Bug 597308

Summary:	media-gfx/xv-3.10a-r17 - buffer overflow detected in ?
Product:	Gentoo Linux	Reporter:	segmentation fault <segmentation-fault>
Component:	Current packages	Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status:	RESOLVED NEEDINFO
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Icon that causes the buffer overflow in xv

Description segmentation fault 2016-10-16 17:57:32 UTC

Created attachment 450458 [details]
Icon that causes the buffer overflow in xv

Background
=======

I have www-client/opera-12.16_p1860-r1 installed. I also have Fvwm2 and stalonetray (the systray application). I noticed (like many others before me) that the Opera systray icon has a white background. This does not match the grey background of my stalonetray. My quest to find the curlprit icon and change its background was unsuccessful to this time, no matter what.

Desperate to try everything I could imagine, I thought I would have a look at the icon in my home opera dir with xv:

xv /home/XXX/.opera/icons/http%3A%2F%2Fwww-static.operacdn.com%2Fstatic-heap%2Fc9%2Fc99c9a52c1cfc381bf288f14c16397c1cdc8f0e2%2Fspeed-dial-icon.png

But instead of an icon, I got:

*** buffer overflow detected ***: xv terminated; report to <http://bugs.gentoo.org/>

What on earth is THIS? :shock:

Some info
======

To let you reproduce the error, I will create an attachment with the icon file in question. Use at your own risk. 

I have media-gfx/xv-3.10a-r17 installed with these USE flags:

 * Found these USE flags for media-gfx/xv-3.10a-r17:
 U I
 + + jpeg : Add JPEG image support
 + + png  : Add support for libpng (PNG images)
 + + tiff : Add support for the TIFF image format

System info:

Portage 2.2.28 (python 3.4.3-final-0, hardened/linux/x86, gcc-4.9.3, glibc-2.22-r4, 3.16.5-gentoo i686)
=================================================================
System uname: Linux-3.16.5-gentoo-i686-Intel-R-_Pentium-R-_4_CPU_3.40GHz-with-gentoo-2.2
KiB Mem:     XXXXXXX total,    478292 free
KiB Swap:    YYYYYYY total,    720324 free
Timestamp of repository gentoo: Mon, 10 Oct 2016 14:15:01 +0000
sh bash 4.3_p42-r1
ld GNU ld (Gentoo 2.25.1 p1.1) 2.25.1
app-shells/bash:          4.3_p42-r1::gentoo
dev-java/java-config:     2.2.0-r3::gentoo
dev-lang/perl:            5.22.2::gentoo
dev-lang/python:          2.7.10-r1::gentoo, 3.4.3-r1::gentoo
dev-util/cmake:           3.5.2-r1::gentoo
dev-util/pkgconfig:       0.28-r2::gentoo
sys-apps/baselayout:      2.2::gentoo
sys-apps/openrc:          0.19.1::gentoo
sys-apps/sandbox:         2.10-r2::gentoo
sys-devel/autoconf:       2.13::gentoo, 2.69::gentoo
sys-devel/automake:       1.4_p6::<unknown repository>, 1.5::<unknown repository>, 1.6.3::<unknown repository>, 1.7.9-r1::<unknown repository>, 1.8.5-r3::<unknown repository>, 1.9.6-r2::<unknown repository>, 1.10.3-r1::gentoo, 1.11.6-r1::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo
sys-devel/binutils:       2.24-r3::gentoo, 2.25.1-r1::gentoo
sys-devel/gcc:            4.3.6-r1::gentoo, 4.4.7::gentoo, 4.8.3::gentoo, 4.9.3::gentoo
sys-devel/gcc-config:     1.7.3::gentoo
sys-devel/libtool:        2.4.6::gentoo
sys-devel/make:           4.1-r1::gentoo
sys-kernel/linux-headers: 3.18::gentoo (virtual/os-headers)
sys-libs/glibc:           2.22-r4::gentoo

