Ubuntu
rhythmbox package

rhythmbox crashed with SIGSEGV in g_cclosure_marshal_VOID__STRING()

Bug #427602 reported by Kees Cook on 2009-09-10

This bug affects 2 people

	Status	Importance	Assigned to
rhythmbox (Ubuntu)	Invalid	Undecided	Unassigned
Hardy	Won't Fix	Medium	Unassigned
Karmic	Invalid	Undecided	Unassigned

Bug Description

Binary package hint: rhythmbox

CVE-2008-7185

Hardy: http://packetstormsecurity.org/0806-advisories/rhythmbox-dos.txt
Intrepid, Jaunty, Karmic are not affected.

Likely the same as bug 270139.

Seems to be executing heap (!!) after calling playlist_load_ended_cb().

$ mkdir /tmp/i
$ cd /tmp/i
$ apport-unpack /tmp/_usr_bin_rhythmbox.1000.crash .
$ python /usr/share/apport/general-hooks/parse_segv.py Registers Disassembly ProcMaps
executing writable VMA [heap]
reading unknown VMA

Segfault happened at: 0x8461c5e: sbb (%eax),%cl
PC (0x08461c5e) in non-executable VMA region: 0x080dc000-0x08c39000 rw-p [heap]
source "(%eax)" (0x40082ee1) not located in a known VMA region (needed readable region)!
destination "%cl" ok

ProblemType: Crash
Architecture: i386
Date: Thu Sep 10 15:42:22 2009
DistroRelease: Ubuntu 8.04
ExecutablePath: /usr/bin/rhythmbox
Package: rhythmbox 0.11.5-0ubuntu8
PackageArchitecture: i386
ProcCmdline: rhythmbox
ProcEnviron:
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
LANG=en_US.UTF-8
Signal: 11
SourcePackage: rhythmbox
StacktraceTop:
?? ()
?? ()
g_cclosure_marshal_VOID__STRING ()
g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
?? () from /usr/lib/libgobject-2.0.so.0
Title: rhythmbox crashed with SIGSEGV in g_cclosure_marshal_VOID__STRING()
Uname: Linux 2.6.24-24-generic i686
UserGroups: adm admin audio cdrom dialout dip floppy plugdev scanner video

Tags:

Revision history for this message

Kees Cook (kees) wrote on 2009-09-10:

CoreDump.gz Edit (3.5 MiB, application/x-gzip)
Dependencies.txt Edit (6.0 KiB, text/plain; charset="utf-8")
Disassembly.txt Edit (474 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (33.5 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (699 bytes, text/plain; charset="utf-8")
Registers.txt Edit (492 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (2.2 KiB, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (3.4 KiB, text/plain; charset="utf-8")

Kees Cook (kees) on 2009-09-10

visibility:

private → public

Revision history for this message

Kees Cook (kees) wrote on 2009-09-10:

http://git.gnome.org/cgit/rhythmbox/commit/?id=5d8c34c60b6d89c209da2afc3fd2bc62211785e6

security vulnerability:

yes → no

Revision history for this message

Kees Cook (kees) wrote on 2009-09-10:

Looks to be static heap location, unmarking as security for now.

Pedro Villavicencio (pedro) on 2009-09-11

Changed in rhythmbox (Ubuntu):
importance:	Undecided → Medium
status:	New → Confirmed

Kees Cook (kees) on 2009-09-11

Changed in rhythmbox (Ubuntu Karmic):
status:	Confirmed → Invalid
Changed in rhythmbox (Ubuntu Hardy):
importance:	Undecided → Medium
status:	New → Triaged
Changed in rhythmbox (Ubuntu Karmic):
importance:	Medium → Undecided

WOCONNOR8 (woconnor8) on 2010-03-16

Changed in rhythmbox (Ubuntu Hardy):
status:	Triaged → Fix Committed

Revision history for this message

Rolf Leggewie (r0lf) wrote on 2014-11-23:

Hardy has seen the end of its life and is no longer receiving any updates. Marking the Hardy task for this ticket as "Won't Fix".

Changed in rhythmbox (Ubuntu Hardy):
status:	Fix Committed → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubunturhythmbox package

rhythmbox crashed with SIGSEGV in g_cclosure_marshal_VOID__STRING()

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
rhythmbox package