Bug 340367

Summary:	buffer overflow detected when using grip
Product:	Gentoo Linux	Reporter:	Justin Lecher (RETIRED) <jlec>
Component:	Current packages	Assignee:	Gentoo Sound Team <sound>
Status:	RESOLVED DUPLICATE
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Justin Lecher (RETIRED) gentoo-dev

2010-10-10 17:01:00 UTC

Currently I get 

======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x2b9818630b67]
/lib/libc.so.6(+0xf9980)[0x2b981862e980]
/lib/libc.so.6(+0xf8cf9)[0x2b981862dcf9]
/lib/libc.so.6(_IO_default_xsputn+0xd8)[0x2b98185aa788]
/lib/libc.so.6(_IO_vfprintf+0x670)[0x2b981857aed0]
/lib/libc.so.6(__vsprintf_chk+0x9d)[0x2b981862dd9d]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x2b981862dcdf]
grip[0x41926b]
grip[0x417d7d]
grip[0x408615]
grip[0x408030]
/usr/lib64/libglib-2.0.so.0(+0x4560b)[0x2b9817da260b]
/usr/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x1f2)[0x2b9817da0e52]
/usr/lib64/libglib-2.0.so.0(+0x44630)[0x2b9817da1630]
/usr/lib64/libglib-2.0.so.0(g_main_loop_run+0x182)[0x2b9817da1ca2]
/usr/lib64/libgtk-x11-2.0.so.0(gtk_main+0xa7)[0x2b9816bb1ca7]
grip[0x408376]
/lib/libc.so.6(__libc_start_main+0xfd)[0x2b9818553cdd]
grip[0x407f49]
======= Memory map: ========
00400000-0042e000 r-xp 00000000 08:05 361050                             /usr/bin/grip
0062d000-0062e000 r--p 0002d000 08:05 361050                             /usr/bin/grip
0062e000-00633000 rw-p 0002e000 08:05 361050                             /usr/bin/grip
00633000-00661000 rw-p 00000000 00:00 0 
0170c000-01ed4000 rw-p 00000000 00:00 0                                  [heap]
2b9815aa5000-2b9815ac5000 r-xp 00000000 08:05 491550                     /lib64/ld-2.12.1.so
2b9815ac5000-2b9815ac6000 rw-p 00000000 00:00 0 
2b9815cc4000-2b9815cc5000 r--p 0001f000 08:05 491550                     /lib64/ld-2.12.1.so
2b9815cc5000-2b9815cc6000 rw-p 00020000 08:05 491550                     /lib64/ld-2.12.1.so
2b9815cc6000-2b9815cc7000 rw-p 00000000 00:00 0 
2b9815cc7000-2b9815d5c000 r-xp 00000000 08:05 639107                     /usr/lib64/libvte.so.9.13.3
2b9815d5c000-2b9815f5b000 ---p 00095000 08:05 639107                     /usr/lib64/libvte.so.9.13.3
2b9815f5b000-2b9815f5d000 r--p 00094000 08:05 639107                     /usr/lib64/libvte.so.9.13.3
2b9815f5d000-2b9815f60000 rw-p 00096000 08:05 639107                     /usr/lib64/libvte.so.9.13.3
2b9815f60000-2b9815f62000 rw-p 00000000 00:00 0 
2b9815f62000-2b9815f71000 r-xp 00000000 08:05 379146                     /usr/lib64/libcdda_interface.so.0.10.2
2b9815f71000-2b9816170000 ---p 0000f000 08:05 379146                     /usr/lib64/libcdda_interface.so.0.10.2
2b9816170000-2b9816171000 r--p 0000e000 08:05 379146                     /usr/lib64/libcdda_interface.so.0.10.2
2b9816171000-2b9816172000 rw-p 0000f000 08:05 379146                     /usr/lib64/libcdda_interface.so.0.10.2
2b9816172000-2b981617a000 r-xp 00000000 08:05 381122                     /usr/lib64/libcdda_paranoia.so.0.10.2
2b981617a000-2b9816379000 ---p 00008000 08:05 381122                     /usr/lib64/libcdda_paranoia.so.0.10.2
2b9816379000-2b981637a000 r--p 00007000 08:05 381122                     /usr/lib64/libcdda_paranoia.so.0.10.2
2b981637a000-2b981637b000 rw-p 00008000 08:05 381122                     /usr/lib64/libcdda_paranoia.so.0.10.2
2b981637b000-2b98163b3000 r-xp 00000000 08:05 381662                     /usr/lib64/libid3-3.8.so.3.0.0
2b98163b3000-2b98165b2000 ---p 00038000 08:05 381662                     /usr/lib64/libid3-3.8.so.3.0.0
2b98165b2000-2b98165b4000 r--p 00037000 08:05 381662                     /usr/lib64/libid3-3.8.so.3.0.0
