[Bug 298549] [NEW] dvgrab -showstatus = segfault
Carl Karsten
carl at personnelware.com
Sat Nov 15 22:52:58 UTC 2008
Public bug reported:
Binary package hint: dvgrab
plug in firewire dv cam, run dvgrab -showstatus, crash.
carl at dv67:~/temp/dvgrab$ LD_LIBRARY_PATH=/usr/lib/debug gdb dvgrab
GNU gdb 6.8-debian
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(gdb) run -showstatus
Starting program: /usr/bin/dvgrab -showstatus
[Thread debugging using libthread_db enabled]
Found AV/C device with GUID 0x008088030a613f59
[New Thread 0xb7baf8d0 (LWP 20372)]
[New Thread 0xb1208b90 (LWP 20375)]
[New Thread 0xb0967b90 (LWP 20376)]
Warning: Cannot set RR-scheduler
Warning: Cannot disable swapping
Capture Started
*** buffer overflow detected ***: /usr/bin/dvgrab terminated
======= Backtrace: =========
/usr/lib/debug/libc.so.6(__fortify_fail+0x4b)[0xb7c93fdb]
/usr/lib/debug/libc.so.6[0xb7c92040]
/usr/lib/debug/libc.so.6[0xb7c91708]
/usr/lib/debug/libc.so.6(_IO_default_xsputn+0xa0)[0xb7c1b460]
/usr/lib/debug/libc.so.6(_IO_vfprintf+0xf6c)[0xb7bf003c]
/usr/lib/debug/libc.so.6(__vsprintf_chk+0xa7)[0xb7c917b7]
/usr/lib/debug/libc.so.6(__sprintf_chk+0x2d)[0xb7c916fd]
/usr/bin/dvgrab[0x80551da]
/usr/bin/dvgrab[0x8056d0d]
/usr/bin/dvgrab[0x8056fe0]
/usr/bin/dvgrab[0x80572d1]
/usr/lib/debug/libpthread.so.0[0xb7e60fc0]
/usr/lib/debug/libc.so.6(clone+0x5e)[0xb7c7e97e]
======= Memory map: ========
08048000-08084000 r-xp 00000000 08:06 1151780 /usr/bin/dvgrab
08084000-08085000 r--p 0003b000 08:06 1151780 /usr/bin/dvgrab
08085000-08086000 rw-p 0003c000 08:06 1151780 /usr/bin/dvgrab
08086000-09887000 rw-p 08086000 00:00 0
0b629000-0b95e000 rw-p 0b629000 00:00 0
0b95e000-0b962000 rw-p 0b95e000 00:00 0
0b962000-0b971000 rw-p 0b962000 00:00 0
b0168000-b0169000 ---p b0168000 00:00 0
b0169000-b0968000 rw-p b0169000 00:00 0
b0968000-b09e5000 rw-s 00000000 00:0e 22083 /dev/raw1394
b09e5000-b0a09000 rw-p b09e5000 00:00 0
b0a09000-b0a0a000 ---p b0a09000 00:00 0
b0a0a000-b7bb1000 rw-p b0a0a000 00:00 0
b7bb1000-b7cee000 r-xp 00000000 08:06 424916 /usr/lib/debug/libc-2.8.90.so
b7cee000-b7cf0000 r--p 0013d000 08:06 424916 /usr/lib/debug/libc-2.8.90.so
b7cf0000-b7cf1000 rw-p 0013f000 08:06 424916 /usr/lib/debug/libc-2.8.90.so
b7cf1000-b7cf4000 rw-p b7cf1000 00:00 0
b7cf4000-b7d01000 r-xp 00000000 08:06 799079 /lib/libgcc_s.so.1
b7d01000-b7d02000 r--p 0000c000 08:06 799079 /lib/libgcc_s.so.1
b7d02000-b7d03000 rw-p 0000d000 08:06 799079 /lib/libgcc_s.so.1
b7d03000-b7de6000 r-xp 00000000 08:06 1050638 /usr/lib/libstdc++.so.6.0.10
b7de6000-b7de7000 ---p 000e3000 08:06 1050638 /usr/lib/libstdc++.so.6.0.10
b7de7000-b7deb000 r--p 000e3000 08:06 1050638 /usr/lib/libstdc++.so.6.0.10
b7deb000-b7dec000 rw-p 000e7000 08:06 1050638 /usr/lib/libstdc++.so.6.0.10
b7dec000-b7df2000 rw-p b7dec000 00:00 0
