When starting hasciicam I get a 'buffer overflow detected' message and hasciicam fails to start. Reproducible: Always Steps to Reproduce: 1.emerge hasciicam 2.open terminal 3.run hasciicam Actual Results: hasciicam failed to start due to buffer overflow detection Expected Results: run hasciicam and have fun Hasciicam output: $ hasciicam HasciiCam 1.0 - (h)ascii 4 the masses! - http://ascii.dyne.org (c)2000-2006 Denis Roio < jaromil @ dyne.org > watch out for the (h)ASCII ROOTS Device detected is /dev/video0 USB20 Camera 1 channels detected max size w[640] h[480] - min size w[48] h[32] Video capabilities: VID_TYPE_CAPTURE can capture to memory memory map of 4 frames: 1851392 bytes Offset of frame 0: 0 Offset of frame 1: 462848 Offset of frame 2: 925696 Offset of frame 3: 1388544 error in ioctl VIDIOCMCAPTURE: Invalid argument*** buffer overflow detected ***: hasciicam terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f97d08e9ec7] /lib/libc.so.6(+0xe4d20)[0x7f97d08e7d20] /lib/libc.so.6(+0xe432b)[0x7f97d08e732b] /lib/libc.so.6(__snprintf_chk+0x7a)[0x7f97d08e71fa] hasciicam[0x401f82] hasciicam[0x403331] /lib/libc.so.6(__libc_start_main+0xfd)[0x7f97d0821bbd] hasciicam[0x401ab9] ======= Memory map: ======== 00400000-00408000 r-xp 00000000 08:02 132842 /usr/bin/hasciicam 00607000-00608000 r--p 00007000 08:02 132842 /usr/bin/hasciicam 00608000-00609000 rw-p 00008000 08:02 132842 /usr/bin/hasciicam 00609000-0060a000 rw-p 00000000 00:00 0 00d7e000-00d9f000 rw-p 00000000 00:00 0 [heap] 7f97cf5ba000-7f97cf5d0000 r-xp 00000000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf5d0000-7f97cf7cf000 ---p 00016000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7cf000-7f97cf7d0000 r--p 00015000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7d0000-7f97cf7d1000 rw-p 00016000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7d1000-7f97cf7d3000 r-xp 00000000 08:02 525775 /lib64/libdl-2.11.so 7f97cf7d3000-7f97cf9d3000 ---p 00002000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d3000-7f97cf9d4000 r--p 00002000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d4000-7f97cf9d5000 rw-p 00003000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d5000-7f97cf9da000 r-xp 00000000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cf9da000-7f97cfbd9000 ---p 00005000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbd9000-7f97cfbda000 r--p 00004000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbda000-7f97cfbdb000 rw-p 00005000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbdb000-7f97cfbdd000 r-xp 00000000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfbdd000-7f97cfddc000 ---p 00002000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfddc000-7f97cfddd000 r--p 00001000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfddd000-7f97cfdde000 rw-p 00002000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfdde000-7f97cfdf9000 r-xp 00000000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfdf9000-7f97cfff8000 ---p 0001b000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfff8000-7f97cfff9000 r--p 0001a000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfff9000-7f97cfffa000 rw-p 0001b000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfffa000-7f97d012d000 r-xp 00000000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d012d000-7f97d032d000 ---p 00133000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d032d000-7f97d032e000 r--p 00133000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d032e000-7f97d0333000 rw-p 00134000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d0333000-7f97d03b3000 r-xp 00000000 08:02 525764 /lib64/libm-2.11.so 7f97d03b3000-7f97d05b2000 ---p 00080000 08:02 525764 /lib64/libm-2.11.so 7f97d05b2000-7f97d05b3000 r--p 0007f000 08:02 525764 /lib64/libm-2.11.so 7f97d05b3000-7f97d05b4000 rw-p 00080000 08:02 525764 /lib64/libm-2.11.so 7f97d05b4000-7f97d05fe000 r-xp 00000000 08:02 525759 /lib64/libncurses.so.5.7 7f97d05fe000-7f97d07fd000 ---p 0004a000 08:02 525759 /lib64/libncurses.so.5.7 7f97d07fd000-7f97d0801000 r--p 00049000 08:02 525759 /lib64/libncurses.so.5.7 7f97d0801000-7f97d0802000 rw-p 0004d000 08:02 525759 /lib64/libncurses.so.5.7 7f97d0802000-7f97d0803000 rw-p 00000000 00:00 0 7f97d0803000-7f97d0953000 r-xp 00000000 08:02 525817 /lib64/libc-2.11.so 7f97d0953000-7f97d0b52000 ---p 00150000 08:02 525817 /lib64/libc-2.11.so 7f97d0b52000-7f97d0b56000 r--p 0014f000 08:02 525817 /lib64/libc-2.11.so 7f97d0b56000-7f97d0b57000 rw-p 00153000 08:02 525817 /lib64/libc-2.11.so 7f97d0b57000-7f97d0b5c000 rw-p 00000000 00:00 0 7f97d0b5c000-7f97d0b75000 r-xp 00000000 08:02 81556 /usr/lib64/libaa.so 7f97d0b75000-7f97d0d75000 ---p 00019000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d75000-7f97d0d77000 r--p 00019000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d77000-7f97d0d78000 rw-p 0001b000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d78000-7f97d0d7a000 rw-p 00000000 00:00 0 7f97d0d7a000-7f97d0d98000 r-xp 00000000 08:02 525813 /lib64/ld-2.11.so 7f97d0dac000-7f97d0f70000 rw-s 00000000 00:0d 1477 /dev/video0 7f97d0f70000-7f97d0f76000 rw-p 00000000 00:00 0 7f97d0f96000-7f97d0f97000 rw-p 00000000 00:00 0 7f97d0f97000-7f97d0f98000 r--p 0001d000 08:02 525813 /lib64/ld-2.11.so 7f97d0f98000-7f97d0f99000 rw-p 0001e000 08:02 525813 /lib64/ld-2.11.so 7f97d0f99000-7f97d0f9a000 rw-p 00000000 00:00 0 7fffa0a95000-7fffa0aaa000 rw-p 00000000 00:00 0 [stack] 7fffa0bff000-7fffa0c00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted $ emerge --info Portage 2.1.7.16 (default/linux/amd64/10.0, gcc-4.4.2, glibc-2.11-r1, 2.6.32-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.32-gentoo-r1-x86_64-Intel-R-_Core-TM-2_Duo_CPU_E8200_@_2.66GHz-with-gentoo-2.0.1 Timestamp of tree: Fri, 22 Jan 2010 17:00:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p37 dev-java/java-config: 2.1.10 dev-lang/python: 2.6.4, 3.1.1-r1 dev-util/ccache: 2.4-r8 dev-util/cmake: 2.8.0 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.6.0-r1 sys-apps/sandbox: 2.2 sys-devel/autoconf: 2.65 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.30-r1 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA skype-eula dlj-1.1" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb /var/lib/hsqldb" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=core2 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests ccache distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://ftp.ntua.gr/pub/linux/gentoo/" LANG="POSIX" LDFLAGS="-Wl,--hash-style=gnu,--as-needed,-O1" LINGUAS="en el" MAKEOPTS="-j4" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/sunrise /usr/local/portage/layman/zen-sources" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 7zip X aalib acl aiglx alsa amd64 apache2 archive aspell automount bash-completion berkdb bitmap-fonts bzip2 cairo caps cdaudio cdda cgi chm cifs cli consolekit corefonts cracklib crypt ctype cups curl custom-optimization cvs cxx dbus dhcpcd directfb dmx dri dvd dvdr ext2 ext3 ext4 extensions fam fastbuild fat fbcon ffmpeg filter flac fltk fontconfig force-cgi-redirect fortran ftp fuse gd gdbm gif git glitz gnutls gpm graphviz gtk h323 hal hash iconv imlib java java6 jpeg latex libcaca libffi libnotify lua lyrics mad memlimit mmx modules mozsha1 mp3 mp4 mpd msn mudflap multilib mysql nano-syntax ncurses nls nptl nptlonly nsplugin ntfs nvidia offensive ogg opengl openmp pam pcre pdf pdo perl php png posix pppd python python3 qt3support qt4 rar readline reflection samba sasl screenshot sdk session simplexml sip smp soap