Bug 165005

Summary: Grip buffer overflow, yet ripping and encoding fine on command line and in sound-juicer
Product: [Fedora] Fedora Reporter: Need Real Name <gneeki>
Component: gripAssignee: Adrian Reber <adrian>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 4CC: extras-qa, gneeki
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-08-03 14:50:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2005-08-03 14:37:27 UTC 
Description of problem:

Current version of grip (3.2.0-5.fc4) often crashes for me. At first I thought
this was bad media or hardware, as it seems to occur predictably at a certain
point on a given CD, and because of the syslog messages, but I've tried to
reproduces the crashes from the command-line and via sound-juicer, and they all
work fine. Details of crash and separate testing below.

Because I'm also using some livna components (e.g. lame), please refer me there
if appropriate - although as shown, they seem to work fine isolated.

Apologies for spurious linewraps below.

Crash console messages:
*** buffer overflow detected ***: grip terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0xedc565]
/lib/libc.so.6(__vsprintf_chk+0x0)[0xedbe30]
/lib/libc.so.6(_IO_default_xsputn+0x97)[0xe5eb58]
/lib/libc.so.6(_IO_vfprintf+0xd92)[0xe39af4]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0xedbed1]
/lib/libc.so.6(__sprintf_chk+0x30)[0xedbe24]
grip(ID3v2TagFile+0x2a0)[0x8063ee0]
grip(UpdateRipProgress+0x1096)[0x8062a47]
grip(GripUpdate+0xce)[0x8050325]
grip[0x804f3ac]
/usr/lib/libglib-2.0.so.0[0x125f06]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1dc)[0x1243ee]
/usr/lib/libglib-2.0.so.0[0x1273f6]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a1)[0x1276e3]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x750b1b5]
grip(Cmain+0x22c)[0x804f32b]
/lib/libc.so.6(__libc_start_main+0xc6)[0xe12de6]
grip(__gxx_personality_v0+0x179)[0x804f021]
======= Memory map: ========
00101000-00185000 r-xp 00000000 03:09 144788    
/usr/lib/libglib-2.0.so.0.600.400185000-0018a000 rwxp 00084000 03:09 144788    
/usr/lib/libglib-2.0.so.0.600.40018c000-001a1000 r-xp 00000000 03:09 144372    
/usr/lib/libart_lgpl_2.so.2.3.17
001a1000-001a2000 rwxp 00014000 03:09 144372     /usr/lib/libart_lgpl_2.so.2.3.17
001a2000-001a3000 r-xp 00000000 03:09 135725     /usr/lib/gconv/ISO8859-1.so
001a3000-001a5000 rwxp 00000000 03:09 135725     /usr/lib/gconv/ISO8859-1.so
001a5000-001a9000 r-xp 00000000 03:09 297208    
/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader-png.so
001a9000-001aa000 rwxp 00003000 03:09 297208    
/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader-png.so
001ac000-001d2000 r-xp 00000000 03:09 1669879   
/usr/lib/libgnomecanvas-2.so.0.1000.0
001d2000-001d5000 rwxp 00025000 03:09 1669879   
/usr/lib/libgnomecanvas-2.so.0.1000.0
001d7000-001dc000 r-xp 00000000 03:09 153236     /usr/lib/libpangoxft-1.0.so.0.800.1
001dc000-001dd000 rwxp 00005000 03:09 153236     /usr/lib/libpangoxft-1.0.so.0.800.1
001df000-001e3000 r-xp 00000000 03:09 163598    
/usr/lib/libORBitCosNaming-2.so.0.0.0
001e3000-001e4000 rwxp 00004000 03:09 163598    
/usr/lib/libORBitCosNaming-2.so.0.0.0
001e4000-001e6000 r-xp 00000000 03:09 297148    
/usr/lib/pango/1.4.0/modules/pango-basic-fc.so
001eb000-001f2000 r-xp 00000000 03:09 161385     /usr/X11R6/lib/libXi.so.6.0
001f2000-001f3000 rwxp 00006000 03:09 161385     /usr/X11R6/lib/libXi.so.6.0
001f5000-00240000 r-xp 00000000 03:09 157253     /usr/lib/libORBit-2.so.0.0.0
00240000-0024d000 rwxp 0004a000 03:09 157253     /usr/lib/libORBit-2.so.0.0.0
0024f000-00259000 r-xp 00000000 03:09 153332     /usr/lib/libpangox-1.0.so.0.800.1
00259000-0025a000 rwxp 00009000 03:09 153332     /usr/lib/libpangox-1.0.so.0.800.1
0025a000-00260000 r-xp 00000000 03:09 297215    
/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader-xpm.so
00260000-00262000 rwxp 00006000 03:09 297215    
/usr/lib/gtk-2.0/2.4.0/loaders/libpixbufloader-xpm.so
00262000-00266000 r-xp 00000000 03:09 161388    
/usr/X11R6/lib/libXfixes.so.3.000266000-00267000 rwxp 00003000 03:09 161388    
/usr/X11R6/lib/libXfixes.so.3.000267000-00270000 r-xp 00000000 03:09 1735061   
/lib/libnss_files-2.3.5.so
00270000-00271000 r-xp 00008000 03:09 1735061    /lib/libnss_files-2.3.5.so
00271000-00272000 rwxp 00009000 03:09 1735061    /lib/libnss_files-2.3.5.so
00276000-0028a000 r-xp 00000000 03:09 163593    
/usr/lib/libgdk_pixbuf-2.0.so.0.600.7
0028a000-0028c000 rwxp 00013000 03:09 163593    
/usr/lib/libgdk_pixbuf-2.0.so.0.600.7
0028c000-00298000 r-xp 00000000 03:09 303603    
/usr/lib/gtk-2.0/2.4.0/engines/libbluecurve.so
00298000-00299000 rwxp 0000b000 03:09 303603    
/usr/lib/gtk-2.0/2.4.0/engines/libbluecurve.so
002fc000-002fd000 r-xp 002fc000 00:00 0
003b7000-00415000 r-xp 00000000 03:09 163602     /usr/lib/libgnomevfs-2.so.0.1000.0
00415000-0041d000 rwxp 0005d000 03:09 163602     /usr/lib/libgnomevfs-2.so.0.1000.0
0041f000-0044f000 r-xp 00000000 03:09 163599     /usr/lib/libgconf-2.so.4.1.0
0044f000-00454000 rwxp 0002f000 0
[1]  + exit 1     grip