b7df2000-b7e11000 r-xp 00000000 08:06 1054398 /usr/lib/libjpeg.so.62.0.0
b7e11000-b7e12000 rw-p 0001e000 08:06 1054398 /usr/lib/libjpeg.so.62.0.0
b7e12000-b7e15000 r-xp 00000000 08:06 1055333 /usr/lib/librom1394.so.0.3.0
b7e15000-b7e16000 rw-p 00002000 08:06 1055333 /usr/lib/librom1394.so.0.3.0
b7e16000-b7e19000 r-xp 00000000 08:06 1055332 /usr/lib/libavc1394.so.0.3.0
b7e19000-b7e1a000 rw-p 00002000 08:06 1055332 /usr/lib/libavc1394.so.0.3.0
b7e1a000-b7e1b000 rw-p b7e1a000 00:00 0
b7e1b000-b7e1d000 r-xp 00000000 08:06 424919 /usr/lib/debug/libdl-2.8.90.so
b7e1d000-b7e1e000 r--p 00001000 08:06 424919 /usr/lib/debug/libdl-2.8.90.so
b7e1e000-b7e1f000 rw-p 00002000 08:06 424919 /usr/lib/debug/libdl-2.8.90.so
b7e1f000-b7e33000 r-xp 00000000 08:06 1052590 /usr/lib/libz.so.1.2.3.3
b7e33000-b7e35000 rw-p 00013000 08:06 1052590 /usr/lib/libz.so.1.2.3.3
b7e35000-b7e59000 r-xp 00000000 08:06 424920 /usr/lib/debug/libm-2.8.90.so
b7e59000-b7e5a000 r--p 00023000 08:06 424920 /usr/lib/debug/libm-2.8.90.so
b7e5a000-b7e5b000 rw-p 00024000 08:06 424920 /usr/lib/debug/libm-2.8.90.so
b7e5b000-b7e6f000 r-xp 00000000 08:06 424930 /usr/lib/debug/libpthread-2.8.90.so
b7e6f000-b7e70000 r--p 00013000 08:06 424930 /usr/lib/debug/libpthread-2.8.90.so
b7e70000-b7e71000 rw-p 00014000 08:06 424930 /usr/lib/debug/libpthread-2.8.90.so
b7e71000-b7e73000 rw-p b7e71000 00:00 0
b7e73000-b7ef3000 r-xp 00000000 08:06 1056508 /usr/lib/libquicktime.so.1.0.0
b7ef3000-b7ef6000 rw-p 00080000 08:06 1056508 /usr/lib/libquicktime.so.1.0.0
b7ef6000-b7ef7000 rw-p b7ef6000 00:00 0
b7ef7000-b7f10000 r-xp 00000000 08:06 1051710 /usr/lib/libdv.so.4.0.3
b7f10000-b7f11000 r--p 00018000 08:06 1051710 /usr/lib/libdv.so.4.0.3
b7f11000-b7f13000 rw-p 00019000 08:06 1051710 /usr/lib/libdv.so.4.0.3
b7f13000-b7f20000 rw-p b7f13000 00:00 0
b7f20000-b7f2c000 r-xp 00000000 08:06 1055350 /usr/lib/libiec61883.so.0.1.0
b7f2c000-b7f2d000 rw-p 0000b000 08:06 1055350 /usr/lib/libiec61883.so.0.1.0
b7f2d000-b7f32000 r-xp 00000000 08:06 1055330 /usr/lib/libraw1394.so.8.2.0
b7f32000-b7f33000 r--p 00004000 08:06 1055330 /usr/lib/libraw1394.so.8.2.0
b7f33000-b7f34000 rw-p 00005000 08:06 1055330 /usr/lib/libraw1394.so.8.2.0
b7f48000-b7f4a000 rw-p b7f48000 00:00 0
b7f4a000-b7f64000 r-xp 00000000 08:06 798183 /lib/ld-2.8.90.so
b7f64000-b7f65000 r-xp b7f64000 00:00 0 [vdso]
b7f65000-b7f66000 r--p 0001a000 08:06 798183 /lib/ld-2.8.90.so
b7f66000-b7f67000 rw-p 0001b000 08:06 798183 /lib/ld-2.8.90.so
bfa51000-bfa66000 rw-p bffeb000 00:00 0 [stack]
Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb1208b90 (LWP 20375)]
0xb7bdba16 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
in ../nptl/sysdeps/unix/sysv/linux/raise.c
Current language: auto; currently c
(gdb) bt full
#0 0xb7bdba16 in *__GI_raise (sig=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
