Ubuntu
espeak package

buffer overflow

Bug #736742 reported by levu
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
espeak (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: espeak

*** buffer overflow detected ***: espeak terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x50)[0x5a7cb0]
/lib/i386-linux-gnu/libc.so.6(+0xe4b8a)[0x5a6b8a]
/lib/i386-linux-gnu/libc.so.6(__strcpy_chk+0x3f)[0x5a5f1f]
/usr/lib/libespeak.so.1(+0xa2cc)[0xb772cc]
/usr/lib/libespeak.so.1(+0xac3f)[0xb77c3f]
/usr/lib/libespeak.so.1(+0x1f7cf)[0xb8c7cf]
/usr/lib/libespeak.so.1(+0x20981)[0xb8d981]
/usr/lib/libespeak.so.1(+0x228be)[0xb8f8be]
/usr/lib/libespeak.so.1(+0x1dd95)[0xb8ad95]
/usr/lib/libespeak.so.1(+0x32f9)[0xb702f9]
/usr/lib/libespeak.so.1(+0x38ba)[0xb708ba]
/usr/lib/libespeak.so.1(+0x2e4b4)[0xb9b4b4]
/usr/lib/libespeak.so.1(+0x2f3a8)[0xb9c3a8]
/lib/i386-linux-gnu/libpthread.so.0(+0x5e99)[0xc9ee99]
/lib/i386-linux-gnu/libc.so.6(clone+0x5e)[0x5925fe]
======= Memory map: ========
00110000-00134000 r-xp 00000000 08:09 1850935 /lib/i386-linux-gnu/libm-2.13.so
00134000-00135000 r--p 00023000 08:09 1850935 /lib/i386-linux-gnu/libm-2.13.so
00135000-00136000 rw-p 00024000 08:09 1850935 /lib/i386-linux-gnu/libm-2.13.so
00136000-001fd000 r-xp 00000000 08:09 135068 /usr/lib/libasound.so.2.0.0
001fd000-00201000 r--p 000c6000 08:09 135068 /usr/lib/libasound.so.2.0.0
00201000-00202000 rw-p 000ca000 08:09 135068 /usr/lib/libasound.so.2.0.0
00202000-00204000 r-xp 00000000 08:09 1850934 /lib/i386-linux-gnu/libdl-2.13.so
00204000-00205000 r--p 00001000 08:09 1850934 /lib/i386-linux-gnu/libdl-2.13.so
00205000-00206000 rw-p 00002000 08:09 1850934 /lib/i386-linux-gnu/libdl-2.13.so
00206000-002e5000 r-xp 00000000 08:09 131725 /usr/lib/libstdc++.so.6.0.14
002e5000-002e9000 r--p 000de000 08:09 131725 /usr/lib/libstdc++.so.6.0.14
002e9000-002ea000 rw-p 000e2000 08:09 131725 /usr/lib/libstdc++.so.6.0.14
002ea000-002f1000 rw-p 00000000 00:00 0
002f4000-0040a000 r-xp 00000000 08:09 134994 /usr/lib/libX11.so.6.3.0
0040a000-0040b000 ---p 00116000 08:09 134994 /usr/lib/libX11.so.6.3.0
0040b000-0040c000 r--p 00116000 08:09 134994 /usr/lib/libX11.so.6.3.0
0040c000-0040e000 rw-p 00117000 08:09 134994 /usr/lib/libX11.so.6.3.0
0040e000-0040f000 rw-p 00000000 00:00 0
0040f000-00423000 r-xp 00000000 08:09 134973 /usr/lib/libICE.so.6.3.0
00423000-00424000 r--p 00013000 08:09 134973 /usr/lib/libICE.so.6.3.0
00424000-00425000 rw-p 00014000 08:09 134973 /usr/lib/libICE.so.6.3.0
00425000-00427000 rw-p 00000000 00:00 0
00427000-0042d000 r-xp 00000000 08:09 134990 /usr/lib/libSM.so.6.0.1
0042d000-0042e000 r--p 00005000 08:09 134990 /usr/lib/libSM.so.6.0.1
0042e000-0042f000 rw-p 00006000 08:09 134990 /usr/lib/libSM.so.6.0.1
0042f000-00476000 r-xp 00000000 08:09 132220 /usr/lib/libpulsecommon-0.9.22.so
00476000-00477000 r--p 00046000 08:09 132220 /usr/lib/libpulsecommon-0.9.22.so
00477000-00478000 rw-p 00047000 08:09 132220 /usr/lib/libpulsecommon-0.9.22.so
00478000-004b3000 r-xp 00000000 08:09 1839482 /lib/libdbus-1.so.3.5.4
004b3000-004b4000 r--p 0003a000 08:09 1839482 /lib/libdbus-1.so.3.5.4
004b4000-004b5000 rw-p 0003b000 08:09 1839482 /lib/libdbus-1.so.3.5.4
004b5000-004b7000 r-xp 00000000 08:09 134998 /usr/lib/libXau.so.6.0.0
004b7000-004b8000 r--p 00001000 08:09 134998 /usr/lib/libXau.so.6.0.0
004b8000-004b9000 rw-p 00002000 08:09 134998 /usr/lib/libXau.so.6.0.0
