Bug 804484

Summary: [abrt] libcdio-0.82-5.fc16: __GI___libc_free: Process /usr/bin/cd-info was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Stuart D Gathman <stuart>
Component: libcdioAssignee: Adrian Reber <adrian>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: adrian, david.vangaal, hhorak
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:14a8f5a97fae1ce4a1d407b74333adcb2c11f3aa
Fixed In Version: libcdio-0.83-3.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-04-08 03:33:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: backtrace
none
Patch that fixes the symptom none

Description Stuart D Gathman 2012-03-19 03:49:13 UTC 
libreport version: 2.0.8
abrt_version:   2.0.7
backtrace_rating: 4
cmdline:        cd-info
comment:        run cd-info with CD in drive with cdtext metadata
crash_function: __GI___libc_free
executable:     /usr/bin/cd-info
kernel:         3.2.9-2.fc16.i686
pid:            10635
pwd:            /home/stuart/rpm/SRPMS
reason:         Process /usr/bin/cd-info was killed by signal 11 (SIGSEGV)
time:           Sun 18 Mar 2012 10:48:26 PM EDT
uid:            1000
username:       stuart

backtrace:      Text file, 6794 bytes

build_ids:
:593636e734011f277fa9e1c1661b08a023446ffe
:d1d19bf93150326fd20eb59e8c6593f8e223b2f0
:952e9dde8acbe2c39e1768fb49f6e5b998238379
:96b666a7f6d7a80ea6f9aef54f0cdd0f6190c058
:0351a659bc0812678c67f62af1f802a5f367befc
:92a21a55d76b5396cd54af99b1a6b1e0bf4a0bc4
:12da4d1dc9764d3990ab6a2def5a88c4687d4550
:e42d500dc9e803be62453540b4c81a12e96a006a

dso_list:
:/usr/lib/libiso9660.so.7.0.0 libcdio-0.82-5.fc16.i686 (Fedora Project) 1320287318
:/usr/lib/libcdio.so.12.0.0 libcdio-0.82-5.fc16.i686 (Fedora Project) 1320287318
:/usr/bin/cd-info libcdio-0.82-5.fc16.i686 (Fedora Project) 1320287318
:/lib/ld-2.14.90.so glibc-2.14.90-24.fc16.6.i686 (Fedora Project) 1330230512
:/lib/libm-2.14.90.so glibc-2.14.90-24.fc16.6.i686 (Fedora Project) 1330230512
:/lib/libgcc_s-4.6.2-20111027.so.1 libgcc-4.6.2-1.fc16.i686 (Fedora Project) 1320287292
:/lib/libc-2.14.90.so glibc-2.14.90-24.fc16.6.i686 (Fedora Project) 1330230512