sockets sound spell spl sql sqlite sse sse2 sse4.1 ssl ssse3 startup-notification subversion svg symlink sysfs taglib tcl tcpd threads tiff timezone tk tokenizer truetype truetype-fonts type1-fonts unicode v4l2 vcd vim vim-pager vim-syntax vorbis wav wifi wma wps xcb xcomposite xft xml xmlreader xmlwriter xorg xprint xsl xterm-color xv xvid xvmc zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en el" NETBEANS_MODULES="cnd ide java dlight harness websvccommon nb" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Please attach everything here and link to any other site. HasciiCam 1.0 - (h)ascii 4 the masses! - http://ascii.dyne.org (c)2000-2006 Denis Roio < jaromil @ dyne.org > watch out for the (h)ASCII ROOTS Device detected is /dev/video0 USB20 Camera 1 channels detected max size w[640] h[480] - min size w[48] h[32] Video capabilities: VID_TYPE_CAPTURE can capture to memory memory map of 4 frames: 1851392 bytes Offset of frame 0: 0 Offset of frame 1: 462848 Offset of frame 2: 925696 Offset of frame 3: 1388544 error in ioctl VIDIOCMCAPTURE: Invalid argument*** buffer overflow detected ***: hasciicam terminated ======= Backtrace: ========= /lib/libc.so.6(__fortify_fail+0x37)[0x7f97d08e9ec7] /lib/libc.so.6(+0xe4d20)[0x7f97d08e7d20] /lib/libc.so.6(+0xe432b)[0x7f97d08e732b] /lib/libc.so.6(__snprintf_chk+0x7a)[0x7f97d08e71fa] hasciicam[0x401f82] hasciicam[0x403331] /lib/libc.so.6(__libc_start_main+0xfd)[0x7f97d0821bbd] hasciicam[0x401ab9] ======= Memory map: ======== 00400000-00408000 r-xp 00000000 08:02 132842 /usr/bin/hasciicam 00607000-00608000 r--p 00007000 08:02 132842 /usr/bin/hasciicam 00608000-00609000 rw-p 00008000 08:02 132842 /usr/bin/hasciicam 00609000-0060a000 rw-p 00000000 00:00 0 00d7e000-00d9f000 rw-p 00000000 00:00 0 [heap] 7f97cf5ba000-7f97cf5d0000 r-xp 00000000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf5d0000-7f97cf7cf000 ---p 00016000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7cf000-7f97cf7d0000 r--p 00015000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7d0000-7f97cf7d1000 rw-p 00016000 08:02 672532 /lib64/libgcc_s.so.1 7f97cf7d1000-7f97cf7d3000 r-xp 00000000 08:02 525775 /lib64/libdl-2.11.so 7f97cf7d3000-7f97cf9d3000 ---p 00002000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d3000-7f97cf9d4000 r--p 00002000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d4000-7f97cf9d5000 rw-p 00003000 08:02 525775 /lib64/libdl-2.11.so 7f97cf9d5000-7f97cf9da000 r-xp 00000000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cf9da000-7f97cfbd9000 ---p 00005000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbd9000-7f97cfbda000 r--p 00004000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbda000-7f97cfbdb000 rw-p 00005000 08:02 43926 /usr/lib64/libXdmcp.so.6.0.0 7f97cfbdb000-7f97cfbdd000 r-xp 00000000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfbdd000-7f97cfddc000 ---p 00002000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfddc000-7f97cfddd000 r--p 00001000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfddd000-7f97cfdde000 rw-p 00002000 08:02 36093 /usr/lib64/libXau.so.6.0.0 7f97cfdde000-7f97cfdf9000 r-xp 00000000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfdf9000-7f97cfff8000 ---p 0001b000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfff8000-7f97cfff9000 r--p 0001a000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfff9000-7f97cfffa000 rw-p 0001b000 08:02 18316 /usr/lib64/libxcb.so.1.1.0 7f97cfffa000-7f97d012d000 r-xp 00000000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d012d000-7f97d032d000 ---p 00133000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d032d000-7f97d032e000 r--p 00133000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d032e000-7f97d0333000 rw-p 00134000 08:02 43550 /usr/lib64/libX11.so.6.3.0 7f97d0333000-7f97d03b3000 r-xp 00000000 08:02 525764 /lib64/libm-2.11.so 7f97d03b3000-7f97d05b2000 ---p 00080000 08:02 525764 /lib64/libm-2.11.so 7f97d05b2000-7f97d05b3000 r--p 0007f000 08:02 525764 /lib64/libm-2.11.so 7f97d05b3000-7f97d05b4000 rw-p 00080000 08:02 525764 /lib64/libm-2.11.so 7f97d05b4000-7f97d05fe000 r-xp 00000000 08:02 525759 /lib64/libncurses.so.5.7 7f97d05fe000-7f97d07fd000 ---p 0004a000 08:02 525759 /lib64/libncurses.so.5.7 7f97d07fd000-7f97d0801000 r--p 00049000 08:02 525759 /lib64/libncurses.so.5.7 7f97d0801000-7f97d0802000 rw-p 0004d000 08:02 525759 /lib64/libncurses.so.5.7 7f97d0802000-7f97d0803000 rw-p 00000000 00:00 0 7f97d0803000-7f97d0953000 r-xp 00000000 08:02 525817 /lib64/libc-2.11.so 7f97d0953000-7f97d0b52000 ---p 00150000 08:02 525817 /lib64/libc-2.11.so 7f97d0b52000-7f97d0b56000 r--p 0014f000 08:02 525817 /lib64/libc-2.11.so 7f97d0b56000-7f97d0b57000 rw-p 00153000 08:02 525817 /lib64/libc-2.11.so 7f97d0b57000-7f97d0b5c000 rw-p 00000000 00:00 0 7f97d0b5c000-7f97d0b75000 r-xp 00000000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0b75000-7f97d0d75000 ---p 00019000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d75000-7f97d0d77000 r--p 00019000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d77000-7f97d0d78000 rw-p 0001b000 08:02 81556 /usr/lib64/libaa.so.1.0.4 7f97d0d78000-7f97d0d7a000 rw-p 00000000 00:00 0 7f97d0d7a000-7f97d0d98000 r-xp 00000000 08:02 525813 /lib64/ld-2.11.so 7f97d0dac000-7f97d0f70000 rw-s 00000000 00:0d 1477 /dev/video0 7f97d0f70000-7f97d0f76000 rw-p 00000000 00:00 0 7f97d0f96000-7f97d0f97000 rw-p 00000000 00:00 0 7f97d0f97000-7f97d0f98000 r--p 0001d000 08:02 525813 /lib64/ld-2.11.so 7f97d0f98000-7f97d0f99000 rw-p 0001e000 08:02 525813 /lib64/ld-2.11.so 7f97d0f99000-7f97d0f9a000 rw-p 00000000 00:00 0 7fffa0a95000-7fffa0aaa000 rw-p 00000000 00:00 0 [stack] 7fffa0bff000-7fffa0c00000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] Aborted
Oops, didn't saw they you pasted it yourself.
Created attachment 248128 [details] Build log It is also detected at build time.
Created attachment 248581 [details, diff] Patch to hasciicam-1.0.ebuild to fix snprintf overflow This patch changes the snprintf statement to use sizeof() to compute the buffer size, instead of specifying a value larger than the actual buffer. It has been confirmed to modify the code, but the code has not been compiled to verify it works.
I've tested the proposed patch on x86 and amd64, and it compiles... unfortunately the program crashes on amd64 with the following message: HasciiCam 1.0 - (h)ascii 4 the masses! - http://ascii.dyne.org (c)2000-2006 Denis Roio < jaromil @ dyne.org > watch out for the (h)ASCII ROOTS Device detected is /dev/video0 USB 2.0 Camera 1 channels detected max size w[640] h[480] - min size w[48] h[32] Video capabilities: VID_TYPE_CAPTURE can capture to memory !! error in ioctl VIDIOCGMBUF: : Invalid argument while under x86 it fails to communicate with the videocam, endlessly printing the following error: . . . error in ioctl VIDIOCSYNC: : Invalid argument ^Cinterrupt caught, exiting. XIO: fatal IO error 22 (Invalid argument) on X server ":0.0" after 352 requests (352 known processed) with 3 events remaining.
(In reply to comment #5) > I've tested the proposed patch on x86 and amd64, and it compiles... > unfortunately the program crashes on amd64 with the following message: Did it work before the patch? I've last tested hasciicam with v4l1 driver, qc-usb-messenger years ago. It may be it doesn't work at all with current kernel v4l2 drivers and as such, should be lastrited.
Probably you're right... I want to contact the author to see if he's willing to port the program to v4l2.
This is fixed with 1.1.1, which also supports v4l2.