/var/log/messages:
Aug  3 14:43:58 localhost kernel: hdc: packet command error: status=0x51 {
DriveReady SeekComplete Error }
Aug  3 14:43:58 localhost kernel: hdc: packet command error: error=0x52 {
EndOfMedia LastFailedSense=0x05 }
Aug  3 14:43:58 localhost kernel: ide: failed opcode was: unknown
Aug  3 14:43:58 localhost kernel: ATAPI device hdc:
Aug  3 14:43:58 localhost kernel:   Error: Illegal request -- (Sense key=0x05)
Aug  3 14:43:58 localhost kernel:   Logical block address out of range --
(asc=0x21, ascq=0x00)
Aug  3 14:43:58 localhost kernel:   The failed "Play Audio MSF" packet command was:
Aug  3 14:43:58 localhost kernel:   "47 00 00 00 00 01 49 18 00 00 00 00 00 00
00 00 "

CD ripped/encoded fine in sound-juicer every time, setting up a profile to rip
to mp3 at the same bitrate with gnome-audio-profiles-properties
(audio/x-raw-int,rate=44100,channels=2 ! lame name=enc bitrate=256). Also
executing the commands in ~/.grip for ripping then encoding from the command
line for the same track works fine too:

% /usr/bin/cdda2wav -paranoia -D /dev/cdrom -x -H -t
2 -O wav two.wav
cdrom device (/dev/cdrom) is not of type generic SCSI. Setting interface to
cooked_ioctl.
126976 bytes buffer memory requested, 4 buffers, 8 sectors
#Cdda2wav version 2.01_linux_2.6.9-1.906_elsmp_i686_i686, real time sched.,
soundcard, libparanoia support
EnableCdda_cooked (CDIOCSETCDDA) is not available...
AUDIOtrack pre-emphasis  copy-permitted tracktype channels
      1-10          yes              no     audio    2
Table of Contents: total tracks:10, (total time 37:52.26)
  1.( 4:09.39),  2.( 4:20.43),  3.( 3:52.60),  4.( 5:18.69),  5.( 2:22.60),
  6.( 2:23.22),  7.( 2:04.45),  8.( 4:43.12),  9.( 5:07.16), 10.( 3:29.35),

Table of Contents: starting sectors
  1.(       0),  2.(   18714),  3.(   38257),  4.(   55717),  5.(   79636),
  6.(   90346),  7.(  101093),  8.(  110438),  9.(  131675), 10.(  154716),
 lead-out(  170426)
CDINDEX discid: Z77wJdblnRxVVXkFNVv7MifYvLY-
CDDB discid: 0x7508e00a
CD-Text: not detected
CD-Extra: not detected
samplefile size will be 45965180 bytes.
recording 260.5733 seconds stereo with 16 bits @ 44100.0 Hz ->'two'...
using lib paranoia for reading.
/usr/bin/cdda2wav: Operation not permitted. cannot set posix realtime scheduling
policy
percent_done:
100%  track  2 recorded successfully
100%  0 rderr, 0 skip, 0 atom, 0 edge, 0 drop, 0 dup, 0 drift
100%  262 overlap(0.5 .. 0.5)
EnableCdda_cooked (CDIOCSETCDDA) is not available...

% /usr/bin/lame -h -b 256 two.wav two.mp3
LAME version 3.96.1 (http://lame.sourceforge.net/)
CPU features: MMX (ASM used), SSE, SSE2
Using polyphase lowpass filter, transition band: 20094 Hz - 20627 Hz
Encoding two.wav to two.mp3
Encoding as 44.1 kHz 256 kbps j-stereo MPEG-1 Layer III (5.5x) qval=2
    Frame          |  CPU time/estim | REAL time/estim | play/CPU |    ETA
  9974/9977  (100%)|    0:24/    0:24|    0:25/    0:25|   10.635x|    0:00
average: 256.0 kbps   LR: 9976 (99.99%)   MS: 1 (0.01002%)

Writing LAME Tag...done
ReplayGain: -3.3dB

The CD is spotless and this isn't a one-off - has happened every few CDs, and
other methods rip and encode faultlessly.


Version-Release number of selected component (if applicable):
Kernel 2.6.12-1.1398_FC4
grip-3.2.0-5.fc4
sound-juicer-2.10.1-1
cdda2wav-2.01.1-9
lame-3.96.1-0.lvn.1.4

How reproducible:
Always on a specific CD/track

Steps to Reproduce:
1. Start rip/encode in grip
2. Wait
3. Crash with errors above
  
Actual results:
Grip buffer overflow and spewed syslog messages as above.

Expected results:
Grip rips and encodes successfully and continues.

Additional info:
Because grip is gnomey, I should add I'm running extras's xfce4:
xfce4-session-4.2.2-1.fc4
Comment 1 Adrian Reber 2005-08-03 14:50:47 UTC 
can you try to remove your config file and try it again?

*** This bug has been marked as a duplicate of 160671 ***