1 -D_FORTIFY_SOURCE=0" this fixes mp4box for me.
(In reply to comment #14) > create file /etc/portage/env/media-video/gpac and put in it these lines: > > CFLAGS="-O1 -D_FORTIFY_SOURCE=0" > CXXFLAGS="-O1 -D_FORTIFY_SOURCE=0" > > this fixes mp4box for me. > I forgot "emerge gpac again" step :)
Created attachment 199691 [details, diff] memset with the correct size Turns out to be fairly easy to fix, with a reproducible test case. Verified with ogmrip.
I'm chasing another buffer overflow in MP4Box, not as easy as the other one.
Sorry, I was wrong. I wasn't running the code I thought I was. Just the fix above is sufficient for me.
Will this overflow patch be add to the package on the mail portage tree ? My ebuild skills are not good enough at the moment to use in my overlay.
Ebuild skills improved sufficiently to add patch to gpac in overlay. Can confirm solves buffer overflow problem with nerolinux mp4/aac, without need to extract/rename with mp4creator etc.
Also can confirm solves buffer overflow problem with nerolinux mp4/aac, without need to extract/rename with mp4creator etc. It's just 1 line patch which changing 1 word. 6 months had passed, it is not in portage tree X)
(In reply to comment #21) > Also can confirm solves buffer overflow problem with nerolinux mp4/aac, without > need to extract/rename with mp4creator etc. Thanks. +*gpac-0.4.5-r1 (19 Dec 2009) + + 19 Dec 2009; Samuli Suominen <ssuominen@gentoo.org> +gpac-0.4.5-r1.ebuild: + Fix memset to correct size wrt #259389 by Daniel Gryniewicz to avoid + segfault with MP4Box when Nero AAC/MP4 format is used. > It's just 1 line patch which changing 1 word. 6 months had passed, it is not > in portage tree X) If you want things to move faster, you just have to become a developer yourself.