resultvar = <value optimized out>
pid = -1211170828
selftid = 20375
#1 0xb7bdd318 in *__GI_abort () at abort.c:88
act = {__sigaction_handler = {sa_handler = 0x1, sa_sigaction = 0x1},
sa_mask = {__val = {11, 2971693660, 3083553772, 3086377568, 3086377568, 0,
2971693800, 3083331966, 3082505460, 1011, 22724, 3083382841, 3083796468,
2971693660, 3083302513, 9, 2971693728, 108, 0, 3083796468, 9, 7,
2971693844, 3083407096, 108, 2971693728, 9, 0, 3083680185, 3083680181,
3083675085, 3083684884}}, sa_flags = -1211282368,
sa_restorer = 0xb7cd4c3c}
sigs = {__val = {32, 0 <repeats 31 times>}}
#2 0xb7c16fdd in __libc_message (do_abort=2,
fmt=0xb7cd4c99 "*** %s ***: %s terminated\n")
at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
ap = 0xb1207938 "��η\006"
fd = 108
on_2 = <value optimized out>
list = <value optimized out>
nlist = 5
cp = <value optimized out>
written = 6
#3 0xb7c93fdb in *__GI___fortify_fail (
msg=0xb7cd4c43 "buffer overflow detected") at fortify_fail.c:32
No locals.
#4 0xb7c92040 in *__GI___chk_fail () at chk_fail.c:29
No locals.
#5 0xb7c91708 in _IO_str_chk_overflow (fp=0xb1207fc0, c=52)
at vsprintf_chk.c:35
No locals.
#6 0xb7c1b460 in _IO_default_xsputn (f=0xb1207fc0, data=0xb1207f13, n=9)
at genops.c:485
s = 0xb1207f19 "436�\a"
more = 3
#7 0xb7bf003c in _IO_vfprintf_internal (s=0xb1207fc0,
format=0x8079c08 "%2.2d:%2.2d:%2.2d.%2.2d", ap=0xb12080b0 "")
at vfprintf.c:1580
alt = <value optimized out>
is_long = 0
prec = 0
is_negative = 0
number = <value optimized out>
base = 10
string = 0xb1207f13 "191009436�\a"
space = 0
width = <value optimized out>
---Type <return> to continue, or q <return> to quit---
showsign = 0
group = 0
is_char = 0
pad = 32 ' '
the_arg = {pa_wchar = -1323270112, pa_int = -1323270112,
pa_long_int = -1323270112, pa_long_long_int = 577753471711739936,
pa_u_int = 2971697184, pa_u_long_int = 2971697184,
pa_u_long_long_int = 577753471711739936,
pa_double = 4.8724387418200838e-270, pa_long_double = <invalid float value>,
pa_string = 0xb1208020 "K!�", pa_wstring = 0xb1208020,
pa_pointer = 0xb1208020}
left = 0
is_long_double = 0
is_short = 0
use_outdigits = 0
spec = 100 'd'
_buffer = {__routine = 0x80497b8, __arg = 0x1,
__canceltype = -1208590348, __prev = 0xa8c7229e}
_avail = 0
thousands_sep = 0x0
grouping = 0xffffffff <Address 0xffffffff out of bounds>
done = 25
f = (const unsigned char *) 0x8079c1e "d"
lead_str_end = (
const unsigned char *) 0x8079c08 "%2.2d:%2.2d:%2.2d.%2.2d"
work_buffer = "����)�ҷ�| ��| �\001\000\0000�_��h.\177\021����@| ��2��0| �\214fѷ$| ��g��\000\000\000\000\b\n��\005\000\000\000\000\000\000\000\001\000\000\000\232_e\f�\033��\b\n���_��\004\002��\f\000\000\0000| �$| �\004\002��\f\000\000\000$| �p| �����)�ҷ�{ �\000\000\000\000\000\000\000\000�����ڻ��7ͷ@\021Ϸ�,��P���\022ii\r\030| ��,��\220���\020ii\r(| ��,��R���"...