environ:
:XDG_VTNR=1
:XDG_SESSION_ID=2
:HOSTNAME=melissa.gathman.org
:IMSETTINGS_INTEGRATE_DESKTOP=yes
:GPG_AGENT_INFO=/tmp/keyring-gvd2UU/gpg:0:1
:TERM=xterm
:SHELL=/bin/bash
:HISTSIZE=1000
:XDG_SESSION_COOKIE=fb337b923f8ec155953b333000000010-1331999127.942023-1775499850
:GJS_DEBUG_OUTPUT=stderr
:WINDOWID=48234501
:GNOME_KEYRING_CONTROL=/tmp/keyring-gvd2UU
:QTDIR=/usr/lib/qt-3.3
:QTINC=/usr/lib/qt-3.3/include
:'GJS_DEBUG_TOPICS=JS ERROR;JS LOG'
:IMSETTINGS_MODULE=none
:USER=stuart
:LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lz=01;31:*.xz=01;31:*.bz2=01;31:*.tbz=01;31:*.tbz2=01;31:*.bz=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:*.pdf=00;33:*.ps=00;33:*.ps.gz=00;33:*.txt=00;33:*.patch=00;33:*.diff=00;33:*.log=00;33:*.tex=00;33:*.xls=00;33:*.xlsx=00;33:*.ppt=00;33:*.pptx=00;33:*.rtf=00;33:*.doc=00;33:*.docx=00;33:*.odt=00;33:*.ods=00;33:*.odp=00;33:*.xml=00;33:*.epub=00;33:*.abw=00;33:*.html=00;33:*.wpd=00;33:
:SSH_AUTH_SOCK=/tmp/keyring-gvd2UU/ssh
:USERNAME=stuart
:SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/1557,unix/unix:/tmp/.ICE-unix/1557
:PATH=/usr/lib/qt-3.3/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin:/home/stuart/bin
:MAIL=/var/spool/mail/stuart
:DESKTOP_SESSION=gnome
:QT_IM_MODULE=xim
:PWD=/home/stuart/rpm/SRPMS
:XMODIFIERS=@im=none
:GNOME_KEYRING_PID=1553
:LANG=en_US.UTF-8
:KDE_IS_PRELINKED=1
:KDEDIRS=/usr
:GDMSESSION=gnome
:SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
:HISTCONTROL=ignoredups
:XDG_SEAT=seat0
:HOME=/home/stuart
:SHLVL=2
:GNOME_DESKTOP_SESSION_ID=this-is-deprecated
:LOGNAME=stuart
:QTLIB=/usr/lib/qt-3.3/lib
:CVS_RSH=ssh
:DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-7zYyU7Rih4,guid=b6f1ae6ed0967335c52811d90000004d
:'LESSOPEN=||/usr/bin/lesspipe.sh %s'
:WINDOWPATH=1
:XDG_RUNTIME_DIR=/run/user/stuart
:DISPLAY=:0
:COLORTERM=gnome-terminal
:XAUTHORITY=/var/run/gdm/auth-for-stuart-s3qKgD/database
:_=/usr/bin/cd-info
:OLDPWD=/home/stuart/rpm

maps:
:00aeb000-00aec000 r-xp 00000000 00:00 0          [vdso]
:08048000-08050000 r-xp 00000000 fd:01 145580     /usr/bin/cd-info
:08050000-08051000 rw-p 00008000 fd:01 145580     /usr/bin/cd-info
:0944a000-0946b000 rw-p 00000000 00:00 0          [heap]
:4b0bb000-4b0dc000 r-xp 00000000 fd:01 4493       /lib/ld-2.14.90.so
:4b0dc000-4b0dd000 r--p 00020000 fd:01 4493       /lib/ld-2.14.90.so
:4b0dd000-4b0de000 rw-p 00021000 fd:01 4493       /lib/ld-2.14.90.so
:4b0e0000-4b287000 r-xp 00000000 fd:01 5722       /lib/libc-2.14.90.so
:4b287000-4b288000 ---p 001a7000 fd:01 5722       /lib/libc-2.14.90.so
:4b288000-4b28a000 r--p 001a7000 fd:01 5722       /lib/libc-2.14.90.so
:4b28a000-4b28b000 rw-p 001a9000 fd:01 5722       /lib/libc-2.14.90.so
:4b28b000-4b28e000 rw-p 00000000 00:00 0 
:4b290000-4b29b000 r-xp 00000000 fd:01 176633     /usr/lib/libiso9660.so.7.0.0
:4b29b000-4b29c000 rw-p 0000b000 fd:01 176633     /usr/lib/libiso9660.so.7.0.0
:4b2c0000-4b2e9000 r-xp 00000000 fd:01 10270      /lib/libm-2.14.90.so
:4b2e9000-4b2ea000 r--p 00028000 fd:01 10270      /lib/libm-2.14.90.so
:4b2ea000-4b2eb000 rw-p 00029000 fd:01 10270      /lib/libm-2.14.90.so
:4b2ed000-4b309000 r-xp 00000000 fd:01 12021      /lib/libgcc_s-4.6.2-20111027.so.1
:4b309000-4b30a000 rw-p 0001b000 fd:01 12021      /lib/libgcc_s-4.6.2-20111027.so.1
:4b680000-4b69f000 r-xp 00000000 fd:01 165197     /usr/lib/libcdio.so.12.0.0
:4b69f000-4b6a0000 rw-p 0001e000 fd:01 165197     /usr/lib/libcdio.so.12.0.0
:4b6a0000-4b6a4000 rw-p 00000000 00:00 0 
:b7711000-b7713000 rw-p 00000000 00:00 0 
:b772b000-b772d000 rw-p 00000000 00:00 0 
:bfed9000-bfefa000 rw-p 00000000 00:00 0          [stack]

