Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Bugfix for RipperX (buffer overflow detected)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
Tux12Fun
Apprentice
Apprentice


Joined: 16 Aug 2007
Posts: 156

PostPosted: Fri May 28, 2010 10:53 pm    Post subject: Bugfix for RipperX (buffer overflow detected) Reply with quote

Hi,

here is a Bugfix for the RipperX Program. (Also posted on SF for the Developers of RipperX)

Problem is a buffer over flow witch occurs if you rip a track with a track number > 9

(Out of the Box it looks like this)
Code:

*** buffer overflow detected ***: ./ripperX terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x56)[0xb6dbfc46]
/lib/libc.so.6(+0xe6b4b)[0xb6dbdb4b]
/lib/libc.so.6(+0xe6208)[0xb6dbd208]
/lib/libc.so.6(_IO_default_xsputn+0xa6)[0xb6d41b36]
/lib/libc.so.6(_IO_vfprintf+0xe14)[0xb6d154e4]
/lib/libc.so.6(__vsprintf_chk+0xa6)[0xb6dbd2b6]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb6dbd1fd]
./ripperX[0x80549fa]
./ripperX[0x8056a4f]
./ripperX[0x8056a8a]
/usr/lib/libglib-2.0.so.0(+0x45317)[0xb6f9d317]
/usr/lib/libglib-2.0.so.0(+0x44518)[0xb6f9c518]
/usr/lib/libglib-2.0.so.0(+0x46443)[0xb6f9e443]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1fa)[0xb6f9e91a]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb9)[0xb7545f89]
./ripperX[0x8056e86]
/lib/libc.so.6(__libc_start_main+0xe6)[0xb6cedbc6]
./ripperX[0x804b8e1]
======= Memory map: ========
08048000-08078000 r-xp 00000000 08:04 4022475    /media/daten/home/tux12fun/ripperX-2.7.2/src/ripperX
08078000-08079000 r--p 0002f000 08:04 4022475    /media/daten/home/tux12fun/ripperX-2.7.2/src/ripperX
08079000-0807d000 rw-p 00030000 08:04 4022475    /media/daten/home/tux12fun/ripperX-2.7.2/src/ripperX
0807d000-080c4000 rw-p 00000000 00:00 0
08bc2000-08ce3000 rw-p 00000000 00:00 0          [heap]
b6489000-b648a000 rw-p 00000000 00:00 0
b648a000-b64ea000 rw-s 00000000 00:04 180289542  /SYSV00000000 (deleted)
b64ea000-b6638000 r--p 00000000 08:02 457861     /usr/share/icons/hicolor/icon-theme.cache
b6638000-b663d000 r-xp 00000000 08:02 530715     /lib/libnss_dns-2.11.1.so
b663d000-b663e000 r--p 00004000 08:02 530715     /lib/libnss_dns-2.11.1.so
b663e000-b663f000 rw-p 00005000 08:02 530715     /lib/libnss_dns-2.11.1.so
b664a000-b6656000 r--p 00000000 08:02 629783     /usr/share/locale/de/LC_MESSAGES/glib20.mo
b6656000-b66ee000 r--p 00000000 08:02 599530     /usr/share/fonts/dejavu/DejaVuSans.ttf
b66ee000-b66f0000 r-xp 00000000 08:02 654111     /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b66f0000-b66f1000 r--p 00001000 08:02 654111     /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b66f1000-b66f2000 rw-p 00002000 08:02 654111     /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b66f2000-b66f8000 r--s 00000000 08:02 530096     /var/cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-le32d4.cache-3
b66f8000-b66fe000 r--s 00000000 08:02 530099     /var/cache/fontconfig/acc285bc1956c3c4bc7afb41d537a85a-le32d4.cache-3
b66fe000-b670c000 r--s 00000000 08:02 530098     /var/cache/fontconfig/8d4af663993b81a124ee82e610bb31f9-le32d4.cache-3
b670c000-b6713000 r--s 00000000 08:02 530097     /var/cache/fontconfig/12b26b760a24f8b4feb03ad48a333a72-le32d4.cache-3
b6713000-b6773000 rw-s 00000000 00:04 175767555  /SYSV00000000 (deleted)
b6773000-b6792000 r--p 00000000 08:02 649198     /usr/share/locale/de/LC_MESSAGES/libc.mo
b6792000-b6798000 r-xp 00000000 08:02 654810     /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b6798000-b6799000 r--p 00005000 08:02 654810     /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b6799000-b679a000 rw-p 00006000 08:02 654810     /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
b679a000-b679b000 rw-p 00000000 00:00 0
