Debian
taglib package

baloo_file_extractor crashed with SIGSEGV in memcpy()

Bug #1369111 reported by Matthias Andree
40
This bug affects 4 people
Affects Status Importance Assigned to Milestone
taglib (Debian)
Fix Released
Unknown
taglib (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

This happens during regular desktop use, after removing drives from Kubuntu's exlusion list, so that there were more drives to scan.

ProblemType: Crash
DistroRelease: Ubuntu 14.04
Package: baloo 4:4.13.3-0ubuntu0.1
ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.4
Architecture: amd64
CrashCounter: 1
CurrentDesktop: KDE
Date: Sat Sep 13 17:36:59 2014
ExecutablePath: /usr/bin/baloo_file_extractor
ProcCmdline: /usr/bin/baloo_file_extractor 4752 4751 4750 4749 4748 4747 4746 4745 4743 4741
SegvAnalysis:
 Segfault happened at: 0x7f52bfda1a7e <__memcpy_sse2_unaligned+46>: movdqu -0x10(%rsi,%rdx,1),%xmm8
 PC (0x7f52bfda1a7e) ok
 source "-0x10(%rsi,%rdx,1)" (0x101226e6b) not located in a known VMA region (needed readable region)!
 destination "%xmm8" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: baloo
StacktraceTop:
 TagLib::ByteVector::replace(TagLib::ByteVector const&, TagLib::ByteVector const&) () from /usr/lib/x86_64-linux-gnu/libtag.so.1
 TagLib::ID3v2::SynchData::decode(TagLib::ByteVector const&) () from /usr/lib/x86_64-linux-gnu/libtag.so.1
 TagLib::ID3v2::FrameFactory::createFrame(TagLib::ByteVector const&, TagLib::ID3v2::Header*) const () from /usr/lib/x86_64-linux-gnu/libtag.so.1
 TagLib::ID3v2::Tag::parse(TagLib::ByteVector const&) () from /usr/lib/x86_64-linux-gnu/libtag.so.1
 TagLib::ID3v2::Tag::read() () from /usr/lib/x86_64-linux-gnu/libtag.so.1
Title: baloo_file_extractor crashed with SIGSEGV in TagLib::ByteVector::replace()
UpgradeStatus: Upgraded to trusty on 2014-08-29 (14 days ago)
UserGroups: adm admin audio cdrom dialout dip disk fax floppy fuse libvirtd lpadmin netdev plugdev pulse sambashare saned tape vboxusers video

Revision history for this message
Matthias Andree (matthias-andree) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 memcpy (__len=<optimized out>, __src=0x1226e7c, __dest=0x1226d0a) at /usr/include/x86_64-linux-gnu/bits/string3.h:51
 TagLib::ByteVector::replace (this=this@entry=0x7fffb47d8450, pattern=..., with=...) at ../../taglib/toolkit/tbytevector.cpp:551
 TagLib::ID3v2::SynchData::decode (data=...) at ../../taglib/mpeg/id3v2/id3v2synchdata.cpp:83
 TagLib::ID3v2::FrameFactory::createFrame (this=0x7f52acca4cb0 <TagLib::ID3v2::FrameFactory::factory>, origData=..., tagHeader=tagHeader@entry=0x12215a8) at ../../taglib/mpeg/id3v2/id3v2framefactory.cpp:132
 TagLib::ID3v2::Tag::parse (this=this@entry=0x11e2820, origData=...) at ../../taglib/mpeg/id3v2/id3v2tag.cpp:700

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in baloo (Ubuntu):
importance: Undecided → Medium
summary: - baloo_file_extractor crashed with SIGSEGV in
- TagLib::ByteVector::replace()
+ baloo_file_extractor crashed with SIGSEGV in memcpy()
tags: removed: need-amd64-retrace
Jamie Strandboge (jdstrand)
information type: Private Security → Public
Revision history for this message
Rohan Garg (rohangarg) wrote :

Re-assigning to the taglib package.

affects: baloo (Ubuntu) → taglib (Ubuntu)
Revision history for this message
Peter Frühberger (peter-fruehberger) wrote :

Upstream fix for this bug: https://github.com/taglib/taglib/pull/309

Would be nice if you could pick it to 1.9.1 (it's also in fedora)

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "fix-memcpy.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Wolfgang Schupp (wsnipex) wrote :

https://bugs.launchpad.net/ubuntu/+source/taglib/+bug/1433319 is the same bug

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in taglib (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks, ideally that patch would be sent to Debian as well since the package in synced directly from there

Revision history for this message
Daniel Holbach (dholbach) wrote :

https://wiki.ubuntu.com/Debian/Bugs should help with forwarding the patch to Debian.

Revision history for this message
Michael Terry (mterry) wrote :

I've sent the patch over to Debian (linked bug above) and uploaded to wily too, in the meantime until they apply it.

Thanks so much for the fix!

Bug Watch Updater (bug-watch-updater)
Changed in taglib (Debian):
status: Unknown → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package taglib - 1.9.1-2.4ubuntu1

---------------
taglib (1.9.1-2.4ubuntu1) wily; urgency=medium

  [ Peter Frühberger ]
  * debian/patches/fix-memcpy.patch:
    - Cherry pick upstream fix for possible crasher (LP: #1369111)

 -- Michael Terry <email address hidden> Wed, 14 Oct 2015 16:28:06 -0400

Changed in taglib (Ubuntu):
status: Confirmed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in taglib (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.