Bug#694260: Fwd: Re: [Bug-freedink] Bug#694260: freedink: Stack corruption

Manuel A. Fernandez Montecelo manuel.montezelo at gmail.com
Sat Jun 8 22:42:48 UTC 2013 

Control: forwarded -1 http://bugzilla.libsdl.org/show_bug.cgi?id=1905

2013/5/11 Bas Wijnen <wijnen at debian.org>:
> (gdb) bt
> #0  0xb7fde424 in __kernel_vsyscall ()
> #1  0xb7c9882f in raise () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #2  0xb7c9bcf3 in abort () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #3  0xb7cd5285 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #4  0xb7d6de05 in __fortify_fail () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #5  0xb7d6ddba in __stack_chk_fail () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #6  0xb7f904c4 in __stack_chk_fail_local () from /usr/lib/i386-linux-gnu/libSDL_mixer-1.2.so.0
> #7  0xb7f8b3e3 in read_midi_file (mrw=mrw at entry=0x8c7b230, count=count at entry=0xbfffe7bc, sp=sp at entry=0x8c82228) at timidity/readmidi.c:1070
> #8  0xb7f88e8e in Timidity_LoadSong_RW (rw=rw at entry=0x8c7b230, freerw=freerw at entry=1) at timidity/playmidi.c:1690
> #9  0xb7f7fe28 in Mix_LoadMUSType_RW 0x0805eb45 in ?? ()
> #14 0x080507ae in ?? ()
> #15 0x0805d604 in ?? ()
> #16 0x0804e09a in ?? ()
> #17 0x0804e323 in ?? ()
> #18 0x08078e4c in ?? ()
> #19 0x0804ba4d in ?? ()
> #20 0xb7c838f5 in __libc_start_main () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
> #21 0x0804baed in ?? ()

I am no expert in these matters, but as you said in the beggining of
the bug report, what this backtrace suggests is that when trying to
load a midi song and reading the file, the program manages to corrupt
the stack, which triggers the exceptions/signals/etc provided by the
fortifying functionality in order to prevent security problems.

I am not sure if this is due to the fortifying options when compiling
sdl-mixer or freedink, but in any case I think that it would be very
unwise to disable them, especially in the libraries, used in many
places including important emulators.

The timidity code was built on ~1995 and has been unmaintained for
many years, so it's not looking good.

I don't really know what else to say, I will forward this upstream and
let's see.

It might be worth trying with libsdl2-mixer (already in NEW queue to
be approved by FTP team), but I guess that it will pull all SDL2
dependencies and not sure if freedink will work with those.


Thanks and cheers.
--
Manuel A. Fernandez Montecelo <manuel.montezelo at gmail.com>

More information about the Pkg-sdl-maintainers mailing list