vlc crashes when I activate the equalizer and pulling the pre-amp control below -9.9 so the gui would have to show '10.0' buffer seems to be too small. Reproducible: Always Steps to Reproduce: 1. activate graphical equalizer 2. pull pre-amp below -9.9 Actual Results: buffer overflow Expected Results: muted sound ;) *** buffer overflow detected ***: vlc terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7fe794851f97] /lib/libc.so.6[0x7fe79484fd90] /lib/libc.so.6[0x7fe79484f089] /lib/libc.so.6(__printf_fp+0x112b)[0x7fe7947b7d7b] /lib/libc.so.6(_IO_vfprintf+0x1db1)[0x7fe7947b3481] /lib/libc.so.6(__vsprintf_chk+0x9d)[0x7fe79484f12d] /lib/libc.so.6(__sprintf_chk+0x80)[0x7fe79484f070] /usr/lib64/vlc/gui/libqt4_plugin.so(_ZN9Equalizer9setPreampEv+0x7f)[0x7fe79182d91f] /usr/lib64/vlc/gui/libqt4_plugin.so(_ZN9Equalizer11qt_metacallEN11QMetaObject4CallEiPPv+0xa8)[0x7fe791896a68] /usr/lib/qt4/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectiiPPv+0x55e)[0x7fe79027e98e] /usr/lib/qt4/libQtGui.so.4(_ZN15QAbstractSlider12valueChangedEi+0x2e)[0x7fe7913cf00e] /usr/lib/qt4/libQtGui.so.4(_ZN7QSlider14mouseMoveEventEP11QMouseEvent+0x12f)[0x7fe79123341f] /usr/lib/qt4/libQtGui.so.4(_ZN7QWidget5eventEP6QEvent+0x808)[0x7fe790f19828] /usr/lib/qt4/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0x1e0)[0x7fe790ed4370] /usr/lib/qt4/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x1e7)[0x7fe790edb897] /usr/lib/qt4/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x70)[0x7fe79026bfd0] /usr/lib/qt4/libQtGui.so.4[0x7fe790f33ca3] /usr/lib/qt4/libQtGui.so.4(_ZN12QApplication15x11ProcessEventEP7_XEvent+0x7fb)[0x7fe790f3296b] /usr/lib/qt4/libQtGui.so.4[0x7fe790f56ac6] /usr/lib/qt4/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE+0x30)[0x7fe79026ae00] /usr/lib/qt4/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0xa5)[0x7fe79026afe5] /usr/lib/qt4/libQtCore.so.4(_ZN16QCoreApplication4execEv+0xbf)[0x7fe79026dd7f] /usr/lib64/vlc/gui/libqt4_plugin.so[0x7fe7917e084d] /usr/lib/libvlccore.so.0[0x7fe794d05465] /usr/lib/libvlccore.so.0[0x7fe794d50f86] /lib/libpthread.so.0[0x7fe794ac9017] /lib/libc.so.6(clone+0x6d)[0x7fe79483cfdd] ======= Memory map: ======== 00400000-00402000 r-xp 00000000 fe:02 340104632 /usr/bin/vlc 00601000-00602000 r--p 00001000 fe:02 340104632 /usr/bin/vlc 00602000-00603000 rw-p 00002000 fe:02 340104632 /usr/bin/vlc 01e66000-024de000 rw-p 01e66000 00:00 0 [heap] 402f1000-402f2000 ---p 402f1000 00:00 0 402f2000-40af2000 rw-p 402f2000 00:00 0 40b2a000-40b2b000 ---p 40b2a000 00:00 0 40b2b000-4132b000 rw-p 40b2b000 00:00 0 41372000-41373000 ---p 41372000 00:00 0 41373000-41b73000 rw-p 41373000 00:00 0 41dd9000-41dda000 ---p 41dd9000 00:00 0 41dda000-425da000 rw-p 41dda000 00:00 0 425da000-425db000 ---p 425da000 00:00 0 425db000-42ddb000 rw-p 425db000 00:00 0 42ddb000-42ddc000 ---p 42ddb000 00:00 0 42ddc000-435dc000 rw-p 42ddc000 