Bug 892283

Summary: [abrt] pragha-1.1.1-1.fc17: _IO_ftell: Process /usr/bin/pragha was killed by signal 11 (SIGSEGV)
Product: [Fedora] Fedora Reporter: Diego <diego.ml>
Component: taglibAssignee: Rex Dieter <rdieter>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 17CC: cwickert, rdieter, twegener
Target Milestone: ---Keywords: Patch
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:66aa0f9eb4d768d69cea6cfae5e4a6233b47b586
Fixed In Version: pragha-1.1.2.1-2.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-27 02:31:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
File: core_backtrace
none
File: environ
none
File: backtrace
none
File: limits
none
File: cgroup
none
File: smolt_data
none
File: xsession_errors
none
File: executable
none
File: maps
none
File: dso_list
none
File: proc_pid_status
none
File: var_log_messages
none
File: open_fds
none
Quick fix patch that solves this immediate problem. none

Description Diego 2013-01-06 10:13:00 UTC
Description of problem:
I double clicked on a m3u playlist an pagha crashed.

Version-Release number of selected component:
pragha-1.1.1-1.fc17

Additional info:
libreport version: 2.0.18
abrt_version:   2.0.18
backtrace_rating: 4
cmdline:        pragha
crash_function: _IO_ftell
kernel:         3.6.11-1.fc17.i686

truncated backtrace:
:Thread no. 1 (8 frames)
: #0 _IO_ftell at ioftell.c:40
: #1 TagLib::FileStream::tell at /usr/src/debug/taglib-1.8/taglib/toolkit/tfilestream.cpp:371
: #2 TagLib::File::tell at /usr/src/debug/taglib-1.8/taglib/toolkit/tfile.cpp:447
: #3 TagLib::File::find at /usr/src/debug/taglib-1.8/taglib/toolkit/tfile.cpp:260
: #4 TagLib::Ogg::File::nextPage at /usr/src/debug/taglib-1.8/taglib/ogg/oggfile.cpp:232
: #5 TagLib::Ogg::File::packet at /usr/src/debug/taglib-1.8/taglib/ogg/oggfile.cpp:93
: #6 TagLib::Vorbis::File::read at /usr/src/debug/taglib-1.8/taglib/ogg/vorbis/vorbisfile.cpp:124
: #7 ??

Comment 1 Diego 2013-01-06 10:13:03 UTC
Created attachment 673308 [details]
File: core_backtrace

Comment 2 Diego 2013-01-06 10:13:06 UTC
Created attachment 673309 [details]
File: environ

Comment 3 Diego 2013-01-06 10:13:09 UTC
Created attachment 673310 [details]
File: backtrace

Comment 4 Diego 2013-01-06 10:13:11 UTC
Created attachment 673311 [details]
File: limits

Comment 5 Diego 2013-01-06 10:13:14 UTC
Created attachment 673312 [details]
File: cgroup

Comment 6 Diego 2013-01-06 10:13:16 UTC
Created attachment 673313 [details]
File: smolt_data

Comment 7 Diego 2013-01-06 10:13:18 UTC
Created attachment 673314 [details]
File: xsession_errors

Comment 8 Diego 2013-01-06 10:13:20 UTC
Created attachment 673315 [details]
File: executable

Comment 9 Diego 2013-01-06 10:14:14 UTC
Created attachment 673316 [details]
File: maps

Comment 10 Diego 2013-01-06 10:14:16 UTC
Created attachment 673317 [details]
File: dso_list

Comment 11 Diego 2013-01-06 10:14:19 UTC
Created attachment 673318 [details]
File: proc_pid_status

Comment 12 Diego 2013-01-06 10:14:21 UTC
Created attachment 673319 [details]
File: var_log_messages

Comment 13 Diego 2013-01-06 10:14:23 UTC
Created attachment 673320 [details]
File: open_fds

Comment 14 Tim Wegener 2013-02-10 12:06:12 UTC
I've hit a crash in taglib in the same location, but via the clementine audio player. In my case it was attempting to read the tags for a file for which the current user did not have permission to access, but did have permission to access the directory in which it resided. This is readily reproducible.