b679b000-b67c3000 r--p 00000000 08:02 654759     /usr/share/locale/de/LC_MESSAGES/gtk20-properties.mo
b67c3000-b67cd000 r-xp 00000000 08:02 530731     /lib/libnss_files-2.11.1.so
b67cd000-b67ce000 r--p 00009000 08:02 530731     /lib/libnss_files-2.11.1.so
b67ce000-b67cf000 rw-p 0000a000 08:02 530731     /lib/libnss_files-2.11.1.so
b67cf000-b67d8000 r-xp 00000000 08:02 530683     /lib/libnss_nis-2.11.1.so
b67d8000-b67d9000 r--p 00008000 08:02 530683     /lib/libnss_nis-2.11.1.so
b67d9000-b67da000 rw-p 00009000 08:02 530683     /lib/libnss_nis-2.11.1.so
b67da000-b67ed000 r-xp 00000000 08:02 530730     /lib/libnsl-2.11.1.so
b67ed000-b67ee000 r--p 00012000 08:02 530730     /lib/libnsl-2.11.1.so
b67ee000-b67ef000 rw-p 00013000 08:02 530730     /lib/libnsl-2.11.1.so
b67ef000-b67f1000 rw-p 00000000 00:00 0
b67f1000-b67f8000 r-xp 00000000 08:02 530755     /lib/libnss_compat-2.11.1.so
b67f8000-b67f9000 r--p 00006000 08:02 530755     /lib/libnss_compat-2.11.1.so
b67f9000-b67fa000 rw-p 00007000 08:02 530755     /lib/libnss_compat-2.11.1.so
b67fe000-b6811000 r--s 00000000 08:02 530095     /var/cache/fontconfig/4b5cf4386f1cde02a336ba961b4ac82d-le32d4.cache-3
b6811000-b6818000 r--s 00000000 08:02 1012358    /usr/lib/gconv/gconv-modules.cache
b6818000-b6a18000 r--p 00000000 08:02 980073     /usr/lib/locale/locale-archive
b6a18000-b6a1b000 rw-p 00000000 00:00 0
b6a1b000-b6a26000 r-xp 00000000 08:02 496559     /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1
b6a26000-b6a27000 rw-p 0000a000 08:02 496559     /usr/lib/gcc/i686-pc-linux-gnu/4.3.4/libgcc_s.so.1
b6a27000-b6a29000 r-xp 00000000 08:02 530729     /lib/libdl-2.11.1.so
b6a29000-b6a2a000 r--p 00001000 08:02 530729     /lib/libdl-2.11.1.so
b6a2a000-b6a2b000 rw-p 00002000 08:02 530729     /lib/libdl-2.11.1.so
b6a2b000-b6a52000 r-xp 00000000 08:02 535596     /usr/lib/libexpat.so.1.5.2
b6a52000-b6a53000 ---p 00027000 08:02 535596     /usr/lib/libexpat.so.1.5.2
b6a53000-b6a55000 r--p 00027000 08:02 535596     /usr/lib/libexpat.so.1.5.2
b6a55000-b6a56000 rw-p 00029000 08:02 535596     /usr/lib/libexpat.so.1.5.2
b6a56000-b6a57000 rw-p 00000000 00:00 0
b6a57000-b6a68000 r-xp 00000000 08:02 530571     /lib/libresolv-2.11.1.so
b6a68000-b6a69000 r--p 00010000 08:02 530571     /lib/libresolv-2.11.1.so
b6a69000-b6a6a000 rw-p 00011000 08:02 530571     /lib/libresolv-2.11.1.so
b6a6a000-b6a6c000 rw-p 00000000 00:00 0
b6a6c000-b6a71000 r-xp 00000000 08:02 609558     /usr/lib/libXdmcp.so.6.0.0
b6a71000-b6a72000 r--p 00004000 08:02 609558     /usr/lib/libXdmcp.so.6.0.0
b6a72000-b6a73000 rw-p 00005000 08:02 609558     /usr/lib/libXdmcp.so.6.0.0
b6a73000-b6a75000 r-xp 00000000 08:02 608119     /usr/lib/libXau.so.6.0.0
b6a75000-b6a76000 r--p 00001000 08:02 608119     /usr/lib/libXau.so.6.0.0
b6a76000-b6a77000 rw-p 00002000 08:02 608119     /usr/lib/libXau.so.6.0.0
b6a77000-b6a91000 r-xp 00000000 08:02 929345     /usr/lib/libxcb.so.1.1.0
b6a91000-b6a92000 r--p 00019000 08:02 929345     /usr/lib/libxcb.so.1.1.0
b6a92000-b6a93000 rw-p 0001a000 08:02 929345     /usr/lib/libxcb.so.1.1.0
b6a93000-b6bbd000 r-xp 00000000 08:02 592464     /usr/lib/libX11.so.6.3.0
b6bbd000-b6bbe000 r--p 00129000 08:02 592464     /usr/lib/libX11.so.6.3.0
b6bbe000-b6bc1000 rw-p 0012a000 08:02 592464     /usr/lib/libX11.so.6.3.0
b6bc1000-b6bc8000 r-xp 00000000 08:02 550696     /usr/lib/libXrender.so.1.3.0
b6bc8000-b6bc9000 rw-p 00007000 08:02 550696     /usr/lib/libXrender.so.1.3.0
b6bc9000-b6bca000 rw-p 00000000 00:00 0
b6bca000-b6bd1000 r-xp 00000000 08:02 929349     /usr/lib/libxcb-render.so.0.0.0
b6bd1000-b6bd2000 r--p 00006000 08:02 929349     /usr/lib/libxcb-render.so.0.0.0
b6bd2000-b6bd3000 rw-p 00007000 08:02 929349     /usr/lib/libxcb-render.so.0.0.0