workstart = 0x0
workend = 0xb1207f1c "�\a"
ap_save = 0xb12080a0 "\034\021\226\v\005"
nspecs_done = 3
save_errno = 2
readonly_format = 0
jump_table = {1, 0, 0, 4, 0, 14, 0, 6, 0, 0, 7, 2, 0, 3, 9, 0, 5, 8,
8, 8, 8, 8, 8, 8, 8, 8, 0, 0, 0, 0, 0, 0, 0, 26, 0, 25, 0, 19, 19, 19, 0,
29, 0, 0, 12, 0, 0, 0, 0, 0, 0, 21, 0, 0, 0, 0, 18, 0, 13, 0, 0, 0, 0, 0, 0,
26, 0, 20, 15, 19, 19, 19, 10, 15, 28, 0, 11, 24, 23, 17, 22, 12, 0, 21, 27,
16, 0, 0, 18, 0, 13}
__PRETTY_FUNCTION__ = "_IO_vfprintf_internal"
step0_jumps = {0, -3683, -3594, -3503, -3405, -3316, -3218, -3025,
-2785, -2589, 734, 507, -6973, 596, -4853, -4789, 1231, 1246, -2374, -7465,
1261, -4209, -1994, -207, -62, -6859, -2292, 697, -6973, -3116}
step1_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, -2589, 734, 507, -6973, 596,
-4853, -4789, 1231, 1246, -2374, -7465, 1261, -4209, -1994, -207, -62,
-6859, -2292, 697, -6973, 0}
---Type <return> to continue, or q <return> to quit---
step2_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 734, 507, -6973, 596,
-4853, -4789, 1231, 1246, -2374, -7465, 1261, -4209, -1994, -207, -62,
-6859, -2292, 697, -6973, 0}
step3a_jumps = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 825, 0, 0, 0, -4853,
-4789, 1231, 1246, -2374, 0, 0, 0, 0, -207, 0, 0, 0, 0, 0, 0}
step3b_jumps = {0 <repeats 11 times>, -6973, 0, 0, -4853, -4789, 1231,
1246, -2374, -7465, 1261, -4209, -1994, -207, -62, -6859, -2292, 0, 0, 0}
step4_jumps = {0 <repeats 14 times>, -4853, -4789, 1231, 1246, -2374,
-7465, 1261, -4209, -1994, -207, -62, -6859, -2292, 0, 0, 0}
step4_jumps = {999 <repeats 14 times>, -129, 386, -1838, 1216, 1201,
1525, -5161, 926, -403, -1080, -960, -6315, -1226, 999, 999, 999}
#8 0xb7c917b7 in ___vsprintf_chk (
s=0xb12080e8 "194384156:05:-1218785272.191009\v", flags=1, slen=32,
format=0x8079c08 "%2.2d:%2.2d:%2.2d.%2.2d",
args=0xb12080a0 "\034\021\226\v\005") at vsprintf_chk.c:87
f = {_sbf = {_f = {_flags = -72515583,
_IO_read_ptr = 0xb12080e8 "194384156:05:-1218785272.191009\v",
_IO_read_end = 0xb12080e8 "194384156:05:-1218785272.191009\v",
_IO_read_base = 0xb12080e8 "194384156:05:-1218785272.191009\v",
_IO_write_base = 0xb12080e8 "194384156:05:-1218785272.191009\v",
_IO_write_ptr = 0xb1208107 "\v", _IO_write_end = 0xb1208107 "\v",
_IO_buf_base = 0xb12080e8 "194384156:05:-1218785272.191009\v",
_IO_buf_end = 0xb1208107 "\v", _IO_save_base = 0x0,
_IO_backup_base = 0x0, _IO_save_end = 0x0, _markers = 0x0, _chain = 0x0,
_fileno = -1323270020, _flags2 = 4, _old_offset = 1226771541,
_cur_column = 0, _vtable_offset = 0 '\0', _shortbuf = "I", _lock = 0x0,
_offset = 8826157793301, _codecvt = 0xb7bbc748, _wide_data = 0xb7e1ad40,
_freeres_list = 0x0, _freeres_buf = 0xc2214b,
_freeres_size = 3086376948, _mode = -1,
_unused2 = "hf��p\200 �[u�� h���\002��\001\000\000\000\005\000\000\000\000\000\000\000��\004\b�\000\000"}, _vtable = 0xb7cefd20}, _s = {
_allocate_buffer = 0, _free_buffer = 0x5}}
