Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 287095 Details for
Bug 383695
Buffer overflow in media-sound/grip-3.3.1-r2
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
gdb capture of crash, including "bt full" output.
gdb.txt (text/plain), 13.03 KB, created by
Michael Mol
on 2011-09-20 00:21:28 UTC
(
hide
)
Description:
gdb capture of crash, including "bt full" output.
Filename:
MIME Type:
Creator:
Michael Mol
Created:
2011-09-20 00:21:28 UTC
Size:
13.03 KB
patch
obsolete
>The program is not being run. >Temporary breakpoint 1 at 0x409240: file cppmain.cc, line 16. >Starting program: /usr/bin/grip >[Thread debugging using libthread_db enabled] > >Temporary breakpoint 1, main (ac=1, av=0x7fffffffdf78) at cppmain.cc:16 >16 cppmain.cc: No such file or directory. > in cppmain.cc >Continuing. >[New Thread 0x7fffe6f3e700 (LWP 25709)] >[New Thread 0x7fffe600c700 (LWP 25710)] >[Thread 0x7fffe600c700 (LWP 25710) exited] >[New Thread 0x7fffe600c700 (LWP 25728)] > >Program received signal SIGABRT, Aborted. >0x00007ffff4f3c775 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 >64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory. > in ../nptl/sysdeps/unix/sysv/linux/raise.c >#0 0x00007ffff4f3c775 in raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 > pid = <value optimized out> > selftid = <value optimized out> >#1 0x00007ffff4f3daff in abort () at abort.c:92 > act = {__sigaction_handler = {sa_handler = 0x7fffffffb138, sa_sigaction = 0x7fffffffb138}, sa_mask = {__val = {140737488335136, 140737488347752, 13, 140737304026948, 3, 140737488335146, 6, > 140737304026952, 2, 140737488335134, 2, 140737304018056, 1, 140737304026948, 3, 140737488335140}}, sa_flags = 12, sa_restorer = 0x7ffff5035f48} > sigs = {__val = {32, 0 <repeats 15 times>}} >#2 0x00007ffff4f77b12 in __libc_message (do_abort=<value optimized out>, fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:186 > ap = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffba20, reg_save_area = 0x7fffffffb930}} > ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7fffffffba20, reg_save_area = 0x7fffffffb930}} > fd = 26 > on_2 = <value optimized out> > list = <value optimized out> > nlist = 1024 > cp = <value optimized out> > written = false >#3 0x00007ffff4ff22a7 in __fortify_fail (msg=0x7ffff5035f4b "buffer overflow detected") at fortify_fail.c:32 >No locals. >#4 0x00007ffff4ff0150 in __chk_fail () at chk_fail.c:29 >No locals. >#5 0x00007ffff4fef529 in _IO_str_chk_overflow (fp=0x646a, c=25706) at vsprintf_chk.c:35 >No locals. >#6 0x00007ffff4f7b931 in _IO_default_xsputn (f=0x7fffffffc130, data=<value optimized out>, n=6) at genops.c:485 > s = 0x428b9e ")" > more = 1 >#7 0x00007ffff4f4ce0a in _IO_vfprintf_internal (s=0x7fffffffc130, format=<value optimized out>, ap=0x7fffffffc260) at vfprintf.c:1623 > step0_jumps = {0, -916, -827, -738, -642, -553, -450, -258, 334, 561, 3550, 2013, 4893, -3987, 859, -1687, -1027, -940, -928, 1713, 1433, 904, 2102, 2191, 1392, -3888, 2263, 4111, -3987, -347} > space = 0 > is_short = 146 > use_outdigits = 0 > step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 561, 3550, 2013, 4893, -3987, 859, -1687, -1027, -940, -928, 1713, 1433, 904, 2102, 2191, 1392, -3888, 2263, 4111, -3987, 0} > group = -16395 > prec = <value optimized out> > step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3550, 2013, 4893, -3987, 859, -1687, -1027, -940, -928, 1713, 1433, 904, 2102, 2191, 1392, -3888, 2263, 4111, -3987, 0} > string = <value optimized out> > left = -16392 > is_long_double = 10 > width = <value optimized out> > step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3639, 0, 0, 0, 859, -1687, -1027, -940, -928, 0, 0, 0, 0, 2191, 0, 0, 0, 0, 0, 0} > alt = 0 > showsign = 0 > is_long = -16395 > is_char = 0 > pad = <value optimized out> > step3b_jumps = {0 <repeats 11 times>, 4893, 0, 0, 859, -1687, -1027, -940, -928, 1713, 1433, 904, 2102, 2191, 1392, -3888, 2263, 0, 0, 0} > step4_jumps = {0 <repeats 14 times>, 859, -1687, -1027, -940, -928, 1713, 1433, 904, 2102, 2191, 1392, -3888, 2263, 0, 0, 0} > is_negative = <value optimized out> > base = 10 > the_arg = {pa_wchar = 9527308 L'\f', pa_int = 9527308, pa_long_int = 9527308, pa_long_long_int = 9527308, pa_u_int = 9527308, pa_u_long_int = 9527308, pa_u_long_long_int = 9527308, > pa_double = 4.7071155801484749e-317, pa_long_double = 0, pa_string = 0x91600c "2", > pa_wstring = 0x91600c L"2t\x8c8a8885\x9794918f\xa19e9b9a\xaba9a6a3\xb5b3b0ad\xbfbdbbb8\xcac7c4c2\xd4d1cfcd\xdedcd9d6\xe8e6e3e0\xf2f0eeeb\xfdfaf7f5\x3a000000\x454d414c\x38392e33\xcd0172\x2e000000\x34000042\x4c0524ff\x4001004d\x812f8a00\xaf931954", pa_pointer = 0x91600c, pa_user = 0x91600c} > spec = <value optimized out> > _buffer = {__routine = 0x7fff00000001, __arg = 0x0, __canceltype = -16216, __prev = 0x0} > _avail = 0 > thousands_sep = 0x0 > grouping = 0xffffffffffffffff <Address 0xffffffffffffffff out of bounds> > done = 4 > f = <value optimized out> > lead_str_end = 0x428b9c "%d)" > work_buffer = "\000\000\000\000\000\000\000\000\240\300\377\377\377\177\000\000\000\000\000\000\000\000\000\000\240\300\377\377\377\177\000\000\210\360\323\366\377\177\000\000\350\064\375\367\377\177\000\000\340\276\377\377\377\177\000\000\377\377\377\377", '\000' <repeats 12 times>, "\005\000\000\000\000\000\000\000\b\301#", '\000' <repeats 13 times>"\340, \276\377\377\377\177\000\000&\000\000\000\000\000\000\000\000\200\323\366\377\177\000\000l\270\336\367\377\177\000\000\005", '\000' <repeats 23 times>"\210, \360\323\366\377\177\000\000\b", '\000' <repeats 15 times>, "P8x\000\000\000\000\000\201/\212\000\000\000\000\000$\000\000\000\000\000\000\000\365\030\337\367\377\177\000\000\243\212\000\000\000\000\000\000\220\367\220", '\000' <repeats 13 times>"\330, _\221\000\000\000\000\000\350\276\377\377\377\177\000\000\200\367\220\000\000\000\000\000UUUUUUUU\350\064\375\367\377\177\000\000\342\000\000\000\000\000\000\000\203n\336\367\377\177\000\000&\000\000\000\000\000\000\000\300\275\377\377\377\177\000\000\233\333N\001\000\000\000\000\210"... > workstart = 0x0 > workend = 0x7fffffffbff8 "\262\333\362\364\377\177" > ap_save = {{gp_offset = 32, fp_offset = 48, overflow_arg_area = 0x7fffffffc340, reg_save_area = 0x7fffffffc280}} > nspecs_done = <value optimized out> > save_errno = 0 > readonly_format = 0 > jump_table = "\001\000\000\004\000\016\000\006\000\000\a\002\000\003\t\000\005\b\b\b\b\b\b\b\b\b\000\000\000\000\000\000\000\032\000\031\000\023\023\023\000\035\000\000\f\000\000\000\000\000\000\025\000\000\000\000\022\000\r\000\000\000\000\000\000\032\000\024\017\023\023\023\n\017\034\000\v\030\027\021\026\f\000\025\033\020\000\000\022\000\r" > __PRETTY_FUNCTION__ = "_IO_vfprintf_internal" >#8 0x00007ffff4fef5c5 in ___vsprintf_chk (s=0x7fffffffc3e0 "(146)", flags=1, slen=5, format=0x428b9b "(%d)", args=0x7fffffffc260) at vsprintf_chk.c:87 > f = {_sbf = {_f = {_flags = -72515583, _IO_read_ptr = 0x7fffffffc3e0 "(146)", _IO_read_end = 0x7fffffffc3e0 "(146)", _IO_read_base = 0x7fffffffc3e0 "(146)", _IO_write_base = 0x7fffffffc3e0 "(146)", > _IO_write_ptr = 0x7fffffffc3e4 ")", _IO_write_end = 0x7fffffffc3e4 ")", _IO_buf_base = 0x7fffffffc3e0 "(146)", _IO_buf_end = 0x7fffffffc3e4 ")", _IO_save_base = 0x0, _IO_backup_base = 0x0, > _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0, _fileno = 9019144, _flags2 = 4, _old_offset = 140737334564613, _cur_column = 0, _vtable_offset = -119 '\211', _shortbuf = "", _lock = 0x0, > _offset = 9615232, _codecvt = 0x899ef0, _wide_data = 0x40, _freeres_list = 0x0, _freeres_buf = 0x92b780, _freeres_size = 1, _mode = -1, > _unused2 = "\000\000\000\000\334K\325\366\377\177\000\000 \000\000\000\000\000\000"}, vtable = 0x7ffff526ba20}, _s = {_allocate_buffer = 0, _free_buffer = 0x92b780}} > ret = 0 >#9 0x00007ffff4fef4ff in ___sprintf_chk (s=0x646a <Address 0x646a out of bounds>, flags=25706, slen=6, format=0xffffffffffffffff <Address 0xffffffffffffffff out of bounds>) at sprintf_chk.c:33 > arg = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fffffffc340, reg_save_area = 0x7fffffffc280}} > done = 0 >#10 0x000000000041ac73 in sprintf (filename=<value optimized out>, title=<value optimized out>, artist=<value optimized out>, album=<value optimized out>, year=<value optimized out>, > comment=<value optimized out>, genre=146 '\222', tracknum=1 '\001', id3v2_encoding=0x7ffff7f54148 "UTF-8") at /usr/include/bits/stdio2.h:34 >No locals. >#11 ID3v2TagFile (filename=<value optimized out>, title=<value optimized out>, artist=<value optimized out>, album=<value optimized out>, year=<value optimized out>, comment=<value optimized out>, > genre=146 '\222', tracknum=1 '\001', id3v2_encoding=0x7ffff7f54148 "UTF-8") at id3.c:281 > c_data = 0x7fffffffc3e0 "(146)" > gen = "(146)" > trk = " " > tag = 0x914fb0 > field = <value optimized out> > frames = {0x927330, 0x909b90, 0x764920, 0x92bee0, 0x927fe0, 0x7ffff7642c60, 0x7ffff7f7664b} > retval = 1 > mask = <value optimized out> > conv_str = <value optimized out> > rb = 15 > wb = 15 >#12 0x0000000000417b9b in ID3Add (ginfo=0x7ffff7ee1010) at rip.c:738 > year = "2003" > comment = <value optimized out> > len = <value optimized out> >#13 UpdateRipProgress (ginfo=0x7ffff7ee1010) at rip.c:1009 > mystat = {st_dev = 64512, st_ino = 41162750, st_nlink = 1, st_mode = 33188, st_uid = 1000, st_gid = 1000, __pad0 = 0, st_rdev = 0, st_size = 9056129, st_blksize = 4096, st_blocks = 17688, st_atim = { > tv_sec = 1316477834, tv_nsec = 757846699}, st_mtim = {tv_sec = 1316477854, tv_nsec = 34008511}, st_ctim = {tv_sec = 1316477854, tv_nsec = 34008511}, __unused = {0, 0, 0}} > percent = <value optimized out> > mycpu = 0 > buf = "Enc: 