Bug 701855 - [abrt] icoutils-0.29.1-1.fc14: memcpy: Process /usr/bin/wrestool was killed by signal 11 (SIGSEGV)
Summary: [abrt] icoutils-0.29.1-1.fc14: memcpy: Process /usr/bin/wrestool was killed b...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: icoutils
Version: 14
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Martin Gieseking
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:9dd2e8d8c7d381ccf58399d5296...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-04 04:36 UTC by Scott Marshall
Modified: 2011-05-26 21:51 UTC (History)
1 user (show)

Fixed In Version: icoutils-0.29.1-2.fc14
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-25 02:24:23 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (136.98 KB, text/plain)
2011-05-04 04:36 UTC, Scott Marshall
no flags Details
Extract of file using --raw option of wrestool (90 bytes, image/vnd.microsoft.icon)
2011-05-04 04:37 UTC, Scott Marshall
no flags Details

Description Scott Marshall 2011-05-04 04:36:18 UTC
abrt version: 1.1.18
architecture: x86_64
Attached file: backtrace, 140272 bytes
cmdline: wrestool --extract --type=14 -o . ../YoudaSurvivor_BigFish_Multi.exe
component: icoutils
Attached file: coredump, 10477568 bytes
crash_function: memcpy
executable: /usr/bin/wrestool
kernel: 2.6.35.12-90.fc14.x86_64
package: icoutils-0.29.1-1.fc14
rating: 4
reason: Process /usr/bin/wrestool was killed by signal 11 (SIGSEGV)
release: Fedora release 14 (Laughlin)
time: 1304481926
uid: 500

How to reproduce
-----
1. Attempted to use wrestool to extract an icon (type 14) from a Windows binary.
2.
3.

Comment 1 Scott Marshall 2011-05-04 04:36:21 UTC
Created attachment 496692 [details]
File: backtrace

Comment 2 Scott Marshall 2011-05-04 04:37:48 UTC
Created attachment 496693 [details]
Extract of file using --raw option of wrestool

Comment 3 Scott Marshall 2011-05-04 04:39:29 UTC
List of resources contained within the problematic Windows binary:

$ wrestool --list YoudaSurvivor_BigFish_Multi.exe 
--type='BIN' --name=135 --language=2057 [offset=0x3edeb8 size=5712336]
--type='BIN' --name=137 --language=2057 [offset=0x960888 size=19076]
--type='BIN' --name=140 --language=2057 [offset=0x965310 size=39936]
--type=3 --name=1 --language=1033 [type=icon offset=0x3c1440 size=60950]
--type=3 --name=2 --language=1033 [type=icon offset=0x3d0258 size=67624]
--type=3 --name=3 --language=1033 [type=icon offset=0x3e0a80 size=38056]
--type=3 --name=4 --language=1033 [type=icon offset=0x3e9f28 size=9640]
--type=3 --name=5 --language=1033 [type=icon offset=0x3ec4d0 size=4264]
--type=3 --name=6 --language=1033 [type=icon offset=0x3ed578 size=1128]
--type=4 --name=143 --language=2057 [type=menu offset=0x96ef10 size=30]
--type=4 --name=145 --language=2057 [type=menu offset=0x96ef30 size=30]
--type=5 --name=150 --language=2057 [type=dialog offset=0x96f1e0 size=240]
--type=5 --name=151 --language=2057 [type=dialog offset=0x96f2d0 size=556]
--type=5 --name=2003 --language=2057 [type=dialog offset=0x96f500 size=220]
--type=6 --name=1 --language=2057 [type=string offset=0x96f5e0 size=104]
--type=14 --name=107 --language=1033 [type=group_icon offset=0x3ed9e0 size=90]
--type=16 --name=1 --language=2057 [type=version offset=0x3eda40 size=1144]
--type=24 --name=1 --language=2057 [offset=0x96ef50 size=650]

Comment 4 Martin Gieseking 2011-05-05 05:52:43 UTC
Scott, thanks for reporting this issue. Could you also provide YoudaSurvivor_BigFish_Multi.exe or is it a commercial application? Without the binary it's hard to track down the bug.

Comment 5 Scott Marshall 2011-05-05 08:40:46 UTC
Hi Martin,

It is a commercial application - specifically a neat little Windows game that runs brilliantly under WINE, and it costs < AU$10.00

Here is the link to the installer download page:
http://www.bigfishgames.com/download-games/9097/youda-survivor/index.html

The actual binary is 50MiB in size.

Let me know how you want to proceed.

