Bug#689659: mpg123 segfaults on specific file
Pavel Machek
pavel at ucw.cz
Sat Oct 6 11:07:55 UTC 2012
On Sat 2012-10-06 03:18:55, Thomas Orgis wrote:
> Am Fri, 5 Oct 2012 22:06:49 +0200
> schrieb Pavel Machek <pavel at ucw.cz>:
>
> > I cut this from the offending file, and it still causes the
> > crash. Is it enough for debugging?
>
> Thanks for the data and no, I cannot reproduce a crash on my main
> system (not debian). I get valgrind to complain about overlapping
> memcpy in the ALSA library, but that's not new and not specific to the
> file.
It does crash even if I just let it decode into a file. So that should
not be alsa.
> I checked a i686 chroot, too, no issue. I guess I'd need to whip out a debian
> install/vm to reproduce. I have intentionally very old glibc here;
> before that infamous memcpy optimization ... which we very well might
> be dealing with here. But a test LD_PRELOAD checking for overlapping
> memcpy didn't trigger, neither.
What is "the infamous memcpy optimization"? I tried brief google, but
nothing. This? http://lwn.net/Articles/417881/ It has no details :-(.
> Can you run under valgrind to check memory issues?
Hopefully I got valgrind right...
pavel at amd:/tmp$ efence mpg123 mp3.bug/cut.mp3
-bash: efence: command not found
pavel at amd:/tmp$ valgrind mpg123 mp3.bug/cut.mp3
==18936== Memcheck, a memory error detector
==18936== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et
al.
==18936== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright
info
==18936== Command: mpg123 mp3.bug/cut.mp3
==18936==
High Performance MPEG 1.0/2.0/2.5 Audio Player for Layer 1, 2 and 3.
Version 0.59o (1998/Feb/08). Written and copyrights by Michael Hipp.
Uses code from various people. See 'README' for more!
THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY! USE AT YOUR OWN RISK!
Title : O SNEHURCE Artist: IVAN MLADEK
Album : POHADKY A JINE POVIDACKY Year: 1994, Genre: 28
Comment:
Directory: mp3.bug/
Playing MPEG stream from cut.mp3 ...
MPEG 1.0 layer III, 128 kbit/s, 44100 Hz joint-stereo
Illegal Audio-MPEG-Header 0xc7ae608a at offset 0x4e3.
Skipped 159 bytes in input.
==18936==
==18936== Process terminating with default action of signal 11
(SIGSEGV): dumping core
==18936== Bad permissions for mapped region at address 0x805EFFC
==18936== at 0x4028E3C: memcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18936== by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936== Invalid read of size 1
==18936== at 0x4008D11: check_match.8610 (dl-lookup.c:134)
==18936== by 0x400936A: do_lookup_x (dl-lookup.c:273)
==18936== by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729)
==18936== by 0x400DC15: _dl_fixup (dl-runtime.c:119)
==18936== by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37)
==18936== by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3)
==18936== by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936== Address 0x1eb is not stack'd, malloc'd or (recently) free'd
==18936==
==18936==
==18936== Process terminating with default action of signal 11
(SIGSEGV)
==18936== Access not within mapped region at address 0x1EB
==18936== at 0x4008D11: check_match.8610 (dl-lookup.c:134)
==18936== by 0x400936A: do_lookup_x (dl-lookup.c:273)
==18936== by 0x4009661: _dl_lookup_symbol_x (dl-lookup.c:729)
==18936== by 0x400DC15: _dl_fixup (dl-runtime.c:119)
==18936== by 0x40139BF: _dl_runtime_resolve (dl-trampoline.S:37)
==18936== by 0x4035E0F: ??? (in /tmp/mp3.bug/cut.mp3)
==18936== by 0x804D322: ??? (in /usr/local/bin/mpg123)
==18936== If you believe this happened as a result of a stack
==18936== overflow in your program's main thread (unlikely but
==18936== possible), you can try to increase the size of the
==18936== main thread stack using the --main-stacksize= flag.
==18936== The main thread stack size used in this run was 8388608.
==18936==
==18936== HEAP SUMMARY:
==18936== in use at exit: 33,808 bytes in 2 blocks
==18936== total heap usage: 2 allocs, 0 frees, 33,808 bytes
allocated
==18936==
==18936== LEAK SUMMARY:
==18936== definitely lost: 0 bytes in 0 blocks
==18936== indirectly lost: 0 bytes in 0 blocks
==18936== possibly lost: 0 bytes in 0 blocks
==18936== still reachable: 33,808 bytes in 2 blocks
==18936== suppressed: 0 bytes in 0 blocks
==18936== Rerun with --leak-check=full to see details of leaked memory
==18936==
==18936== For counts of detected and suppressed errors, rerun with: -v
==18936== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 13 from
6)
Segmentation fault
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
More information about the pkg-multimedia-maintainers
mailing list