[Bug 302590] Re: Brasero "leave disk open" not available
I am experiencing the same bug since 0.8.2. In the 0.9.1 version is this bug still unsolved. (Ubuntu 8.10.; i386) I can say this bug has really not low priority for me;) Though ... I like brasero at all. -- Brasero "leave disk open" not available https://bugs.launchpad.net/bugs/302590 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 340532] Re: evolution 2.25.92 evolution-mapi evolution exits on mapi preferences authentication.
Back trace as requested: eax0xb43b7374 -1271172236 ecx0xb7841ff4 -1216077836 edx0x80040605 -2147219963 ebx0xb43fdff4 -1270882316 esp0xbfffe050 0xbfffe050 ebp0xbfffe068 0xbfffe068 esi0x0 0 edi0xb4315c30 -1271833552 eip0xb4315c5b 0xb4315c5b eflags 0x210282 [ SF IF RF ID ] cs 0x73 115 ss 0x7b 123 ds 0x7b 123 es 0x7b 123 fs 0x0 0 gs 0x33 51 #0 0xb4315c5b in emsmdb_disconnect_dtor () from /usr/lib/libmapi.so.0 #1 0xb4d067c2 in ?? () from /usr/lib/libtalloc.so.1 #2 0xb4d06657 in ?? () from /usr/lib/libtalloc.so.1 #3 0xb4d06657 in ?? () from /usr/lib/libtalloc.so.1 #4 0xb4d095f6 in _talloc_free () from /usr/lib/libtalloc.so.1 #5 0xb430f1bd in MAPIUninitialize () from /usr/lib/libmapi.so.0 #6 0xb4d7a6eb in exchange_mapi_connection_new () from /usr/lib/libexchangemapi-1.0.so.0 #7 0xb4d7ad50 in exchange_mapi_create_profile () from /usr/lib/libexchangemapi-1.0.so.0 #8 0xb1f5fca8 in ?? () from /usr/lib/evolution/2.28/plugins/liborg-gnome-exchange-mapi.so #9 0xb6a8e9fc in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0 #10 0xb6a81072 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #11 0xb6a967a8 in ?? () from /usr/lib/libgobject-2.0.so.0 #12 0xb6a97b2d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #13 0xb6a97fb6 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #14 0xb6eb388a in gtk_button_clicked () from /usr/lib/libgtk-x11-2.0.so.0 #15 0xb6eb4ea8 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #16 0xb6a8e9fc in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0 #17 0xb6a7f6f9 in ?? () from /usr/lib/libgobject-2.0.so.0 #18 0xb6a81072 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #19 0xb6a960b0 in ?? () from /usr/lib/libgobject-2.0.so.0 #20 0xb6a97b2d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #21 0xb6a97fb6 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #22 0xb6eb392a in gtk_button_released () from /usr/lib/libgtk-x11-2.0.so.0 #23 0xb6eb3963 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #24 0xb6f73474 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #25 0xb6a7f6f9 in ?? () from /usr/lib/libgobject-2.0.so.0 #26 0xb6a81072 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #27 0xb6a9649e in ?? () from /usr/lib/libgobject-2.0.so.0 #28 0xb6a979b8 in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #29 0xb6a97fb6 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #30 0xb708f95e in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #31 0xb6f6bc20 in gtk_propagate_event () from /usr/lib/libgtk-x11-2.0.so.0 #32 0xb6f6cea9 in gtk_main_do_event () from /usr/lib/libgtk-x11-2.0.so.0 #33 0xb6db862a in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #34 0xb69f2e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #35 0xb69f6730 in ?? () from /lib/libglib-2.0.so.0 #36 0xb69f6b9f in g_main_loop_run () from /lib/libglib-2.0.so.0 #37 0xb6f6d419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #38 0xb56cd59d in startup_wizard () from /usr/lib/evolution/2.28/plugins/liborg-gnome-evolution-startup-wizard.so #39 0xb7df6fc3 in ?? () from /usr/lib/evolution/2.28/libeutil.so.0 #40 0xb7df7535 in e_plugin_invoke () from /usr/lib/evolution/2.28/libeutil.so.0 #41 0xb7dec55a in ?? () from /usr/lib/evolution/2.28/libeutil.so.0 #42 0xb7dec6ec in e_event_emit () from /usr/lib/evolution/2.28/libeutil.so.0 #43 0x08054762 in ?? () #44 0x08054d2f in ?? () #45 0x08054e2d in ?? () #46 0x0805e5c5 in ?? () #47 0xb69f1101 in ?? () from /lib/libglib-2.0.so.0 #48 0xb69f2e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #49 0xb69f6730 in ?? () from /lib/libglib-2.0.so.0 #50 0xb69f6b9f in g_main_loop_run () from /lib/libglib-2.0.so.0 #51 0xb747bc23 in bonobo_main () from /usr/lib/libbonobo-2.so.0 #52 0x0805e13f in ?? () #53 0xb688ab56 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #54 0x08050931 in ?? () -- evolution 2.25.92 evolution-mapi evolution exits on mapi preferences authentication. https://bugs.launchpad.net/bugs/340532 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1220782] [NEW] ip xfrm state add crashes when supplied an algo
Public bug reported:
This is valid for iproute2-ss17 which is default on Ubuntu 12.04
(LTS).
