C format string specifications mismatch in translations crashes libxine based apps in some loales

Bug #290768 reported by Nicolò Rebughini on 2008-10-29
212
This bug affects 7 people
Affects Status Importance Assigned to Milestone
langpack-o-matic
Undecided
Unassigned
language-pack-gnome-de-base (Ubuntu)
Undecided
Unassigned
Intrepid
Undecided
Unassigned
language-pack-gnome-it-base (Ubuntu)
Undecided
Unassigned
Intrepid
Undecided
Unassigned
xine-lib (Ubuntu)
High
Unassigned
Intrepid
Undecided
Unassigned

Bug Description

Already discussed this bug with KDE developers thinking it was a Phonon problem. It occurred it's a problem of the Xine package, which has a bug in its localization. It makes every multimedia application, which use phonon, crash if the locale is set to anything but English.

I have Ubuntu Intrepid 2.6.27-7-generic AMD64 and using the latest Xine packages from the repositories, and I use KDE4 trunk

The discussion of the bug in the kde bugzilla is here: http://bugs.kde.org/show_bug.cgi?id=173813

ProblemType: Bug
Architecture: amd64
DistroRelease: Ubuntu 8.10
NonfreeKernelModules: nvidia
Package: libxine1 1.1.15-0ubuntu3
ProcEnviron:
 LANGUAGE=en_US
 PATH=/opt/kde4/bin:/usr/local/bin:/home/username:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 LANG=it_IT.UTF-8
 SHELL=/bin/bash
SourcePackage: xine-lib
Uname: Linux 2.6.27-7-generic x86_64

Note: Added tag for kde4.1.4 because this should go to -updates with or before the KDE 4.1.4 SRU.

Jonathan Thomas (echidnaman) wrote :

So that's what all those knotify-related crashes in xine during the Intrepid cycle were all about...

Changed in xine-lib:
importance: Undecided → High
status: New → Triaged
oliverd17 (oliver-doerr-privat) wrote :

Hmm,

unsure if i have the same problem. I've got a new version of xine-lib on dec, 16th, 2008 and the trouble began. Since them most KDE apps that uses phonon crashs (amarok, digikam, etc.) I also have a backtrace of the digikam crash which i attach. As you could see the crash happens because of phonon and xine-libs.

I'm also not able to open "System Settings -> Sound" (also crashing). I'm only unsure because changing the language using Systems Settings does not help.

Notice, i'm using a regular Kubuntu 8.10 installation 64-bit. 2.6.27-9-generic #1 SMP Thu Nov 20 22:15:32 UTC 2008 x86_64 GNU/Linux and got the problem because of a normal adept-get upgrade.

I will make some further tests.

Oliver

oliverd17 (oliver-doerr-privat) wrote :

ok,

This bugs has reached real installations.

If i enter

export LANG=C.UTF-8

and start amarok, everything works fine. Using LANG=en_US.UTF-8 instead does not help. Is there a way to ge libxine of last week back?

Oliver

Loïc Minier (lool) wrote :

Does anybody reproduce this crash from jaunty? Does anybody reproduce this crash on i386?

Harald Sitter (apachelogger) wrote :

Assuming default installation comes with translation for libxine I can't reproduce on jaunty i386 (german)

Loïc Minier (lool) wrote :

Discovered here that langpack-o-matic doesn't set --check-c-format (Rosetta does enforce this though).

ghostcube (ghostcube) wrote :

dpkg.log for the update from 4.1.3 to 4.1.4
problem startet with the update packages
Regression appeared between 2009/01/14 12:59 and 2009/01/14 22:56

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xine-lib - 1.1.15-0ubuntu8

---------------
xine-lib (1.1.15-0ubuntu8) jaunty; urgency=low

  * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
    broken translations; LP: #290768.

 -- Loic Minier <email address hidden> Thu, 15 Jan 2009 17:48:20 +0100

Changed in xine-lib:
status: Triaged → Fix Released
Loïc Minier (lool) wrote :

Merged in trunk, so fixed in langpack-o-matic.

Changed in langpack-o-matic:
status: New → Fix Released
Loïc Minier (lool) wrote :

One reported told me this happens with konsole, systemsettings, dolphin etc.; this points at a kdebase-runtime or kdelibs issue, but downgrading the kdebase-runtime package didn't help.

I'm short of what to try downgrading; this reported also tried downgrading phonon-backend-xine.

Colin Watson (cjwatson) wrote :

Accepted xine-lib into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in xine-lib:
status: New → Fix Committed
Loïc Minier (lool) wrote :

An updated xine-lib was uploaded to intrepid-proposed; please test it there and report any regression or whether it fixes the bug.

Loïc Minier (lool) wrote :

So whether or not xine-lib fixes this for your, we're highly interested in knowing which intrepid-updates update or intrepid-proposed update triggered the regression; thanks in advance!

Colin Watson (cjwatson) wrote :

Accepted language-pack-gnome-it-base into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in language-pack-gnome-it-base:
status: New → Fix Committed

Package xine-lib - 1.1.15-0ubuntu3intrepid1 fixes the locale problem for me. Thanks

Package libxine1 1.1.15-0ubuntu3intrepid1 from proposed fixes this problem for me..

Thanks
Oliver

Package xine-lib - 1.1.15-0ubuntu3intrepid1 fixes the locale problem for me too.

