Ubuntu
xmms2 package

[SRU] `xmms2 add --playlist ... ` causes a core dump

Bug #2018449 reported by Grizzly(Francis Smit)
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
xmms2 (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Mantic
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

xmms2 client cli will crash with a buffer overflow if the real path of the files is longer than 255 bytes.
The user will see:

*** buffer overflow detected ***: terminated
Aborted (core dumped)

[ Test Plan ]

* copy few mp3 files to a folder, I will use a folder named "testmp3"
* Use the following command to create a playlist
xmms2 playlist create testlist
* Try adding the mp3 files to the list:
xmms2 add --playlist testlist testmp3/*

If the package is not fixed it will crash, with the fixed package it will not crash and add it to the playlist.

[ Where problems could occur ]

 * This patch has been accepted upstream and is only modifying the size of the local buffer where the path is stored. There is minimum chance of regression just for this patch.

[ Other Info ]

* There might be other parts of the code which are still using the old buffer size and might cause some other problem.

[ Original Bug Description ]

1) The release of Ubuntu you are using, via?
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.04
Release: 23.04

2) The version of the package you are using, via?
$ apt-cache policy xmms2
xmms2:
  Installed: 0.8+dfsg-22ubuntu6
  Candidate: 0.8+dfsg-22ubuntu6
  Version table:
 *** 0.8+dfsg-22ubuntu6 500
        500 http://au.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages
        100 /var/lib/dpkg/status

3). I ran $ xmms2 add --playlist These+Same+Skies "/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/"*
I expected it to populate the playlist `These+Same+Skies` that I had already created withthe files in thee directory `/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/` it always worked before.

4) it core dumped like so

$ xmms2 add --playlist These+Same+Skies "/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/"*
*** buffer overflow detected ***: terminated
Aborted (core dumped)

ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: xmms2 0.8+dfsg-22ubuntu6
ProcVersionSignature: Ubuntu 6.2.0-20.20-generic 6.2.6
Uname: Linux 6.2.0-20-generic x86_64
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu May 4 16:11:01 2023
InstallationDate: Installed on 2023-04-21 (12 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020)
SourcePackage: xmms2
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
Grizzly(Francis Smit) (grizzly-smit) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in xmms2 (Ubuntu):
status: New → Confirmed
Revision history for this message
rew (r-e-wolff) wrote :

Affects me since at least sept 2022. I've been using a workaround (i.e. not using xmms2) since about that time.

Revision history for this message
rew (r-e-wolff) wrote :

Any progress on this???

I've tried to help by
- recompiling the sources for my system. Same problem.
- adding a debug statement: dpkg-buildpackage complains.
- I tried recompiling the sources left behind. They complain. Apparently dpkg provides some required "environment".
- recompiling that way is slow: It always restarts at at the configure stage and a clean build.
- I tried compiling the github stable sources. I can't get them to compile.
- I tried compileing the devel sources. I can't get them to compile.
- I tried running gdb on the binary built, but that one "has no symbols" so not useful.

So after 3 hours of "trying to pinpoint the problem" I've made zero progress and I'm giving up. Someone else will have to take a look. :-(

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I have tested and confirmed that the bug is reproduced in Noble, Mantic and Jammy. Also tested and confirmed that Focal is not affected.

Sudip Mukherjee (sudipmuk)
Changed in xmms2 (Ubuntu):
status: Confirmed → In Progress
Changed in xmms2 (Ubuntu Jammy):
status: New → In Progress
Changed in xmms2 (Ubuntu Mantic):
status: New → In Progress
Changed in xmms2 (Ubuntu):
status: In Progress → Confirmed
Changed in xmms2 (Ubuntu Jammy):
status: In Progress → Confirmed
Changed in xmms2 (Ubuntu Mantic):
status: In Progress → Confirmed
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I have raised an upstream PR with the fix at https://github.com/xmms2/xmms2-devel/pull/34.
Will add debdiffs here with the fix.

Changed in xmms2 (Ubuntu):
status: Confirmed → In Progress
Changed in xmms2 (Ubuntu Jammy):
status: Confirmed → In Progress
Changed in xmms2 (Ubuntu Mantic):
status: Confirmed → In Progress
Changed in xmms2 (Ubuntu):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in xmms2 (Ubuntu Jammy):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Changed in xmms2 (Ubuntu Mantic):
assignee: nobody → Sudip Mukherjee (sudipmuk)
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Noble attached.

This is an orphan package in Debian. I will do the QA upload after the Debian transitions are complete.

summary: - `xmms2 add --playlist ... ` causes a core dump
+ [SRU] `xmms2 add --playlist ... ` causes a core dump
description: updated
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Mantic

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

debdiff for Jammy

Changed in xmms2 (Ubuntu):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in xmms2 (Ubuntu Jammy):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in xmms2 (Ubuntu Mantic):
assignee: Sudip Mukherjee (sudipmuk) → nobody
Changed in xmms2 (Ubuntu):
status: In Progress → Confirmed
Changed in xmms2 (Ubuntu Jammy):
status: In Progress → Confirmed
Changed in xmms2 (Ubuntu Mantic):
status: In Progress → Confirmed
Revision history for this message
Dave Jones (waveform) wrote (last edit ):

The patches look fine and certainly fix the issue described. One thing that does concern me slightly is that this only patches one instance of XMMS_PATH_MAX and there's several more scattered throughout the code that look like they could potentially be hit by long pathnames. Wouldn't it be preferable to simply #define XMMS_PATH_MAX PATH_MAX in xmmsc_util.h

Anyway, I'll sponsor this as is but I've added a note to the upstream PR.

Revision history for this message
Timo Aaltonen (tjaalton) wrote : Please test proposed package

Hello Grizzly(Francis, or anyone else affected,

Accepted xmms2 into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xmms2/0.8+dfsg-23ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in xmms2 (Ubuntu):
status: Confirmed → Fix Committed
Changed in xmms2 (Ubuntu Mantic):
status: Confirmed → Fix Committed
tags: added: verification-needed verification-needed-mantic
Changed in xmms2 (Ubuntu Jammy):
status: Confirmed → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Hello Grizzly(Francis, or anyone else affected,

Accepted xmms2 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/xmms2/0.8+dfsg-22ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmms2 - 0.8+dfsg-24ubuntu1

---------------
xmms2 (0.8+dfsg-24ubuntu1) noble; urgency=medium

  * Fix coredump with long pathnames. (LP: #2018449)

 -- Sudip Mukherjee <email address hidden> Mon, 25 Mar 2024 15:13:58 +0000

Changed in xmms2 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that the xmms2 package in jammy-proposed has fixed the bug for me.

Test done:

1. Install xmms2 from jammy-proposed
2. create a playlist
3. Add few mp3 to the playlist according to the testplan
4. Switch the test playlist with the command "xmms2 playlist switch"
5. Execute "xmms2 list" to confirm that the mp3 were successfully added to the list

Test result: the errors with xmms2 has been fixed.

Package tested:

$ apt-cache policy xmms2
xmms2:
  Installed: 0.8+dfsg-22ubuntu0.1
  Candidate: 0.8+dfsg-22ubuntu0.1
  Version table:
 *** 0.8+dfsg-22ubuntu0.1 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.8+dfsg-22build3 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages

Revision history for this message
Sudip Mukherjee (sudipmuk) wrote :

I can confirm that the xmms2 package in mantic-proposed has fixed the bug for me.

Test done:

1. Install xmms2 from mantic-proposed
2. create a playlist
3. Add few mp3 to the playlist according to the testplan
4. Switch the test playlist with the command "xmms2 playlist switch"
5. Execute "xmms2 list" to confirm that the mp3 were successfully added to the list

Test result: the errors with xmms2 has been fixed.

Package tested:

$ apt-cache policy xmms2
xmms2:
  Installed: 0.8+dfsg-23ubuntu0.1
  Candidate: 0.8+dfsg-23ubuntu0.1
  Version table:
 *** 0.8+dfsg-23ubuntu0.1 100
        100 http://us.archive.ubuntu.com/ubuntu mantic-proposed/universe amd64 Packages
        100 /var/lib/dpkg/status
     0.8+dfsg-23build1 500
        500 http://us.archive.ubuntu.com/ubuntu mantic/universe amd64 Packages

tags: added: verification-done verification-done-jammy verification-done-mantic
removed: verification-needed verification-needed-jammy verification-needed-mantic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmms2 - 0.8+dfsg-23ubuntu0.1

---------------
xmms2 (0.8+dfsg-23ubuntu0.1) mantic; urgency=medium

  * Fix coredump with long pathnames. (LP: #2018449)

 -- Sudip Mukherjee <email address hidden> Sun, 10 Mar 2024 21:47:54 +0000

Changed in xmms2 (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for xmms2 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xmms2 - 0.8+dfsg-22ubuntu0.1

---------------
xmms2 (0.8+dfsg-22ubuntu0.1) jammy; urgency=medium

  * Fix coredump with long pathnames. (LP: #2018449)

 -- Sudip Mukherjee <email address hidden> Sun, 10 Mar 2024 21:57:26 +0000

Changed in xmms2 (Ubuntu Jammy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.