004b9000-004c0000 r-xp 00000000 08:09 1838789 /lib/libwrap.so.0.7.6
004c0000-004c1000 r--p 00006000 08:09 1838789 /lib/libwrap.so.0.7.6
004c1000-004c2000 rw-p 00007000 08:09 1838789 /lib/libwrap.so.0.7.6
004c2000-0061c000 r-xp 00000000 08:09 1850931 /lib/i386-linux-gnu/libc-2.13.so
0061c000-0061d000 ---p 0015a000 08:09 1850931 /lib/i386-linux-gnu/libc-2.13.so
0061d000-0061f000 r--p 0015a000 08:09 1850931 /lib/i386-linux-gnu/libc-2.13.so
0061f000-00620000 rw-p 0015c000 08:09 1850931 /lib/i386-linux-gnu/libc-2.13.so
00620000-00623000 rw-p 00000000 00:00 0
00623000-00630000 r-xp 00000000 08:09 135011 /usr/lib/libXext.so.6.4.0
00630000-00631000 r--p 0000c000 08:09 135011 /usr/lib/libXext.so.6.4.0
00631000-00632000 rw-p 0000d000 08:09 135011 /usr/lib/libXext.so.6.4.0
00632000-00692000 r-xp 00000000 08:09 135850 /usr/lib/libsndfile.so.1.0.23
00692000-00693000 r--p 00060000 08:09 135850 /usr/lib/libsndfile.so.1.0.23
00693000-00694000 rw-p 00061000 08:09 135850 /usr/lib/libsndfile.so.1.0.23
00694000-00698000 rw-p 00000000 00:00 0
00698000-006ab000 r-xp 00000000 08:09 1850937 /lib/i386-linux-gnu/libnsl-2.13.so
006ab000-006ac000 r--p 00012000 08:09 1850937 /lib/i386-linux-gnu/libnsl-2.13.so
006ac000-006ad000 rw-p 00013000 08:09 1850937 /lib/i386-linux-gnu/libnsl-2.13.so
006ad000-006af000 rw-p 00000000 00:00 0
006af000-006f9000 r-xp 00000000 08:09 134956 /usr/lib/libFLAC.so.8.2.0
006f9000-006fa000 r--p 00049000 08:09 134956 /usr/lib/libFLAC.so.8.2.0
006fa000-006fb000 rw-p 0004a000 08:09 134956 /usr/lib/libFLAC.so.8.2.0
006fb000-00720000 r-xp 00000000 08:09 135956 /usr/lib/libvorbis.so.0.4.5
00720000-00721000 r--p 00025000 08:09 135956 /usr/lib/libvorbis.so.0.4.5
00721000-00722000 rw-p 00026000 08:09 135956 /usr/lib/libvorbis.so.0.4.5
00722000-00727000 r-xp 00000000 08:09 135696 /usr/lib/libogg.so.0.7.0
00727000-00728000 r--p 00004000 08:09 135696 /usr/lib/libogg.so.0.7.0
00728000-00729000 rw-p 00005000 08:09 135696 /usr/lib/libogg.so.0.7.0
00729000-0073c000 r-xp 00000000 08:09 136115 /usr/lib/alsa-lib/libasound_module_pcm_bluetooth.so
0073c000-0073d000 r--p 00012000 08:09 136115 /usr/lib/alsa-lib/libasound_module_pcm_bluetooth.so
0073d000-0073e000 rw-p 00013000 08:09 136115 /usr/lib/alsa-lib/libasound_module_pcm_bluetooth.so
0073e000-00742000 r-xp 00000000 08:09 133506 /usr/lib/alsa-lib/libasound_module_pcm_pulse.so
00742000-00743000 r--p 00004000 08:09 133506 /usr/lib/alsa-lib/libasound_module_pcm_pulse.so
00743000-00744000 rw-p 00005000 08:09 133506 /usr/lib/alsa-lib/libasound_module_pcm_pulse.so
00744000-0074a000 r-xp 00000000 08:09 1850938 /lib/i386-linux-gnu/libnss_compat-2.13.so
0074a000-0074b000 r--p 00005000 08:09 1850938 /lib/i386-linux-gnu/libnss_compat-2.13.so
0074b000-0074c000 rw-p 00006000 08:09 1850938 /lib/i386-linux-gnu/libnss_compat-2.13.so
0074c000-00756000 r-xp 00000000 08:09 1850940 /lib/i386-linux-gnu/libnss_files-2.13.so
00756000-00757000 r--p 00009000 08:09 1850940 /lib/i386-linux-gnu/libnss_files-2.13.so
00757000-00758000 rw-p 0000a000 08:09 1850940 /lib/i386-linux-gnu/libnss_files-2.13.so
00812000-00816000 r-xp 00000000 08:09 135009 /usr/lib/libXdmcp.so.6.0.0
00816000-00817000 r--p 00003000 08:09 135009 /usr/lib/libXdmcp.so.6.0.0
00817000-00818000 rw-p 00004000 08:09 135009 /usr/lib/libXdmcp.so.6.0.0
0083c000-00858000 r-xp 00000000 08:09 1839484 /lib/i386-linux-gnu/ld-2.13.soAborted (core dumped)

