Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 210865 - media-video/gpac-0.4.4: Segmentation faults on long filenames, gcc -O issue
Summary: media-video/gpac-0.4.4: Segmentation faults on long filenames, gcc -O issue
Status: RESOLVED TEST-REQUEST
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Media-video project
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-20 11:39 UTC by Sebastian
Modified: 2009-12-19 11:25 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
gpac-0.4.4-strip-O-see-bug-210865.diff (gpac-0.4.4-strip-O-see-bug-210865.diff,653 bytes, patch)
2008-06-30 20:08 UTC, Sebastian
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian 2008-02-20 11:39:31 UTC
Hi Jakub et al,

gcc's optimizations lead to weird behavior and sometimes segmentation faults in MP4Box. This only happens with long file-names. Depending on how long they are the results differ.

Example 1: MP4Box -aviraw video The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.avi

-O0: Extracting AVI video (format XVID) to The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault_video.cmp (works)

-O1: Extracting AVI mp3 audio (no segfault, but ends up extracting audio instead of video)

-O2: Same as -O1

-Os: same as -O1

Example 2: MP4Box -aviraw video The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.blalfsd\ fsdfsd.avi

-O0: Extracting AVI video (format XVID) to The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault_video.cmp (works)

-O1: Extracting AVI mp3 audio (no segfault, but ends up extracting audio instead of video)

-O2: Extracting AVI mp3 audio
Speicherzugriffsfehler=========== | (99/100) (starts extracting mp3 instead of video and segfaults)

-Os: same as -O2

All the above was done with CFLAGS="-OX -march=athlon-xp -pipe". I made a run with CFLAGS="-O2" and the outcome was the same. I also checked Gentoo's patchset but excluding it had no effect on the results.

Anyone willing to debug this? Should I take it upstream right away?

Regards
Sebastian

Reproducible: Always




Portage 2.1.4.4 (default-linux/x86/2007.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.23.16 i686)
=================================================================
System uname: 2.6.23.16 i686 AMD Sempron(tm) 2400+
Timestamp of tree: Tue, 19 Feb 2008 13:16:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     3.2_p17-r1
dev-lang/python:     2.4.4-r6
dev-python/pycrypto: 2.0.1-r6
dev-util/ccache:     2.4-r7
sys-apps/baselayout: 1.12.10-r5
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.18-r1
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.23-r3
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=athlon-xp -pipe"
DISTDIR="/home/portage/distfiles"
EMERGE_DEFAULT_OPTS="--with-bdeps y"
FEATURES="buildpkg ccache distlocks metadata-transfer sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo"
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LINGUAS="de"
MAKEOPTS="-j2"
PKGDIR="/home/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/home/portage"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage"
USE="3dnow 3dnowext X aotuv bzip2 cups fontconfig gdbm gif gnutls gs iconv jpeg kde kdeenablefinal logrotate mmx mmxext ncurses nls nptl pccts pcre perl png pop ppds python readline smtp spell sse ssl svg threads tiff truetype unicode x86 xml xorg xpm zlib" ALSA_CARDS="ice1712" ALSA_PCM_PLUGINS="route" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" LIRC_DEVICES="serial" USERLAND="GNU" VIDEO_CARDS="radeon"
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2008-02-20 11:41:51 UTC
Backtrace please...

http://www.gentoo.org/proj/en/qa/backtraces.xml
Comment 2 Sebastian 2008-02-20 13:25:10 UTC
GNU gdb 6.7.1
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) set args -aviraw video /home/sk/The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.blalfsd\ fsdfsd.avi
(gdb) run
Starting program: /usr/bin/MP4Box -aviraw video /home/sk/The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.blalfsd\ fsdfsd.avi
[Thread debugging using libthread_db enabled]
[New Thread 0xb7bd16c0 (LWP 5607)]
Extracting AVI mp3 audio
AVI Extract: |=================== | (99/100)
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7bd16c0 (LWP 5607)]
0x00000000 in ?? ()
(gdb) set logging file backtrace.log
(gdb) set logging on
Copying output to backtrace.log.
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x00000000 in ?? ()
(gdb) set logging off
Done logging to backtrace.log.
(gdb) quit
The program is running.  Exit anyway? (y or n) y