The crash appends when supplying enc, auth, comp, auth-trunc or aead and the
following key argumentis given as a string (as opposed to hexadecimal). When
trying to copy the key, it generates a segfault:
*** buffer overflow detected ***: /sbin/ip terminated
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x77921807]
/lib/x86_64-linux-gnu/libc.so.6(+0x109700)[0x77920700]
/lib/x86_64-linux-gnu/libc.so.6(+0x1089e6)[0x7791f9e6]
/sbin/ip[0x420d84]
/sbin/ip(do_xfrm_state+0x7a1)[0x421951]
/sbin/ip[0x405ad5]
/sbin/ip(main+0x2b4)[0x4056d4]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7783876d]
/sbin/ip[0x405959]
This buffer overflow is actually preposterous since __strncpy_chk is called
with 0 as its last argument:
0x00420d72: mov0x68(%rsp),%rsi
0x00420d77: movslq %r12d,%rdx
0x00420d7a: xor%ecx,%ecx
0x00420d7c: mov%r9,%rdi
=> 0x00420d7f: callq 0x404a10 <__strncpy_chk@plt>
("xor%ecx,%ecx" set the fourth argument to 0)
Which is equivalent to:
__strncpy_chk(buf, key, len, 0);
When obtaining the source package, the corresponding code looks like
that (from ip/xfrm_state.c, line 113):
static int xfrm_algo_parse(struct xfrm_algo *alg, enum xfrm_attr_type_t type,
char *name, char *key, char *buf, int max)
{
int len;
int slen = strlen(key);
#if 0
/* XXX: verifying both name and key is required! */
fprintf(stderr, "warning: ALGO-NAME/ALGO-KEY will send to kernel
promiscuously! (verifying them isn't implemented yet)\n");
#endif
strncpy(alg->alg_name, name, sizeof(alg->alg_name));
if (slen > 2 && strncmp(key, "0x", 2) == 0) {
} else {
len = slen;
if (len > 0) {
if (len > max)
invarg("\"ALGO-KEY\" makes buffer overflow\n",
key);
strncpy(buf, key, len); <- correct line which is
faulty in the assembly
}
}
alg->alg_key_len = len * 8;
return 0;
}
This code is actually valid but doesn't match the assembly from the
binary package.
This is quite annoying since it prevents from setting keys in a string
form, thus forcing the user to derivates itself the hexadecimal value
for the key when trying to setup an IPsec tunnel for example.
** Affects: iproute2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1220782
Title:
ip xfrm state add crashes when supplied an algo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/iproute2/+bug/1220782/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 597064] Re: H264 mvk aborts after a few minutes
I was searching for my problem and found out that this is actually related to 0:00:44.549822152 17833 0x7ff45c001e20 DEBUG ffmpeg gstffmpegdec.c:1594:opaque_store: Stored ts:0:00:02.29400, duration:0:00:00.041708375, offset:18446744073709551615 as opaque 0x2bc6680 0:00:44.549827365 17833 0x2964a30 DEBUG GST_PADS gstpad.c:2883:gst_pad_buffer_alloc_unchecked: calling bufferallocfunc &gst_proxy_pad_do_bufferalloc (@0x7ff47acfca10) of for size 9216 offset 109440 0:00:44.549845786 17833 0x7ff45c001e20 ERROR ffmpeg :0:: Internal error, picture buffer overflow 0:00:44.549843955 17833 0x2964a30 DEBUG GST_PADS gstpad.c:2957:gst_pad_alloc_buffer_full: offset 109440, size 9216, caps audio/x-raw-int, endianness=(int)1234, signed=(boolean)true, width=(int)32, depth=(int)32, rate=(int)48000, channels=(int)2 When ffmpeg quits, so does totem, of course not so gracefully unfortunately. Funny thing is somehow the debug flags cause video to stop playing but you can go past the initial dump point and see the video. I installed totem-xine since this is caused by ffmpeg. Did not look into debugging ffmep yet. -- H264 mvk aborts after a few minutes https://bugs.launchpad.net/bugs/597064 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 597064] Re: H264 mvk aborts after a few minutes
Correction. Not sure why this is happening. ffplay works fine with the video. It is totem/ffmpeg interaction it seems. Here's the log file zipped. I had to move the slider back and forth since it would not abort but just display the picture without crashing. ** Attachment added: "log.zip" http://launchpadlibrarian.net/51758882/log.zip -- H264 mvk aborts after a few minutes https://bugs.launchpad.net/bugs/597064 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