Comment 6 Martin Gieseking 2011-05-05 20:05:13 UTC
Hi Scott,

I've contacted the developer of icoutils and hope he will have a closer look into the problem. Unfortunately, I can't reproduce the segfault with the demo version of Youda Survivor. Thus, we probably need a copy of the full version. As I'm pretty busy at the moment, I can't debug the code myself in the next couple of weeks. So let's see if we get some feedback from upstream.

Comment 7 Martin Gieseking 2011-05-16 10:24:17 UTC
Unfortunately, I didn't get any response from the developer yet. However, in the meantime I've isolated the issue and created a patch for wrestool. 
I try to get some feedback from the upstream maintainer before providing a new package, in order to ensure that the modifications won't introduce further issues.

Comment 8 Martin Gieseking 2011-05-16 15:08:55 UTC
Hi Scott,

here's the koji scratch build of the (hopefully) fixed package:
http://koji.fedoraproject.org/koji/taskinfo?taskID=3074096

Please test it with the above mentioned exe file and let me know if it works.

Comment 9 Scott Marshall 2011-05-17 03:03:19 UTC
(In reply to comment #8)
> Hi Scott,
> 
> here's the koji scratch build of the (hopefully) fixed package:
> http://koji.fedoraproject.org/koji/taskinfo?taskID=3074096
> 
> Please test it with the above mentioned exe file and let me know if it works.

Very good - no more core dump.
I suspect that there's a glitch in the resource table within my copy of the EXE.

This is because when I run the new wrestool, I get the following results:

$ wrestool --extract --type=14 -o . ../YoudaSurvivor_BigFish_Multi.exe
wrestool: ../YoudaSurvivor_BigFish_Multi.exe: mismatch of size in icon resource `-1' and group (60950 vs 270376)

The generated file (YoudaSurvivor_BigFish_Multi.exe_14_107.ico) is 391280 bytes long; and icotool successfully extracts 6 icons to create 6 .png files of various resolutions.

When I use the "raw" option:
$ wrestool --extract --type=14 --raw -o ./YoudaSurvivor_BigFish_Multi.exe_14_107.raw.ico ../YoudaSurvivor_BigFish_Multi.exe

The resultant file is 90 bytes long, and icotool reports:
$ icotool --extract YoudaSurvivor_BigFish_Multi.exe_14_107.raw.ico
YoudaSurvivor_BigFish_Multi.exe_14_107.raw.ico: reserved is not zero
YoudaSurvivor_BigFish_Multi.exe_14_107.raw.ico: premature end

Anyway, wrestool is much more stable with the new patch.

Just as a "sanity check", I executed the new wrestool against another Windows executable (PlantsVsZombies.exe) and there were no errors produced.
(The "--raw" option still produced a short file - 174 bytes this time, but the non-raw extract worked perfectly)

Comment 10 Martin Gieseking 2011-05-17 07:22:51 UTC
OK, great. If I don't get a response from upstream within a week, I'll submit the updated package to the testing repo.

Comment 11 Martin Gieseking 2011-05-18 06:16:37 UTC
The patch has been applied to the upstream repo:
http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=6a0fac3993e068b1341f336ef342e1ab3715f584

I'm going to build the updated packages now.

Comment 12 Fedora Update System 2011-05-18 06:22:43 UTC
icoutils-0.29.1-2.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/icoutils-0.29.1-2.fc13

Comment 13 Fedora Update System 2011-05-18 06:22:50 UTC
icoutils-0.29.1-2.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/icoutils-0.29.1-2.fc14

Comment 14 Fedora Update System 2011-05-18 06:22:58 UTC
icoutils-0.29.1-3.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/icoutils-0.29.1-3.fc15

Comment 15 Fedora Update System 2011-05-18 18:43:08 UTC
Package icoutils-0.29.1-3.fc15:
* should fix your issue,
* was pushed to the Fedora 15 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing icoutils-0.29.1-3.fc15'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/icoutils-0.29.1-3.fc15
then log in and leave karma (feedback).

Comment 16 Scott Marshall 2011-05-19 14:47:56 UTC
Downgraded my "koji" built version of icoutils (icoutils-0.29.1-3.fc14.x86_64) to icoutils-0.29.1-1.fc14.x86_64.

Successfully installed the Fedora 14 updates-testing version of icoutils.
(icoutils-0.29.1-2.fc14.x86_64)

Ran same sequence of tests as before.

Updates-testing package works as expected from the "koji" build.

Comment 17 Fedora Update System 2011-05-25 02:24:18 UTC
icoutils-0.29.1-3.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2011-05-26 21:47:52 UTC
icoutils-0.29.1-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Fedora Update System 2011-05-26 21:51:19 UTC
icoutils-0.29.1-2.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.