Text tried to speak:

Jupiter

The atmosphere of Jupiter contains hydrogen, helium, methane, ammonia, ethane, acetylene, phosphine, water vapor, carbon monoxide.

Source: WorldBook
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

He failed at the word Source. the S i could hear, but than it failed.

Tags: a11y natty
Revision history for this message
levu (levu) wrote :

$ uname -a
Linux florian-new-desktop 2.6.38-6-generic #34-Ubuntu SMP Tue Mar 8 14:09:10 UTC 2011 i686 athlon i386 GNU/Linux

$ apt-cache showpkg espeak
Package: espeak
Versions:
1.44.05-1ubuntu1 (/var/lib/apt/lists/intranet:9999_de.archive.ubuntu.com_ubuntu_dists_natty_main_binary-i386_Packages) (/var/lib/dpkg/status)
 Description Language: de
                 File: /var/lib/apt/lists/intranet:9999_de.archive.ubuntu.com_ubuntu_dists_natty_main_i18n_Translation-de
                  MD5: f3f54070cc6374d32ab446631b4e47c9
 Description Language:
                 File: /var/lib/apt/lists/intranet:9999_de.archive.ubuntu.com_ubuntu_dists_natty_main_binary-i386_Packages
                  MD5: f3f54070cc6374d32ab446631b4e47c9

Do you need anything else?

tags: added: natty
Marc Deslauriers (mdeslaur)
security vulnerability: yes → no
visibility: private → public
Charlie Kravetz (cjkgeek)
tags: added: a11y
Revision history for this message
Jonathan Duddington (jonsd) wrote :

This is fixed in Ubuntu Oneiric (eSpeak 1.45.04)

Changed in espeak (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.