Playing http://www.cyberniklas.de/pongmechanik/videos/pong_web.mov gives mplayer: stack smashing attack in function Setup_FS_Segment() Reproducible: Always Steps to Reproduce: 1. wget http://www.cyberniklas.de/pongmechanik/videos/pong_web.mov 2. mplayer pong_web.mov Actual Results: Playing /tmp/pong_web.mov. QuickTime/MOV file format detected. -------------- MOV track #0: 853 chunks, 0 samples Audio bits: 16 chans: 1 rate: 22050 Audio extra header: len=64 fcc=0x77617665 MOV: Found unknown audio atom Fourcc: QDM2 -------------- MOV track #1: 1706 chunks, 4260 samples MOV: Found unknown movie atom SMI (21)! Image size: 240 x 180 (32 bpp) Display size: 240 x 180 Fourcc: SVQ3 Codec: 'Sorenson Video 3' -------------- MOV track #2: 1704 chunks, 4260 samples Generic track - not completely understood! (id: 2) -------------- MOV track #3: 144 chunks, 144 samples Generic track - not completely understood! (id: 3) -------------- MOV: longest streams: A: #0 (853 samples) V: #1 (4260 samples) ========================================================================== Opening audio decoder: [qtaudio] QuickTime Audio Decoder mplayer: stack smashing attack in function Setup_FS_Segment() Aborted Portage 2.0.50-r11 (default-x86-1.4, gcc-3.3.4, glibc-2.3.3.20040420-r1, 2.6.8.1) ================================================================= System uname: 2.6.8.1 i686 Intel(R) Pentium(R) 4 CPU 2.00GHz Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i686 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.1/share/config /usr/kde/3.2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i686 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo/ http://csociety-ftp.ecn.purdue.edu/pub/gentoo/ rsync://gentoo.seren.com/gentoo ftp://gentoo.netnitco.net/pub/mirrors/gentoo/source/ ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo" MAKEOPTS="-j1" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X X509 aac aalib alsa apm arts artswrappersuid avi berkdb bitmap-fonts bonobo bzlib cdparanoia cdr chroot clamav cryptcups curl debug directfb drac dvb dvd dvdr dvdread edl encode erandom esd f77 faac faad ffmpeg fftw flac flash foomaticdb freetype gcj gd gd-external gdbm ggi gif gmp gnome gphoto2 gpm gs gtk gtk2 gtkhtml guile hardened hardenedphp ieee1394 imagemagick imap imlib innodb ipv6 irda irmc jabber java jbig jpeg kde ldap libg++ libwww lirc live lufsusermount lzo lzw lzw-tiffmad makecheck matroska mcal mdb memlimit mikmod mldonkeypango mmx mmx2 mng mnogosearch monkey mono motif mozilla mozp3p mozsvg mozxmlterm mpeg mpeg4 mplayer msdav msn mssql mysql mythtv nagios-dns nagios-ntp nagios-ping nagios-ssh nas ncurses network neural nls oav oggvorbis ooo-kde opengl oss pam pcap pcre pda pdflib perl pg-hier pg-vacuumdelay pic pie plotutils png postgres pwdb python qt quicktime radeon readline rtc ruby sasl scanner sdl skey slang snmp sox speex spell sse sse2 ssl svg svga tcltk tcpd tetex theora tidy tiff transcode truetype type1 usb v4l v4l2 vhosts virus-scan vnc wifi wmf x86 xfs xml2 xmms xprint xv xvid zlib"
Can you confirm this with MPlayer-1.0_pre5-r2? -r3+ use custom CFLAGS (they are masked and experimental), so I'd like to make sure that's what were dealing with. Just a quick look over of the code, and it's asm, something to which I don't do well with (yes, I admit to that :), and may contact someone that does know more.
I had a gut feeling that this was caused by USE=hardened. So I tried removing hardened when compiling mplayer. This gave the same result. However, if I remove hardened and recompile first gcc then mplayer, then it works - even with 1.0_pre5-r4. I thereby feel that it is proven that it is the hardened version of gcc that conflicts with mplayer. For my expierence with compiling older versions of mplayer, see bug 64450.
I get the same thing with -fstack-protector in CFLAGS on mplayer-1.0_pre5-r5.
This deals with loading dll's and windows style files. That said.. not much I can do about it, as I'd have to ask apple to fix their stuff in preventing stack smashing on linux. Guess how that would go :P.