Thanks
Christian

Colin Watson (cjwatson) wrote :

Accepted language-pack-gnome-de-base into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in language-pack-gnome-de-base:
status: New → Fix Committed
tomaggio (joli64) wrote :

libxine 1.1.15-0ubuntu3intrepid1 fixes the problem for me too
Thanks
tom

Loïc Minier (lool) wrote :

language-pack-gnome-de-base and language-pack-gnome-it-base are uninstallable; see bug #317934.

SRU team: what's your preference in addressing this? Loosening the dep in these one shot -base langpacks uploads (what I'd prefer doing), or SRU-ing the non-base langpacks as well (no change)?

Loïc Minier [2009-01-17 11:23 -0000]:
> SRU team: what's your preference in addressing this? Loosening the dep
> in these one shot -base langpacks uploads (what I'd prefer doing)

That is fine for me.

Martin Pitt (pitti) wrote :

Loic, were these manually fixed translations fixed in Rosetta as well? If not, they'll just get overwritten again on next update.

Loïc Minier (lool) wrote :

Martin, some were but perhaps not all; I think Arne fixed the first 2 identified -it strings and all (2) -de strings. I'm not sure whether he fixed all 5 -it strings.

We need to review all strings which look like they use C formats specifiers anyway; note that I've added --check-format to langpack-o-matic to catch the ones which are flagged c-format.

Marc Deslauriers (mdeslaur) wrote :

This needs to get merged with the xine-lib security update that just came out for Intrepid.
Attached is the debdiff for the security update.

Martin Pitt (pitti) wrote :

Reopening, shadowed by security update.

Changed in xine-lib:
status: Fix Committed → Triaged
Martin Pitt (pitti) wrote :

Thanks Loic for merging. Please test this version:

 xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low
 .
   * Merge 1.1.15-0ubuntu3.1.
 .
 xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low
 .
   * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
     - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
       invalid track type in Matroska files.
     - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
       overflow in the ffmpeg video decoder.
     - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
       in the ffmpeg audio decoder
     - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
       in the the CDDA server.
     - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
       unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
     - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
       Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
     - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
       MNG and QT demuxers. (CVE-2008-5237)
     - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
       heap-based buffer overflows from unchecked or incompletely-checked read
       function results. (CVE-2008-5239)
     - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
       untrusted values. (CVE-2008-5240)
     - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
       compressed atom handling. (CVE-2008-5241)
     - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
       untrusted or unchecked values. (CVE-2008-5243)
 .
 xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low
 .
   * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
     broken translations; LP: #290768.

Changed in xine-lib:
status: Triaged → Fix Committed
description: updated
Loïc Minier (lool) wrote :

Just for the record, I couldn't ever reproduce the issue myself, even when I tried within an intrepid virtual machine with libxine1-all-plugins installed.

So far, we had a first xine-lib upload which didn't make it to -updates due to a -security release coming first; this was confirmed as solving the issue. We had the first langpacks which were uninstallable, then the second langpacks which I could confirm as installable and would expect to fix the issue, but these weren't confirmed as fixing the issue yet. Then I reuploaded the xine-lib fix on top of the security update and reuploaded, but the binaries weren't checked.

Finally, there were other unrelated xine-lib crashers reported after the security update, might be due to non-Ubuntu plugins.

So either the SRU team should trust the changes and copy the updates, or we should get confirmation from people with the bug that the langpacks alone and the new xine-lib alone fix the issue for them.

Martin Pitt (pitti) wrote :

Loïc Minier [2009-02-15 14:20 -0000]:
> So either the SRU team should trust the changes and copy the updates, or
> we should get confirmation from people with the bug that the langpacks
> alone and the new xine-lib alone fix the issue for them.

At least I need some confirmation that the current -proposed xine-lib
packages still work otherwise, i. e. don't introduce regressions due
to being mis-built or similar.

Hmm,

i thought i told it already. the current libxine from proposed fixes the problem for me.

Oliver

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xine-lib - 1.1.15-0ubuntu3.1intrepid1

---------------
xine-lib (1.1.15-0ubuntu3.1intrepid1) intrepid-proposed; urgency=low

  * Merge 1.1.15-0ubuntu3.1.

xine-lib (1.1.15-0ubuntu3.1) intrepid-security; urgency=low

  * SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
    - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
      invalid track type in Matroska files.
    - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
      overflow in the ffmpeg video decoder.
    - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
      in the ffmpeg audio decoder
    - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
      in the the CDDA server.
    - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
      unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
    - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
      Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
    - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
      MNG and QT demuxers. (CVE-2008-5237)
    - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
      heap-based buffer overflows from unchecked or incompletely-checked read
      function results. (CVE-2008-5239)
    - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
      untrusted values. (CVE-2008-5240)
    - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
      compressed atom handling. (CVE-2008-5241)
    - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
      untrusted or unchecked values. (CVE-2008-5243)

xine-lib (1.1.15-0ubuntu3intrepid1) intrepid-proposed; urgency=low

  * New dpatch, 10_translation-fixes, fixes missing "%s" to protect against
    broken translations; LP: #290768.

 -- Loic Minier <email address hidden> Tue, 27 Jan 2009 14:35:33 +0100

Changed in xine-lib:
status: Fix Committed → Fix Released
Changed in language-pack-gnome-de-base (Ubuntu):
status: New → Fix Released
Changed in language-pack-gnome-it-base (Ubuntu):
status: New → Fix Released
Changed in language-pack-gnome-de-base (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Changed in language-pack-gnome-it-base (Ubuntu Intrepid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers