grip buffer overflow in intrepid
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Grip |
Unknown
|
Unknown
|
|||
grip (Fedora) |
Fix Released
|
Medium
|
|||
grip (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
It seems that the latest upgrade of libc (from last night) has now rendered grip unstable, this is the trace I get when the program crashes without finishing to even rip a CD:
frlinux@ubuntu:~$ grip
*** buffer overflow detected ***: grip terminated
======= Backtrace: =========
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
/lib/tls/
grip[0x8063add]
grip[0x806059b]
grip[0x8050788]
grip[0x804eca3]
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
grip[0x804ec78]
grip[0x804ea22]
/lib/tls/
grip[0x804e961]
======= Memory map: ========
08048000-08076000 r-xp 00000000 08:06 288997 /usr/bin/grip
08076000-08077000 r--p 0002e000 08:06 288997 /usr/bin/grip
08077000-0807b000 rw-p 0002f000 08:06 288997 /usr/bin/grip
0807b000-080a8000 rw-p 0807b000 00:00 0
093b1000-09d85000 rw-p 093b1000 00:00 0 [heap]
b2000000-b20d8000 rw-p b2000000 00:00 0
b20d8000-b2100000 ---p b20d8000 00:00 0
b21dd000-b228a000 rw-p b21dd000 00:00 0
b228a000-b228b000 ---p b228a000 00:00 0
b228b000-b2a8b000 rw-p b228b000 00:00 0
b2a8b000-b2a8c000 r-xp 00000000 08:06 345134 /usr/lib/
b2a8c000-b2a8d000 r--p 00000000 08:06 345134 /usr/lib/
b2a8d000-b2a8e000 rw-p 00001000 08:06 345134 /usr/lib/
b2a8e000-b2ace000 rw-p b2a8e000 00:00 0
b2ace000-b2eb1000 r--p 00000000 08:06 530153 /usr/share/
b2eb1000-b2f9b000 rw-p b2eb1000 00:00 0
b2f9b000-b2fb4000 r--p 00000000 08:06 375721 /usr/share/
b2fb4000-b2fc0000 r--p 00000000 08:06 342641 /usr/share/
b2fc0000-b3001000 rw-p b2fc0000 00:00 0
b3001000-b3384000 r--p 00000000 08:06 530152 /usr/share/
b3384000-b33b5000 rw-p b3384000 00:00 0
b33b5000-b3b1f000 r--p 00000000 08:06 399058 /usr/share/
b3b1f000-b3b78000 rw-p b3b1f000 00:00 0
b3b78000-b4f8d000 r--p 00000000 08:06 376336 /usr/share/
b4f8d000-b4fed000 rw-p b4f8d000 00:00 0
b4fed000-b6402000 r--p 00000000 08:06 376336 /usr/share/
b641a000-b6427000 r--p 00000000 08:06 342643 /usr/share/
b6427000-b646e000 r--p 00000000 08:06 400434 /usr/share/
b646e000-b64ba000 r--p 00000000 08:06 400433 /usr/share/
b64ba000-b64bb000 r--p 00000000 08:06 433597 /usr/share/
b64bb000-b65bf000 rw-p b64bb000 00:00 0
b65bf000-b6654000 r--p 00000000 08:06 400431 /usr/share/
b6654000-b6656000 r-xp 00000000 08:06 342928 /usr/lib/
b6656000-b6657000 r--p 00001000 08:06 342928 /usr/lib/
b6657000-b6658000 rw-p 00002000 08:06 342928 /usr/lib/
b6658000-b665e000 r--s 00000000 08:06 537625 /var/cache/
b665e000-b6661000 r--s 00000000 08:06 537641 /var/cache/
b6661000-b6662000 r--s 00000000 08:06 537640 /var/cache/
b6662000-b6665000 r--s 00000000 08:06 537639 /var/cache/
b6665000-b666c000 r--s 00000000 08:06 540746 /var/cache/
b666c000-b666f000 r--s 00000000 08:06 537637 /var/cache/
b666f000-b6677000 r--s 00000000 08:06 537636 /var/cache/
b6677000-b6682000 r--s 00000000 08:06 537635 /var/cache/
b6682000-b6685000 r--s 00000000 08:06 537633 /var/cache/
b6685000-b668c000 r--s 00000000 08:06 537632 /var/cache/
b668c000-b6692000 r--s 00000000 08:06 537624 /var/cache/
b6692000-b6694000 r--s 00000000 08:06 537627 /var/cache/
b6694000-b66f4000 rw-s 00000000 00:09 720913 /SYSV00000000 (deleted)
b66f4000-b66fa000 r-xp 00000000 08:06 345062 /usr/lib/
b66fa000-b66fb000 r--p 00005000 08:06 345062 /usr/lib/
b66fb000-b66fc000 rw-p 00006000 08:06 345062 /usr/lib/
b66fc000-b675c000 rw-s 00000000 00:09 688139 /SYSV00000000 (deleted)
b675c000-b67f2000 rw-p b675c000 00:00 0
b67f2000-b6811000 r-xp 00000000 08:06 362546 /usr/lib/
b6811000-b6812000 r--p 0001e000 08:06 362546 /usr/lib/
b6812000-b6813000 rw-p 0001f000 08:06 362546 /usr/lib/
b6813000-b681a000 r--p 00000000 08:06 318601 /usr/share/
b681a000-b681e000 r-xp 00000000 08:06 343263 /usr/lib/
b681e000-b681f000 r--p 00003000 08:06 343263 /usr/lib/
b681f000-b6820000 rw-p 00004000 08:06 343263 /usr/lib/
b6820000-b6842000 r--p 00000000 08:06 684227 /usr/share/
b6842000-b684d000 r--p 00000000 08:06 684406 /usr/share/
b684d000-b684e000 rw-p b684d000 00:00 0
b684e000-b6851000 r--p 00000000 08:06 318636 /usr/share/
b6851000-b685b000 r-xp 00000000 08:06 277062 /lib/tls/
b685b000-b685c000 r--p 00009000 08:06 277062 /lib/tls/
b685c000-b685d000 rw-p 0000a000 08:06 277062 /lib/tls/
b685d000-b6866000 r-xp 00000000 08:06 277065 /lib/tls/
b6866000-b6867000 r--p 00008000 08:06 277065 /lib/tls/
b6867000-b6868000 rw-p 00009000 08:06 277065 /lib/tls/
b6868000-b686f000 r-xp 00000000 08:06 277060 /lib/tls/
b686f000-b6870000 r--p 00006000 08:06 277060 /lib/tls/
b6870000-b6871000 rw-p 00007000 08:06 277060 /lib/tls/
b6871000-b6883000 r--p 00000000 08:06 684418 /usr/share/
b6883000-b68aa000 r--p 00000000 08:06 318626 /usr/share/
b68aa000-b68b3000 r--p 00000000 08:06 684371 /usr/share/
b68b3000-b68b4000 r-xp 00000000 08:06 287632 /usr/lib/
b68b4000-b68b5000 r--p 00001000 08:06 287632 /usr/lib/
b68b5000-b68b6000 rw-p 00002000 08:06 287632 /usr/lib/
b68b6000-b68bc000 r--p 00000000 08:06 285516 /usr/share/
b68bc000-b68fb000 r--p 00000000 08:06 309678 /usr/lib/
b68fb000-b69dc000 r--p 00000000 08:06 309681 /usr/lib/
b69dc000-b69e1000 rw-p b69dc000 00:00 0
b69e1000-b69e4000 r-xp 00000000 08:06 277146 /lib/libgpg-
b69e4000-b69e5000 rw-p 00002000 08:06 277146 /lib/libgpg-
b69e5000-b6aa8000 r-xp 00000000 08:06 285978 /usr/lib/
b6aa8000-b6aaa000 r--p 000c2000 08:06 285978 /usr/lib/
b6aaa000-b6aad000 rw-p 000c4000 08:06 285978 /usr/lib/
b6aad000-b6aae000 rw-p b6aad000 00:00 0
b6aae000-b6ac3000 r-xp 00000000 08:06 277058 /lib/tls/
b6ac3000-b6ac4000 r--p 00014000 08:06 277058 /lib/tls/
b6ac4000-b6ac5000 rw-p 00015000 08:06 277058 /lib/tls/
b6ac5000-b6ac7000 rw-p b6ac5000 00:00 0
b6ac7000-b6ac9000 r-xp 00000000 08:06 277137 /lib/libkeyutil
b6ac9000-b6acb000 rw-p 00001000 08:06 277137 /lib/libkeyutil
b6acb000-b6ad2000 r-xp 00000000 08:06 287589 /usr/lib/
b6ad2000-b6ad3000 r--p 00006000 08:06
[1]+ Abandon (core dumped) grip
Changed in grip (Fedora): | |
status: | Unknown → Fix Released |
Changed in grip (Fedora): | |
importance: | Unknown → Medium |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050524 Fedora/1.0.4-4 Firefox/1.0.4
Description of problem:
I get this giant buffer overflow when ripping. It occurs at random times in the beginning of the ripping process (track 1-3 of an 11 track cd). My FC4 is a fresh install.