ret = 0
#9 0xb7c916fd in ___sprintf_chk (
s=0xb12080e8 "194384156:05:-1218785272.191009\v", flags=1, slen=32,
format=0x8079c08 "%2.2d:%2.2d:%2.2d.%2.2d") at sprintf_chk.c:33
done = 0
#10 0x080551da in DVgrab::sendCaptureStatus (this=0xbfa640c8,
name=0xb9611e4 "dvgrab-009.dv", size=0.114440918, frames=1, tc=0x6,
rd=0xb1208234, newline=false) at /usr/include/bits/stdio2.h:35
tc_str = "194384156:05:-1218785272.191009\v"
rd_str = "�\201\000\000o�ٷ�\003\000\000�\003", '\0' <repeats 14 times>, "��\001"
#11 0x08056d0d in DVgrab::writeFrame (this=0xbfa640c8) at dvgrab.cc:835
framesWritten = 0
timeCode = (TimeCode *) 0xb1208280
rd = {tm_sec = 21, tm_min = 52, tm_hour = 17, tm_mday = 15,
tm_mon = 10, tm_year = 108, tm_wday = 6, tm_yday = 319, tm_isdst = 0,
---Type <return> to continue, or q <return> to quit---
tm_gmtoff = -21600, tm_zone = 0xb9611a0 "CST"}
lastrd = (tm *) 0x0
fileName = {static npos = 4294967295,
_M_dataplus = {<std::allocator<char>> = {<__gnu_cxx::new_allocator<char>> = {<No data fields>}, <No data fields>}, _M_p = 0x80856ec ""}}
tc = {hour = 194384156, min = 5, sec = -1218785272, frame = 191009436}
lasttc = (TimeCode *) 0x0
#12 0x08056fe0 in DVgrab::captureThreadRun (this=0xbfa640c8) at dvgrab.cc:963
dvframe = (class DVFrame *) 0xb75ad008
timeCode = {hour = 191009436, min = 191009976, sec = -1209597964,
frame = -1209597964}
dropped = 0
#13 0x080572d1 in DVgrab::captureThread (arg=0xbfa640c8) at dvgrab.cc:725
No locals.
#14 0xb7e60fc0 in start_thread (arg=0xb1208b90) at pthread_create.c:297
__res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = (struct pthread *) 0xb1208b90
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1209597964, 0, 4001536,
-1323268936, 866631682, -1094770673}, mask_was_saved = 0}}, priv = {
pad = {0x0, 0x0, 0x0, 0xb7e60f1b}, data = {prev = 0x0, cleanup = 0x0,
canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#15 0xb7c7e97e in clone () from /usr/lib/debug/libc.so.6
fstab_state = {fs_fp = 0x0, fs_buffer = 0x0, fs_mntres = {
mnt_fsname = 0x0, mnt_dir = 0x0, mnt_type = 0x0, mnt_opts = 0x0,
mnt_freq = 0, mnt_passno = 0}, fs_ret = {fs_spec = 0x0, fs_file = 0x0,
fs_vfstype = 0x0, fs_mntops = 0x0, fs_type = 0x0, fs_freq = 0,
fs_passno = 0}}
__elf_set___libc_subfreeres_element_fstab_free__ = (
const void *) 0xb7cbe190
(gdb)
carl at dv67:~/temp/dvgrab$ uname -a
Linux dv67 2.6.27-7-generic #1 SMP Tue Nov 4 19:33:20 UTC 2008 i686 GNU/Linux
carl at dv67:~/temp/dvgrab$ lsb_release -rd
Description: Ubuntu 8.10
Release: 8.10
carl at dv67:~/temp/dvgrab$ apt-cache policy dvgrab
dvgrab:
Installed: 3.1-2.1
Candidate: 3.1-2.1
Version table:
*** 3.1-2.1 0
100 /var/lib/dpkg/status
3.1-2 0
500 http://cp333 intrepid/universe Packages
** Affects: dvgrab (Ubuntu)
Importance: Undecided
Status: New
--
dvgrab -showstatus = segfault
https://bugs.launchpad.net/bugs/298549
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list