Summary: | Audacious 1.3.2 [20070405-4320] - possible double free | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Marek Cruz <programatorfreez> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED UPSTREAM | ||
Severity: | normal | CC: | bernd, chainsaw, lkundrak |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugzilla.atheme.org/ | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Marek Cruz
2007-10-26 17:18:42 UTC
The only file which always cause the crash can be downloaded from the following location http://files-upload.com/files/582839/03-The_Wait.mp3 The other files are processed and played without any problem. This should be reported on the upstream bugtracker (bugzilla at atheme.org). Please use the URL field to go there. Note that a double free is generally hard to exploit and can only be used to shut the program down in a particularly unclean way. How would this work, sending the user a specially crafted MP3 file to shut their media player down? This plays in the 1.4 branch: * Chainsaw is listening to [Metallica - Garage_Days_Re-Revisited - The_Wait (MPEG Audio (MP3) - lossy)] length[0:09/4:57] Will be resolved once 1.4 RC1 is released. Can't reproduce on amd64 with Audacious 1.3.2 [20070405-4320]. (In reply to comment #4) > Can't reproduce on amd64 with Audacious 1.3.2 [20070405-4320]. Based on the backtrace you need USE="adplug" for it to trigger. I was not able to reproduce it. Could you please make a debug build and try to obtain a core dump or more reasonable backtrace? Until we have a fix I suggest working around the issue by not listening to Metallica. I propose Alice Cooper as a more than a reasonable replacement. Tony: Did you file an upstream bugzilla ticket? Can you provide the number? (In reply to comment #6) > Tony: Did you file an upstream bugzilla ticket? Can you provide the number? I did not. Upstream is working on 1.4 which does not have the bug. I have stopped reporting bugs upstream on behalf of a user as most do not follow up. |