Not really meaningful. I followed the guide, set CFLAGS="-O2 -march=athlon-xp -pipe -ggdb" and FEATURES="nostrip" and emerged glibc, zlib and gpac with USE=debug. I didn't emerge world like suggested in the guide as I don't have the time for that. Would that make a difference? MP4Box and libgpac only link to zlib and glibc.
Comment 3 Diego Elio Pettenò (RETIRED) gentoo-dev 2008-02-22 12:52:49 UTC
Smells like buffer overflow to me. Security team, can anybody take a look to this?
Comment 4 Sebastian 2008-02-22 13:03:16 UTC
I recompiled world and I still got nothing.
But I found these in my syslog:
MP4Box[5729]: segfault at 00000000 eip 00000000 esp bf8c0069 error 4
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-24 13:33:44 UTC
This should go to the auditing team but since they're not very active, could someone from security try to debug this one?
Comment 6 Sebastian 2008-06-30 20:08:53 UTC
Created attachment 159005 [details, diff]
gpac-0.4.4-strip-O-see-bug-210865.diff

Hi again,

long time no see. How about adding the workaround to the ebuild. Patch strips -O*. So for no one has come up with a better idea so why not?

Kind regards
Sebastian
Comment 7 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 17:12:04 UTC
(In reply to comment #2)
> GNU gdb 6.7.1
> Copyright (C) 2007 Free Software Foundation, Inc.
> License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
> This is free software: you are free to change and redistribute it.
> There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
> and "show warranty" for details.
> This GDB was configured as "i686-pc-linux-gnu"...
> Using host libthread_db library "/lib/libthread_db.so.1".
> (gdb) set args -aviraw video
> /home/sk/The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.blalfsd\ fsdfsd.avi
> (gdb) run
> Starting program: /usr/bin/MP4Box -aviraw video
> /home/sk/The.Long.Filenames.Make.MP4Box.Crash.AKA.Segfault.blalfsd\ fsdfsd.avi
> [Thread debugging using libthread_db enabled]
> [New Thread 0xb7bd16c0 (LWP 5607)]
> Extracting AVI mp3 audio
> AVI Extract: |=================== | (99/100)
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb7bd16c0 (LWP 5607)]
> 0x00000000 in ?? ()
> (gdb) set logging file backtrace.log
> (gdb) set logging on
> Copying output to backtrace.log.
> (gdb) bt
> #0  0x00000000 in ?? ()
> #1  0x00000000 in ?? ()
> (gdb) set logging off
> Done logging to backtrace.log.
> (gdb) quit
> The program is running.  Exit anyway? (y or n) y
> 
> Not really meaningful. I followed the guide, set CFLAGS="-O2 -march=athlon-xp
> -pipe -ggdb" and FEATURES="nostrip" and emerged glibc, zlib and gpac with
> USE=debug. I didn't emerge world like suggested in the guide as I don't have
> the time for that. Would that make a difference? MP4Box and libgpac only link
> to zlib and glibc.
> 

IIRC, -O2 includes -fomit-frame-pointer, which is definitely not what you want when debugging... Maybe "-02 -fno-omit-frame-pointer" could help, not sure how gcc parses the command-line. In any case, if you haven't reported this upstream, well, you should :)
Comment 8 Sebastian 2008-07-06 19:53:31 UTC
I definitely e-mailed the author about it but he didn't reply. Now I posted to their open forum: https://sourceforge.net/forum/message.php?msg_id=5077727

-O2 doesn't set -fomit-frame-pointer on x86 (only on arches where -fomit-frame-pointer doesn't interfere with debugging).
Comment 9 Samuli Suominen (RETIRED) gentoo-dev 2009-12-19 11:24:30 UTC
Comment on attachment 159005 [details, diff]
gpac-0.4.4-strip-O-see-bug-210865.diff

This is bogus. 

Need to identify the problem first.
Comment 10 Samuli Suominen (RETIRED) gentoo-dev 2009-12-19 11:25:27 UTC
If you can still reproduce with 0.4.5-r1, reopen with proper backtrace.

http://www.gentoo.org/proj/en/qa/backtraces.xml