smolt_data:
:
:
:General
:=================================
:UUID: 2d8db898-9e6a-41cd-b0fb-254288f9ac88
:OS: Fedora release 16 (Verne)
:Default run level: Unknown
:Language: en_US.UTF-8
:Platform: i686
:BogoMIPS: 5187.16
:CPU Vendor: GenuineIntel
:CPU Model: Intel(R) Pentium(R) 4 CPU 2.60GHz
:CPU Stepping: 9
:CPU Family: 15
:CPU Model Num: 2
:Number of CPUs: 2
:CPU Speed: 2600
:System Memory: 1885
:System Swap: 2047
:Vendor: Dell Computer Corporation
:System: OptiPlex GX270 
:Form factor: Mini Tower
:Kernel: 3.2.9-2.fc16.i686
:SELinux Enabled: 1
:SELinux Policy: targeted
:SELinux Enforce: Enforcing
:MythTV Remote: Unknown
:MythTV Role: Unknown
:MythTV Theme: Unknown
:MythTV Plugin: 
:MythTV Tuner: -1
:
:
:Devices
:=================================
:(21299:51712:4653:4096) pci, snd_sonicvibes, MULTIMEDIA_AUDIO, SonicVibes
:(32902:4110:4136:337) pci, e1000, ETHERNET, Optiplex GX270
:(32902:9590:0:0) pci, None, BASE, 82865G/PE/P Processor to I/O Memory Interface
:(32902:9427:4136:337) pci, i801_smbus, SERIAL, 82801EB/ER (ICH5/ICH5R) SMBus Controller
:(32902:9425:4136:337) pci, ata_piix, STORAGE, 82801EB (ICH5) SATA Controller
:(32902:9435:4136:337) pci, ata_piix, STORAGE, 82801EB/ER (ICH5/ICH5R) IDE Controller
:(32902:9424:0:0) pci, None, PCI/ISA, 82801EB/ER (ICH5/ICH5R) LPC Interface Bridge
:(32902:9429:4136:337) pci, snd_intel8x0, MULTIMEDIA_AUDIO, 82801EB/ER (ICH5/ICH5R) AC'97 Audio Controller
:(32902:9294:0:0) pci, None, PCI/PCI, 82801 PCI Bridge
:(4318:545:0:0) pci, nouveau, VIDEO, NV44A [GeForce 6200]
:(32902:9428:4136:337) pci, uhci_hcd, USB, 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #2
:(32902:9426:4136:337) pci, uhci_hcd, USB, 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #1
:(32902:9584:4136:337) pci, agpgart-intel, HOST/PCI, 82865G/PE/P DRAM Controller/Host-Hub Interface
:(32902:9431:4136:337) pci, uhci_hcd, USB, 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #3
:(32902:9438:4136:337) pci, uhci_hcd, USB, 82801EB/ER (ICH5/ICH5R) USB UHCI Controller #4
:(32902:9437:4136:337) pci, ehci_hcd, USB, 82801EB/ER (ICH5/ICH5R) USB2 EHCI Controller
:(32902:9585:0:0) pci, None, PCI/PCI, 82865G/PE/P PCI to AGP Controller
:
:
:Filesystem Information
:=================================
:device mtpt type bsize frsize blocks bfree bavail file ffree favail
:-------------------------------------------------------------------
:/dev/mapper/vg_gail-f16 / ext4 4096 4096 5197230 1803114 1750748 1310720 902954 902954
:/dev/sda1 /boot ext3 1024 1024 295649 76425 61065 76304 75988 75988
:/dev/mapper/vg_gail-dump WITHHELD ext4 4096 4096 2605573 2463980 2332908 163840 163825 163825
:/dev/mapper/vg_gail-f14 WITHHELD ext4 4096 4096 3907840 1693299 1654012 983040 775155 775155
:/dev/mapper/vg_gail-adaxa WITHHELD ext4 4096 4096 2613235 2282800 2151728 655360 648487 648487
:/dev/mapper/vg_gail-video WITHHELD ext4 4096 4096 6482433 1070778 743157 1638400 1638325 1638325
:/dev/mapper/vg_gail-home /home ext4 4096 4096 15545994 2458874 1672570 3932160 3853456 3853456
:/dev/mapper/vg_gail-home14 WITHHELD ext4 4096 4096 15545994 3967374 3181070 3932160 3868135 3868135
:

var_log_messages:
:Mar 18 22:48:26 melissa kernel: [126255.461863] cd-info[10635] general protection ip:4b15b926 sp:bfef57e0 error:0 in libc-2.14.90.so[4b0e0000+1a7000]
:Mar 18 22:48:26 melissa abrt[10637]: Saved core dump of pid 10635 (/usr/bin/cd-info) to /var/spool/abrt/ccpp-2012-03-18-22:48:26-10635 (401408 bytes)
Comment 1 Stuart D Gathman 2012-03-19 03:49:19 UTC 
Created attachment 570995 [details]
File: backtrace
Comment 2 Stuart D Gathman 2012-03-20 00:57:59 UTC 
As discovered in bug#802070, this happens on CDs with 99 tracks (typically audiobooks).
Comment 3 Adrian Reber 2012-03-20 13:58:53 UTC 
Thanks for the report. I contacted upstream to see if they know anything about it.
Comment 4 Stuart D Gathman 2012-03-21 02:07:06 UTC 
In cdtext.c cdtext_data_init(), i_track gets up to 103 before crashing, and there are only 99 tracks.  I tried adding "if (i_track > 99) break;" - but it still crashes.  Getting new backtrace.
Comment 5 Stuart D Gathman 2012-03-21 02:55:00 UTC 
Created attachment 571581 [details]
Patch that fixes the symptom

This fixes the symptom, but why does the loop not terminate normally?  Is 99 a hard limit?
Comment 6 Honza Horak 2012-03-21 13:40:08 UTC 
*** Bug 802070 has been marked as a duplicate of this bug. ***
Comment 7 Stuart D Gathman 2012-03-21 19:10:45 UTC 
The specification doesn't seem to be open.  I'm guessing that

a) there is a hard limit of 99 tracks, and it was felt there was no need to terminate the 99th track.  My patch would actually be correct in this case.

b) cdtext_data_init needs to break the loop when reaching the end of the block rather than relying on termination.  This is a good idea anyway in case of malicious or broken data in the cdtext area.
Comment 8 Stuart D Gathman 2012-03-21 19:14:19 UTC 
Provided patch may be sufficient while waiting for upstream.
Comment 9 Adrian Reber 2012-03-22 16:58:47 UTC 
Thanks for the patch. I will apply it.

Following answer from upstream:


"""
Thanks for the report. I just had a chance to look at. Yes, this is a bug in current sources.
                                                    
Red Book standards limit the number of tracks to 99. See for example item
3 of http://en.wikipedia.org/wiki/Red_Book_(CD_standard)#Technical_details

I've recompiled the code to lower the track limit to 9 tracks and I get a
memory violation using valgrind in freeing memory similar to one of the 
reports. I will be changing the code along the lines of the patches I see 
in the reports but slightly differently to ensure this is covered more
pervasively and to warn when there is a violation.
"""
Comment 10 Fedora Update System 2012-03-23 15:08:40 UTC 
libcdio-0.83-3.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/libcdio-0.83-3.fc17
Comment 11 Fedora Update System 2012-03-23 16:03:25 UTC 
libcdio-0.82-6.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/libcdio-0.82-6.fc16
Comment 12 Fedora Update System 2012-03-23 17:11:07 UTC 
Package libcdio-0.83-3.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing libcdio-0.83-3.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-4558/libcdio-0.83-3.fc17
then log in and leave karma (feedback).
Comment 13 Stuart D Gathman 2012-03-25 23:43:11 UTC 
Works for me, and I tried the 99 track CD that was failing before.  Left karma.
Comment 14 Fedora Update System 2012-04-08 03:33:57 UTC 
libcdio-0.82-6.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 15 Fedora Update System 2012-04-12 03:12:45 UTC 
libcdio-0.83-3.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.