00:00 0 435dc000-435dd000 ---p 435dc000 00:00 0 435dd000-43ddd000 rw-p 435dd000 00:00 0 43ddd000-43dde000 ---p 43ddd000 00:00 0 43dde000-445de000 rw-p 43dde000 00:00 0 445de000-445df000 ---p 445de000 00:00 0 445df000-44ddf000 rw-p 445df000 00:00 0 44ddf000-44de0000 ---p 44ddf000 00:00 0 44de0000-455e0000 rw-p 44de0000 00:00 0 455e0000-455e1000 ---p 455e0000 00:00 0 455e1000-45de1000 rw-p 455e1000 00:00 0 45de1000-45de2000 ---p 45de1000 00:00 0 45de2000-465e2000 rw-p 45de2000 00:00 0 465e2000-465e3000 ---p 465e2000 00:00 0 465e3000-46de3000 rw-p 465e3000 00:00 0 46de3000-46de4000 ---p 46de3000 00:00 0 46de4000-475e4000 rw-p 46de4000 00:00 0 7fe7777d5000-7fe7777da000 r-xp 00000000 fe:02 316777318 /usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so 7fe7777da000-7fe7779da000 ---p 00005000 fe:02 316777318 /usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so 7fe7779da000-7fe7779db000 r--p 00005000 fe:02 316777318 /usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so 7fe7779db000-7fe7779dc000 rw-p 00006000 fe:02 316777318 /usr/lib64/qt4/plugins/inputmethods/libqimsw-multi.so 7fe7779dc000-7fe7779e4000 r-xp 00000000 fe:02 5595342 /usr/lib64/libavutil.so.49.6.0 7fe7779e4000-7fe777be3000 ---p 00008000 fe:02 5595342 /usr/lib64/libavutil.so.49.6.0 7fe777be3000-7fe777be4000 r--p 00007000 fe:02 5595342 /usr/lib64/libavutil.so.49.6.0 7fe777be4000-7fe777be5000 rw-p 00008000 fe:02 5595342 /usr/lib64/libavutil.so.49.6.0 7fe777be5000-7fe777be8000 rw-p 7fe777be5000 00:00 0 7fe777be8000-7fe777c61000 r-xp 00000000 fe:02 875132831 /usr/lib64/libxvidcore.so.4.1 7fe777c61000-7fe777e61000 ---p 00079000 fe:02 875132831 /usr/lib64/libxvidcore.so.4.1 7fe777e61000-7fe777e62000 r--p 00079000 fe:02 875132831 /usr/lib64/libxvidcore.so.4.1 7fe777e62000-7fe777e6c000 rw-p 0007a000 fe:02 875132831 /usr/lib64/libxvidcore.so.4.1 7fe777e6c000-7fe777ed6000 rw-p 7fe777e6c000 00:00 0 Abgebrochen
Created attachment 161759 [details, diff] patch to the buffer overflow in the qt4 ui - maybe to another too why don't they a) use snprintf when writing into fixed sized buffers? b) use format strings limiting the length correctly c) forget the - sign on negative numbers *g* note: there might be more such overflows in the code - they are using sprintf a lot. gentoo rocks ;)
another note: the equalizer is completely borken and fked up. When I change other values besides pre-amp they are ignored. no sound change. when deactivating and activating again the equalizer seems to get initialized by the default preset, regardless what preset is chosen in the ui :(
Created attachment 161777 [details, diff] another anti-overflow patch for other buffers these buffers seem to be too small, too?
Thanks for the report; this appears to be fixed in _beta3, with a good bunch of other fixes in the equalizer it seems. Please reopen if there are still some problems that I didn't see.