2b98165b4000-2b98165b6000 rw-p 00039000 08:05 381662                     /usr/lib64/libid3-3.8.so.3.0.0
2b98165b6000-2b981664b000 r-xp 00000000 08:05 380750                     /usr/lib64/libgnomeui-2.so.0.2400.4
2b981664b000-2b981684a000 ---p 00095000 08:05 380750                     /usr/lib64/libgnomeui-2.so.0.2400.4
2b981684a000-2b981684d000 r--p 00094000 08:05 380750                     /usr/lib64/libgnomeui-2.so.0.2400.4
2b981684d000-2b9816850000 rw-p 00097000 08:05 380750                     /usr/lib64/libgnomeui-2.so.0.2400.4
2b9816850000-2b9816851000 rw-p 00000000 00:00 0 
2b9816851000-2b9816866000 r-xp 00000000 08:05 640359                     /usr/lib64/libgnome-2.so.0.3000.0
2b9816866000-2b9816a65000 ---p 00015000 08:05 640359                     /usr/lib64/libgnome-2.so.0.3000.0
2b9816a65000-2b9816a66000 r--p 00014000 08:05 640359                     /usr/lib64/libgnome-2.so.0.3000.0
2b9816a66000-2b9816a67000 rw-p 00015000 08:05 640359                     /usr/lib64/libgnome-2.so.0.3000.0
2b9816a67000-2b9816e7a000 r-xp 00000000 08:05 379302                     /usr/lib64/libgtk-x11-2.0.so.0.2000.1
2b9816e7a000-2b9817079000 ---p 00413000 08:05 379302                     /usr/lib64/libgtk-x11-2.0.so.0.2000.1
2b9817079000-2b9817080000 r--p 00412000 08:05 379302                     /usr/lib64/libgtk-x11-2.0.so.0.2000.1
2b9817080000-2b9817089000 rw-p 00419000 08:05 379302                     /usr/lib64/libgtk-x11-2.0.so.0.2000.1
2b9817089000-2b981708b000 rw-p 00000000 00:00 0 
2b981708b000-2b9817133000 r-xp 00000000 08:05 379300                     /usr/lib64/libgdk-x11-2.0.so.0.2000.1
2b9817133000-2b9817332000 ---p 000a8000 08:05 379300                     /usr/lib64/libgdk-x11-2.0.so.0.2000.1
2b9817332000-2b9817336000 r--p 000a7000 08:05 379300                     /usr/lib64/libgdk-x11-2.0.so.0.2000.1
2b9817336000-2b9817338000 rw-p 000ab000 08:05 379300                     /usr/lib64/libgdk-x11-2.0.so.0.2000.1
2b9817338000-2b981733a000 rw-p 00000000 00:00 0 
2b981733a000-2b9817473000 r-xp 00000000 08:05 377593                     /usr/lib64/libX11.so.6.3.0
2b9817473000-2b9817673000 ---p 00139000 08:05 377593                     /usr/lib64/libX11.so.6.3.0
2b9817673000-2b9817674000 r--p 00139000 08:05 377593                     /usr/lib64/libX11.so.6.3.0
2b9817674000-2b9817679000 rw-p 0013a000 08:05 377593                     /usr/lib64/libX11.so.6.3.0
2b9817679000-2b98176c0000 r-xp 00000000 08:05 639026                     /usr/lib64/libpango-1.0.so.0.2800.1
2b98176c0000-2b98178c0000 ---p 00047000 08:05 639026                     /usr/lib64/libpango-1.0.so.0.2800.1
2b98178c0000-2b98178c2000 r--p 00047000 08:05 639026                     /usr/lib64/libpango-1.0.so.0.2800.1
2b98178c2000-2b98178c3000 rw-p 00049000 08:05 639026                     /usr/lib64/libpango-1.0.so.0.2800.1
2b98178c3000-2b981790a000 r-xp 00000000 08:05 381100                     /usr/lib64/libgobject-2.0.so.0.2400.2
2b981790a000-2b9817b0a000 ---p 00047000 08:05 381100                     /usr/lib64/libgobject-2.0.so.0.2400.2
2b9817b0a000-2b9817b0b000 r--p 00047000 08:05 381100                     /usr/lib64/libgobject-2.0.so.0.2400.2
2b9817b0b000-2b9817b0c000 rw-p 00048000 08:05 381100                     /usr/lib64/libgobject-2.0.so.0.2400.2
2b9817b0c000-2b9817b0d000 rw-p 00000000 00:00 0 
2b9817b3e000-2b9817b3f000 rw-p 00000000 00:00 0 
2b9817b3f000-2b9817b57000 r-xp 00000000 08:05 491574                     /lib64/libpthread-2.12.1.so
2b9817b57000-2b9817d57000 ---p 00018000 08:05 491574                     /lib64/libpthread-2.12.1.soAborted