Also Grip often completely fails ripping because of this:
Error trying to open /dev/hdd exclusively (Device or resource busy). retrying in 1 second.
Then later it will crash with the usual buffer overflow:
*** buffer overflow detected ***: grip terminated so.6(__ chk_fail+ 0x41)[0xec8565] so.6(__ vsprintf_ chk+0x0) [0xec7e30] so.6(_IO_ default_ xsputn+ 0x97)[0xe4ab58] so.6(_IO_ vfprintf+ 0xd92)[ 0xe25af4] so.6(__ vsprintf_ chk+0xa1) [0xec7ed1] so.6(__ sprintf_ chk+0x30) [0xec7e24] le+0x2a0) [0x8063ea0] rogress+ 0x1096) [0x8062a06] +0xcc)[ 0x804fd28] libglib- 2.0.so. 0[0x30ef06] libglib- 2.0.so. 0(g_main_ context_ dispatch+ 0x1dc)[ 0x30d3ee] libglib- 2.0.so. 0[0x3103f6] libglib- 2.0.so. 0(g_main_ loop_run+ 0x1a1)[ 0x3106e3] libgtk- x11-2.0. so.0(gtk_ main+0xb4) [0x64b1b5] 0x22c)[ 0x804f29b] so.6(__ libc_start_ main+0xc6) [0xdfede6] libz.so. 1.2.2.2 libz.so. 1.2.2.2 libfreetype. so.6.3. 7 libfreetype. so.6.3. 7 libfontconfig. so.1.0. 4001b2000- 001b5000 rwxp 00026000 03:05 1460020 /usr/lib/ libfontconfig. so.1.0. 4001b5000- 001b6000 rwxp 001b5000 00:00 0 lib/X11/ locale/ lib/common/ xlcUTF8Load. so.2 lib/X11/ locale/ lib/common/ xlcUTF8Load. so.2 lib/libXft. so.2.1. 2 lib/libXft. so.2.1. 2 libcdda_ interface. so.0.9. 8 libcdda_ interface. so.0.9. 8 libcdda_ paranoia. so.0.9. 8 libcdda_ paranoia. so.0.9. 8 libpopt. so.0.0. 0 libpopt. so.0.0. 0 err.so. 2.1 err.so. 2.1 libvte. so.4.4. 0 libvte. so.4.4. 0 libgnomecanvas- 2.so.0. 1000.0 libgnomecanvas- ...
======= Backtrace: =========
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
/lib/libc.
grip(ID3v2TagFi
grip(UpdateRipP
grip(GripUpdate
grip[0x804f31c]
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
/usr/lib/
grip(Cmain+
/lib/libc.
grip[0x804ef91]
======= Memory map: ========
00111000-00123000 r-xp 00000000 03:05 1460009 /usr/lib/
00123000-00124000 rwxp 00011000 03:05 1460009 /usr/lib/
00124000-00185000 r-xp 00000000 03:05 1460018 /usr/lib/
00185000-0018c000 rwxp 00061000 03:05 1460018 /usr/lib/
0018c000-001b2000 r-xp 00000000 03:05 1460020 /usr/lib/
001b6000-001b7000 r-xp 00000000 03:05 1598576 /usr/X11R6/
001b7000-001b8000 rwxp 00000000 03:05 1598576 /usr/X11R6/
001b8000-001ca000 r-xp 00000000 03:05 1460021 /usr/X11R6/
001ca000-001cb000 rwxp 00012000 03:05 1460021 /usr/X11R6/
001cb000-001dc000 r-xp 00000000 03:05 1449262 /usr/lib/
001dc000-001dd000 rwxp 00011000 03:05 1449262 /usr/lib/
001dd000-001e4000 r-xp 00000000 03:05 1452110 /usr/lib/
001e4000-001e5000 rwxp 00007000 03:05 1452110 /usr/lib/
001e5000-001ec000 r-xp 00000000 03:05 1460035 /usr/lib/
001ec000-001ed000 rwxp 00006000 03:05 1460035 /usr/lib/
001ed000-001ef000 r-xp 00000000 03:05 621895 /lib/libcom_
001ef000-001f0000 rwxp 00001000 03:05 621895 /lib/libcom_
001f2000-002a6000 r-xp 00000000 03:05 1454020 /usr/lib/
002a6000-002af000 rwxp 000b3000 03:05 1454020 /usr/lib/
002af000-002d5000 r-xp 00000000 03:05 1460066 /usr/lib/
002d5000-002d8000 rwxp 00025000 03:05 1460066 /usr/lib/