taglib-1.8-2.fc18.x86_64
clementine-1.0.1-12.fc18.x86_64

#0  __GI__IO_ftell (fp=0x0) at ioftell.c:38
#1  0x00007f19270fb2fd in TagLib::File::find (this=0x7f18b00e71b0, pattern=..., fromOffset=0, before=...) at /usr/src/debug/taglib-1.8/taglib/toolkit/tfile.cpp:260
#2  0x00007f19270e5339 in TagLib::Ogg::File::nextPage (this=this@entry=0x7f18b00e71b0) at /usr/src/debug/taglib-1.8/taglib/ogg/oggfile.cpp:232
#3  0x00007f19270e5d60 in TagLib::Ogg::File::packet (this=0x7f18b00e71b0, i=1) at /usr/src/debug/taglib-1.8/taglib/ogg/oggfile.cpp:93
#4  0x00007f19270ebcf1 in TagLib::Vorbis::File::read (this=this@entry=0x7f18b00e71b0, readProperties=readProperties@entry=true, 
    propertiesStyle=propertiesStyle@entry=TagLib::AudioProperties::Average) at /usr/src/debug/taglib-1.8/taglib/ogg/vorbis/vorbisfile.cpp:124
#5  0x00007f19270ebf29 in TagLib::Vorbis::File::File (this=0x7f18b00e71b0, file=<optimized out>, readProperties=true, propertiesStyle=TagLib::AudioProperties::Average)
    at /usr/src/debug/taglib-1.8/taglib/ogg/vorbis/vorbisfile.cpp:70
#6  0x00007f1927120964 in TagLib::FileRef::create (fileName=0x7f18b00e23f8 "/redacted_yes_read_permission/redacted_no_read_permission.ogg", 
    readAudioProperties=true, audioPropertiesStyle=TagLib::AudioProperties::Average) at /usr/src/debug/taglib-1.8/taglib/fileref.cpp:238
#7  0x00007f192712177f in TagLib::FileRef::FileRef (this=0x7f18b00cf090, fileName=<optimized out>, readAudioProperties=<optimized out>, audioPropertiesStyle=<optimized out>)
    at /usr/src/debug/taglib-1.8/taglib/fileref.cpp:85
#8  0x0000000000571158 in TagLibFileRefFactory::GetFileRef (this=<optimized out>, filename=...) at /usr/src/debug/clementine-1.0.1/src/core/song.cpp:261
#9  0x000000000057ca23 in Song::InitFromFile (this=0x7f18d2ffab10, filename=..., directory_id=-1) at /usr/src/debug/clementine-1.0.1/src/core/song.cpp:477
#10 0x000000000074bdec in LibraryWatcher::ScanNewFile (this=this@entry=0x7f18b0001f20, file=..., path=..., matching_cue=..., 
    cues_processed=cues_processed@entry=0x7f18d2ffacd0) at /usr/src/debug/clementine-1.0.1/src/library/librarywatcher.cpp:491

Comment 15 Tim Wegener 2013-02-10 17:25:56 UTC
Similar issue exists when non-accessible (e.g. non-existent) files are given to taglib for the following formats:
.spx
.ape
.ogg
.oga

Compiling the demo from taglib-devel provides an easy to run reproduction (just give it a non-existent file with one of the above extensions to trigger the segfault):

/usr/share/doc/taglib-devel-1.8/examples/tagreader.cpp

Comment 16 Tim Wegener 2013-02-10 17:31:19 UTC
Created attachment 695858 [details]
Quick fix patch that solves this immediate problem.

This quick fix solves the problem and makes consumers such as clementine happy.
However, a proper fix would involve adding tests and possibly a wider re-factor to generalise checking for files that cannot be opened, so that it doesn't have to be done per file type.

Comment 17 Rex Dieter 2013-02-10 21:46:47 UTC
May be worth querying on taglib mailing list about the provided FileRef api, about guarantees/assumptions one can make about non-existent or non-readable files.

Comment 18 Rex Dieter 2013-02-10 21:48:07 UTC
(hit return too quickly), otherwise Tim's suggested approach per patch in comment #16 seems reasonable.

Comment 19 Rex Dieter 2013-02-10 22:07:03 UTC
Started a mailing list thread on the topic,
http://mail.kde.org/pipermail/taglib-devel/2013-February/002441.html

Comment 20 Rex Dieter 2013-02-11 12:53:50 UTC
Looks like we may have a fix to try out,
https://github.com/taglib/taglib/issues/78

Comment 21 Fedora Update System 2013-02-11 13:16:44 UTC
taglib-1.8-3.20121215git.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/taglib-1.8-3.20121215git.fc17

Comment 22 Fedora Update System 2013-02-11 13:18:52 UTC
taglib-1.8-3.20121215git.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/taglib-1.8-3.20121215git.fc18

Comment 23 Fedora Update System 2013-02-12 04:56:58 UTC
Package taglib-1.8-3.20121215git.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing taglib-1.8-3.20121215git.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-2304/taglib-1.8-3.20121215git.fc17
then log in and leave karma (feedback).

Comment 24 Tim Wegener 2013-02-14 11:45:41 UTC
(In reply to comment #17)
> May be worth querying on taglib mailing list about the provided FileRef api,
> about guarantees/assumptions one can make about non-existent or non-readable
> files.


It broke existing consumers with an update, so there was an implicit guarantee.

Anyway, the update in Comment 22 works for me.

Tested with Clementine, Pragha, and the taglib-devel demo. All of these no longer crash when supplied with a non-existent or inaccessible .ogg file. Full library scans in both Clementine and Pragha were successful.

The taglib-devel demo also doesn't crash for non-existent .spx, .ape and .oga.

Thanks, Rex!

Comment 25 Fedora Update System 2013-02-27 02:31:55 UTC
taglib-1.8-3.20121215git.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 26 Fedora Update System 2013-02-27 02:42:42 UTC
taglib-1.8-3.20121215git.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 27 Fedora Update System 2013-09-27 18:40:44 UTC
pragha-1.1.2.1-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/pragha-1.1.2.1-1.fc20

Comment 28 Fedora Update System 2013-09-27 18:41:12 UTC
pragha-1.1.2.1-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/pragha-1.1.2.1-1.fc19

Comment 29 Fedora Update System 2013-09-27 18:43:27 UTC
pragha-1.1.2.1-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/pragha-1.1.2.1-1.fc18

Comment 30 Fedora Update System 2013-10-08 11:27:04 UTC
pragha-1.1.2.1-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 31 Fedora Update System 2013-10-08 11:34:50 UTC
pragha-1.1.2.1-2.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 32 Fedora Update System 2013-10-09 14:44:04 UTC
pragha-1.1.2.1-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.