when running grip during the encoding stage.



$ einfo media-sound/grip
Portage 2.2_rc91 (default/linux/amd64/10.0, gcc-4.5.1-asneeded, glibc-2.12.1-r1, 2.6.35-gentoo-r9 x86_64)
=================================================================
                        System Settings
=================================================================
System uname: Linux-2.6.35-gentoo-r9-x86_64-Intel-R-_Core-TM-2_Quad_CPU_Q6600_@_2.40GHz-with-gentoo-2.0.1
Timestamp of tree: Sun, 10 Oct 2010 07:25:01 +0000
distcc 3.1 x86_64-pc-linux-gnu [disabled]
ccache version 2.4 [enabled]
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11
dev-lang/python:     2.5.4-r4, 2.6.5-r3, 3.1.2-r4
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.3
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.13, 2.68
sys-devel/automake:  1.6.3-r1, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2, 4.5.1
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.35 (sys-kernel/linux-headers)
Repositories: gentoo sunrise science last-hope dummy
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -g -Wmissing-prototypes -Wno-pointer-sign"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/hddtemp/ /usr/share/nano /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -g -Wenum-compare -Wno-invalid-offsetof"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--verbose --jobs=12 --load-average=8 --keep-going -t"
FEATURES="assume-digests binpkg-logs buildsyspkg ccache collision-protect distlocks fixlafiles fixpackages multilib-strict news noinfo parallel-fetch preserve-libs protect-owned sandbox sfperms sign split-log splitdebug strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
FFLAGS="-O2 -pipe -march=core2 -frecord-gcc-switches -mssse3 -mcx16 -mmmx -g"
GENTOO_MIRRORS=" 	ftp://ftp.gentoo.mesh-solutions.com/gentoo/ 	ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ 	ftp://de-mirror.org/distro/gentoo/ 	ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/"
LANG="en_GB.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu,--sort-common"
LINGUAS="en"
MAKEOPTS="-j6 -l8"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/data/layman/sunrise /data/layman/science /data/local/portage-overlay /data/local/dummy"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="7zip X acl acpi additions alsa amd64 apbs automount bash-completion berkdb blas branding bzip2 cairo cblas cleartype cli cracklib cups custom-optimization cxx dbus deprecated discouraged double-precision dri dts dvdr emboss fastcgi fbcon fbcondecor fbsplash fftw fortran gd gdbm gecko gif glibc-omitfp gmp gnome gnome-keyring gpm grub gtk hddtemp icc iconv ifc imlib java javascript jpeg lapack largefile ldap libsexy libv4l2 lm_sensors md5sum mmap mmx mmxext modules mp3 mudflap multicall multilib multiprocess multiuser nano-syntax ncurses network-cron networking nls nptl nptlonly nsplugin numpy nvidia opengl openmp openssl optimize-cflags pam pcre perl png pppd pymol python qt-static qt3support readline reflection rrdcgi rtsp sdl sensord session smp sse sse2 ssl ssse3 startup-notification svg svgz swat sysfs system-sqlite tcpd tiff truetype type1 unicode v4l v4l2 vorbis x264 xcb xcomposite xinerama xorg xulrunner zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" PHP_TARGETS="php-5.2" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