5.55%\000.0x)\000\377\377\377\177\000\000\000\000\000\000\000\000\000\000\240\367\216\367\377\177\000\000[\204\221\367\377\177\000\000\060\370\222\367\377\177\000\000\000\000\000\000\000\000\000\000\060\000\000\000\000\000\000\000\300\315j\000\000\000\000\000\b\214\260\365\001\000\000\000\060>\220\000\000\000\000\000H>\220\000\000\000\000\000 g\200\000\001\000\000\000H>\220\000\000\000\000\000\024\000\000\000\000\000\000\000@0p\000\000\000\000\000P\306\377\377\000\000\000\000<\307\377\377\377\177", '\000' <repeats 59 times>"\261, \222", '\000' <repeats 85 times>, "@\000\000\000\000\000\000\000ظ\222\000\000\000\000\000\000\261\222\000\000\000\000\000@0p\000\000\000\000\000<\307\377\377\377\177\000\000\200<\207\000\000\000\000\000\000>\220\000\000\000\000\000\320\000\000\000\000\000\000\000c\216\221\367\377\177\000\000\350\336&\365\377\177\000\000\060\307\377\377\377\177"... > now = <value optimized out> > elapsed = <value optimized out> > speed = <value optimized out> > conv_str = <value optimized out> > rb = 74 > wb = 74 >#14 0x000000000040ab5d in GripUpdate (app=<value optimized out>) at grip.c:708 > ginfo = 0x7ffff7ee1010 > secs = <value optimized out> >#15 0x0000000000409470 in TimeOut (data=<value optimized out>) at main.c:228 >No locals. >#16 0x00007ffff761f613 in g_timeout_dispatch (source=0x68bab0, callback=0x646a, user_data=0x6) at gmain.c:3895 > again = <value optimized out> >#17 0x00007ffff761ec39 in g_main_dispatch (context=0x6a57b0) at gmain.c:2441 > dispatch = 0x7ffff761f600 <g_timeout_dispatch> > user_data = 0x0 > callback = 0x409460 <TimeOut> > cb_funcs = 0x7ffff78ef5f0 > cb_data = 0x68bb30 > current_source_link = {data = 0x68bab0, next = 0x0} > source = 0x68bab0 > current = 0x6b9320 > i = 0 >#18 g_main_context_dispatch (context=0x6a57b0) at gmain.c:3014 >No locals. >#19 0x00007ffff7623178 in g_main_context_iterate (context=0x6a57b0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:3092 > max_priority = 2147483647 > timeout = 494 > some_ready = 1 > nfds = 8 > allocated_nfds = -144506944 > fds = <value optimized out> > __PRETTY_FUNCTION__ = "g_main_context_iterate" >#20 0x00007ffff762363d in g_main_loop_run (loop=0x7d1a20) at gmain.c:3300 > self = 0x676c80 > __PRETTY_FUNCTION__ = "g_main_loop_run" >#21 0x00007ffff58b2dcf in IA__gtk_main () at gtkmain.c:1256 > tmp_list = 0x685f60 > functions = 0x0 > init = 0x687830 > loop = <value optimized out> >#22 0x0000000000409446 in Cmain (argc=<value optimized out>, argv=<value optimized out>) at main.c:192 > client = 0x687830 >#23 0x00007ffff4f28d4c in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, > rtld_fini=<value optimized out>, stack_end=0x7fffffffdf68) at libc-start.c:226 > result = <value optimized out> > unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 4735128691820337249, 4231456, 140737488346992, 0, 0, -4735128692916348831, -4735139664968017823}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x4235c0, > 0x7fffffffdf78}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4339136}}} > not_first_call = <value optimized out> >#24 0x0000000000409149 in _start () >No symbol table info available. >quit >A debugging session is active. > > Inferior 1 [process 25706] will be killed. > >Quit anyway? (y or n)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=287095">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 383695
:
287051
|
287053
|
287055
|
287057
| 287095
