vlc crashes on strcasestr

Bug #785979 reported by LeoRochael on 2011-05-20
This bug affects 1 person
Affects Status Importance Assigned to Milestone
VLC media player
Fix Released
Rémi Denis-Courmont
vlc (Ubuntu)

Bug Description

Binary package hint: vlc

Ubuntu 11.04
vlc 1.1.9-1ubuntu1

running "vlc http://00086.cdn.upx.net.br/listen.wmx" crashes with SIGSEV

gdb information follows:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6bffb70 (LWP 2622)]
__strcasestr_ia32 (haystack_start=0x0, needle_start=0x597da2 "</MoreInfo>")
    at ../string/strcasestr.c:76
76 ../string/strcasestr.c: No such file or directory.
 in ../string/strcasestr.c
(gdb) bt
#0 __strcasestr_ia32 (haystack_start=0x0, needle_start=0x597da2 "</MoreInfo>")
    at ../string/strcasestr.c:76
#1 0x00588f33 in Demux (p_demux=0x82ab91c) at asx.c:444
#2 0x0019fc42 in demux_Demux (p_input=0x80fc06c,
    b_interactive=<value optimized out>) at input/demux.h:48
#3 MainLoopDemux (p_input=0x80fc06c, b_interactive=<value optimized out>)
    at input/input.c:584
#4 MainLoop (p_input=0x80fc06c, b_interactive=<value optimized out>)
    at input/input.c:757
#5 0x001a06ac in Run (p_this=0x80fc06c) at input/input.c:546
#6 0x001e59c9 in thread_entry (data=0x83abdc0) at misc/threads.c:58
#7 0x00237e99 in start_thread (arg=0xb6bffb70) at pthread_create.c:304
#8 0x0031f73e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Might be related to: https://trac.videolan.org/vlc/ticket/988

Changed in vlc:
assignee: nobody → Rémi Denis-Courmont (rdenis)
milestone: none → 1.1.10
status: New → In Progress
importance: Undecided → High
Changed in vlc (Ubuntu):
status: New → Confirmed
Changed in vlc:
assignee: Rémi Denis-Courmont (rdenis) → nobody
milestone: 1.1.10 → none
status: In Progress → Fix Released
assignee: nobody → Rémi Denis-Courmont (rdenis)
milestone: none → 1.1.10
LeoRochael (leorochael) wrote :

Where can I find this 1.1.10 package for which the fix is released?

I'm hoping it can be made available for natty soon, but meanwhile, since it can't be found even in source form at videolan.org, isn't it more precise to report that the fix is "committed" instead of "released"?

Rémi Denis-Courmont (rdenis) wrote :

We don't distinguish Fix Committed from Fix Released in upstream VLC. If it's in the git tree, it's released.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.10-1ubuntu1

vlc (1.1.10-1ubuntu1) oneiric; urgency=low

  * Merge from Debian unstable, remaining changes:
    - build and install the libx264 plugin

vlc (1.1.10-1) unstable; urgency=high

  [ Benjamin Drung ]
  * New upstream release.
    - Security: Fix XSPF integer overflow (CVE-2011-2194) (LP: #795410)
    - Improve .desktop file:
      - Add smb as supported protocol (Closes: #622879, LP: #737192)
      - add video/webm to supported MIME formats (LP: #769463)
    - Fix libdvdread errors while playing ogg files (Closes: #622935)
    - Support three channels in pulseaudio output plugin (LP: 743478)
    - PulseAudio output re-written due to unstability of the current one
      (LP: #743323)
    - Fix crashes (LP: #754497, #785979)
    - Qt: allow drag and drop of any URL, not just a local file (LP: #664030)
    - Fix libvlcplugin.so: undefined symbol: NPP_Initialize (LP: #722690)
  * Refresh patches.
  * Drop as-needed patch due to autoreconf run.
  * Backport PulseAudio build fix.
  * Add GNOME MIME types for Ogg Vorbis and Ogg Theora (Closes: #629619).
  * Mention potcast support in package description (Closes: #488771).

  [ Reinhard Tartler ]
  * run autoreconf on the buildds
  * Weaken dependencies on libschroedinger
 -- Benjamin Drung <email address hidden> Sat, 11 Jun 2011 19:56:27 +0200

Changed in vlc (Ubuntu):
status: Confirmed → Fix Released
LeoRochael (leorochael) wrote :

The bug now has been marked as Fix Released for Ubuntu, but no fixed package exists yet for Natty...

Accepted vlc into natty-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in vlc (Ubuntu Natty):
status: New → Fix Committed
tags: added: verification-needed
LeoRochael (leorochael) wrote :

I can confirm that the proposed version for natty does fix access to the URL mentioned on my first post above without crashing, and allows me to enjoy it.

I'm not aware of any other URLs that crashed VLC, so this is good enough for me.

Thanks everyone for the hard work!

Benjamin Drung (bdrung) on 2011-06-22
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vlc - 1.1.9-1ubuntu1.2

vlc (1.1.9-1ubuntu1.2) natty-proposed; urgency=low

  * Backport PulseAudio output plugin rewrite to fix memory leak. (LP: #743323)
  * ASX: fix NULL derefence (LP: #785979)
  * Qt: undo the FSC/KDE workaround (LP: #774581)
  * Add Firefox 4 compatibility (LP: #722690)
 -- Benjamin Drung <email address hidden> Tue, 14 Jun 2011 03:04:10 +0200

Changed in vlc (Ubuntu Natty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers