Bug#915769: daisy-player: Buffer overflow loading a most probably valid DAISY book

Colomban Wendling cwendling at hypra.fr
Thu Dec 6 17:03:55 GMT 2018

Package: daisy-player
Severity: normal

Dear Maintainer,

Tryig to read the book 1Brochure-DAISY-Consortium.zip downloadable at
http://www.daisy.org/sample-content#t11 leads to a buffer overflow
which is detected by the libc and results with process abortion:

Backtrace running under GDB:

*** buffer overflow detected ***: /usr/bin/daisy-player terminated

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) bt
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1  0x00007ffff6ee22f1 in __GI_abort () at abort.c:79
#2  0x00007ffff6f23867 in __libc_message (action=(do_abort | do_backtrace), 
    fmt=fmt at entry=0x7ffff702d061 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:181
#3  0x00007ffff6fb449e in __GI___fortify_fail_abort (need_backtrace=need_backtrace at entry=true, 
    msg=msg at entry=0x7ffff702cfde "buffer overflow detected") at fortify_fail.c:33
#4  0x00007ffff6fb44d1 in __GI___fortify_fail (msg=msg at entry=0x7ffff702cfde "buffer overflow detected") at fortify_fail.c:44
#5  0x00007ffff6fb2390 in __GI___chk_fail () at chk_fail.c:28
#6  0x00007ffff6fb17c9 in __strncpy_chk (s1=<optimized out>, s2=<optimized out>, n=<optimized out>, s1len=s1len at entry=100)
    at strncpy_chk.c:26
#7  0x00005555555698f8 in strncpy (__len=<optimized out>, __src=<optimized out>, __dest=<optimized out>)
    at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106
#8  get_label_2 (misc=misc at entry=0x7fffffffc6e0, daisy=daisy at entry=0x555555634400, indent=indent at entry=1) at daisy2.02.c:173
#9  0x0000555555569c4d in fill_daisy_struct_2 (misc=0x7fffffffc6e0, my_attribute=0x7fffffffb2c0, daisy=0x555555634400)
    at daisy2.02.c:265
#10 0x000055555555af19 in main (argc=<optimized out>, argv=<optimized out>) at daisy-player.c:2186

-- System Information:
Debian Release: buster/sid
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages daisy-player depends on:
ii  libc6              2.27-6
ii  libcdio-cdda2      10.2+0.94+2-4
ii  libcdio-paranoia2  10.2+0.94+2-4
ii  libcdio18          2.0.0-2
ii  libmad0            0.15.1b-9
ii  libmagic1          1:5.34-2
ii  libncursesw6       6.1+20181013-1
ii  libpulse0          12.0-1
ii  libsox-fmt-mp3     14.4.2-3
ii  libsox-fmt-pulse   14.4.2-3
ii  libsox3            14.4.2-3
ii  libtinfo6          6.1+20181013-1
ii  libxml2            2.9.4+dfsg1-7+b1
ii  udisks2            2.8.1-1
ii  unar               1.10.1-2+b2

Versions of packages daisy-player recommends:
ii  libcddb-get-perl  2.28-2

daisy-player suggests no packages.

-- debconf-show failed

More information about the Pkg-a11y-devel mailing list