Comment 1 segmentation fault 2016-10-17 08:54:30 UTC

Libraries used by my xv-3.10a-r17:

linux-gate.so.1
/lib/libz.so.1
/usr/lib/libX11.so.6
/lib/libm.so.6
/usr/lib/libjpeg.so.62
/usr/lib/libpng16.so.16
/usr/lib/libtiff.so.5
/lib/libc.so.6
/usr/lib/libxcb.so.1
/lib/libdl.so.2
/lib/ld-linux.so.2
/usr/lib/libXau.so.6
/usr/lib/libXdmcp.so.6

Packages they belong to:

 * Searching for /lib/libz.so.1 ... 
sys-libs/zlib-1.2.8-r1 (/lib/libz.so.1 -> libz.so.1.2.8)
sys-libs/zlib-1.2.8-r1 (/lib/libz.so.1.2.8)

 * Searching for /usr/lib/libX11.so.6 ... 
x11-libs/libX11-1.6.3 (/usr/lib/libX11.so.6.3.0)
x11-libs/libX11-1.6.3 (/usr/lib/libX11.so.6 -> libX11.so.6.3.0)

 * Searching for /lib/libm.so.6 ... 
sys-libs/glibc-2.22-r4 (/lib/libm-2.22.so)
sys-libs/glibc-2.22-r4 (/lib/libm.so.6 -> libm-2.22.so)

 * Searching for /usr/lib/libjpeg.so.62 ... 
media-libs/libjpeg-turbo-1.5.0 (/usr/lib/libjpeg.so.62.2.0)
media-libs/libjpeg-turbo-1.5.0 (/usr/lib/libjpeg.so.62 -> libjpeg.so.62.2.0)

 * Searching for /usr/lib/libpng16.so.16 ... 
media-libs/libpng-1.6.21 (/usr/lib/libpng16.so.16 -> libpng16.so.16.21.0)
media-libs/libpng-1.6.21 (/usr/lib/libpng16.so.16.21.0)

 * Searching for /usr/lib/libtiff.so.5 ... 
media-libs/tiff-4.0.6 (/usr/lib/libtiff.so.5 -> libtiff.so.5.2.4)
media-libs/tiff-4.0.6 (/usr/lib/libtiff.so.5.2.4)

 * Searching for /lib/libc.so.6 ... 
sys-libs/glibc-2.22-r4 (/lib/libc-2.22.so)
sys-libs/glibc-2.22-r4 (/lib/libc.so.6 -> libc-2.22.so)

 * Searching for /usr/lib/libxcb.so.1 ... 
x11-libs/libxcb-1.11.1 (/usr/lib/libxcb.so.1 -> libxcb.so.1.1.0)
x11-libs/libxcb-1.11.1 (/usr/lib/libxcb.so.1.1.0)

 * Searching for /lib/libdl.so.2 ... 
sys-libs/glibc-2.22-r4 (/lib/libdl-2.22.so)
sys-libs/glibc-2.22-r4 (/lib/libdl.so.2 -> libdl-2.22.so)

 * Searching for /lib/ld-linux.so.2 ... 
sys-libs/glibc-2.22-r4 (/lib/ld-2.22.so)
sys-libs/glibc-2.22-r4 (/lib/ld-linux.so.2 -> ld-2.22.so)

 * Searching for /usr/lib/libXau.so.6 ... 
x11-libs/libXau-1.0.8 (/usr/lib/libXau.so.6.0.0)
x11-libs/libXau-1.0.8 (/usr/lib/libXau.so.6 -> libXau.so.6.0.0)

 * Searching for /usr/lib/libXdmcp.so.6 ...
x11-libs/libXdmcp-1.1.2 (/usr/lib/libXdmcp.so.6 -> libXdmcp.so.6.0.0)
x11-libs/libXdmcp-1.1.2 (/usr/lib/libXdmcp.so.6.0.0)

Comment 2 Jeroen Roovers (RETIRED) gentoo-dev

2016-10-21 04:01:32 UTC

You ought to try and obtain a gdb backtrace, because it's entirely unclear whether the overflow occurs in an X11 library, in the PNG library or in xv itself.