=================================================================
                        Package Settings
=================================================================

media-sound/grip-3.3.1-r2 was built with the following:
USE="(multilib) nls vorbis"

Comment 1 Justin Lecher (RETIRED) gentoo-dev

2010-10-10 17:05:37 UTC

backtrace:


#0  0x00002aaaad5a0f25 in raise () from /lib/libc.so.6
#1  0x00002aaaad5a28d6 in abort () from /lib/libc.so.6
#2  0x00002aaaad5def33 in __libc_message () from /lib/libc.so.6
#3  0x00002aaaad668b67 in __fortify_fail () from /lib/libc.so.6
#4  0x00002aaaad666980 in __chk_fail () from /lib/libc.so.6
#5  0x00002aaaad665cf9 in _IO_str_chk_overflow () from /lib/libc.so.6
#6  0x00002aaaad5e2788 in _IO_default_xsputn () from /lib/libc.so.6
#7  0x00002aaaad5b2ed0 in vfprintf () from /lib/libc.so.6
#8  0x00002aaaad665d9d in __vsprintf_chk () from /lib/libc.so.6
#9  0x00002aaaad665cdf in __sprintf_chk () from /lib/libc.so.6
#10 0x000000000041926b in sprintf (filename=0x2aaab98f7a48 "/home/justin/mp3/heitz_markus/drachenkaiser/03-0103.mp3", title=0x974c14 "0103", artist=0x974f14 "Heitz, Markus", album=0x974e14 "Drachenkaiser", year=0x7fffffffbf10 "2010", comment=0x8da8a0 "Created by Grip", 
    genre=101 'e', tracknum=3 '\003', id3v2_encoding=0x2aaab98f4148 "UTF-8") at /usr/include/bits/stdio2.h:34
#11 ID3v2TagFile (filename=0x2aaab98f7a48 "/home/justin/mp3/heitz_markus/drachenkaiser/03-0103.mp3", title=0x974c14 "0103", artist=0x974f14 "Heitz, Markus", album=0x974e14 "Drachenkaiser", year=0x7fffffffbf10 "2010", comment=0x8da8a0 "Created by Grip", genre=101 'e', 
    tracknum=3 '\003', id3v2_encoding=0x2aaab98f4148 "UTF-8") at id3.c:281
#12 0x0000000000417d7d in ID3Add (ginfo=0x2aaab9881010) at rip.c:738
#13 UpdateRipProgress (ginfo=0x2aaab9881010) at rip.c:1009
#14 0x0000000000408615 in GripUpdate (app=<value optimized out>) at grip.c:708
#15 0x0000000000408030 in TimeOut (data=<value optimized out>) at main.c:228
#16 0x00002aaaacdd960b in g_timeout_dispatch (source=0x8ffe40, callback=<value optimized out>, user_data=<value optimized out>) at gmain.c:3396
#17 0x00002aaaacdd7e52 in g_main_dispatch (context=0x6a27d0) at gmain.c:1960
#18 g_main_context_dispatch (context=0x6a27d0) at gmain.c:2513
#19 0x00002aaaacdd8630 in g_main_context_iterate (context=0x6a27d0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2591
#20 0x00002aaaacdd8ca2 in g_main_loop_run (loop=0x76a690) at gmain.c:2799
#21 0x00002aaaabbc1897 in gtk_main () at gtkmain.c:1219
#22 0x0000000000408376 in Cmain (argc=<value optimized out>, argv=<value optimized out>) at main.c:192
#23 0x00002aaaad58bcdd in __libc_start_main () from /lib/libc.so.6
#24 0x0000000000407f49 in _start ()

Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev

2010-10-10 17:06:13 UTC

Does the patch from bug #285105 fix your problem?

Comment 3 Justin Lecher (RETIRED) gentoo-dev

2010-10-10 17:29:38 UTC

(In reply to comment #2)
> Does the patch from bug #285105 fix your problem?
> 

This patch helps.

Comment 4 Justin Lecher (RETIRED) gentoo-dev

2010-10-10 17:32:07 UTC


*** This bug has been marked as a duplicate of bug 285105 ***