The Location of the Bug is:
src/job_controll.c line: 436
Code:

char s_track_num[2];        // original
char s_track_num[3];        // bugfix


the buffer over flow happens on line: 483
Code:

sprintf(s_track_num,"%d",(i+1));   // IF i > 9 two bytes are to less (Databyte + Databyte + \0 Line term)


I hope this is a use full help for other Gentoo Users.

@ Admin, it would be nice if this thread would stay on top.
Back to top
View user's profile Send private message
erik258
Advocate
Advocate


Joined: 12 Apr 2005
Posts: 2650
Location: Twin Cities, Minnesota, USA

PostPosted: Sat May 29, 2010 6:01 pm    Post subject: Reply with quote

Hey sweet, that might just fix the segfault problems I was seeing in ripperX.

You should submit a bug report for this. Not sure if the developers will pick it up from the forums.
_________________
Configuring a Firewall? Try my iptables configuration
LinuxCommando.com is my blog for linux-related scraps and tidbits. Stop by for a visit!
Back to top
View user's profile Send private message
Tux12Fun
Apprentice
Apprentice


Joined: 16 Aug 2007
Posts: 156

PostPosted: Sun May 30, 2010 11:40 am    Post subject: Reply with quote

Hi,

A bug report at gentoo or at SF ?

At SF I've added the code snip also.
Back to top
View user's profile Send private message
ciith
n00b
n00b


Joined: 23 Feb 2003
Posts: 10
Location: ontario

PostPosted: Sun Oct 10, 2010 4:48 pm    Post subject: Reply with quote

Thanks for the fix.

For anyone else who wants to patch their ebuild I'm including what I had to do since it took me a bit to figure out and I figured somebody else might benefit from directions.

First is just copying from the existing ebuild:
Code:
mkdir -p /usr/local/portage/media-sound/ripperx
cp -r /usr/portage/media-sound/ripperx/ /usr/local/portage/media-sound/ripperx/


Then put the following patch in the file /usr/local/portage/media-sound/ripperx/files/ripperx-2.7.2-tracknum.patch
Code:
*** ripperX-2.7.2.orig/src/job_control.c    2008-02-14 12:05:09.000000000 -0600
--- ripperX-2.7.2/src/job_control.c    2010-10-10 11:25:19.000000000 -0500
***************
*** 432,438 ****
      int madewavs = FALSE;
      int mademp3s = FALSE;
      int tracksdone = 0;
!     char s_track_num[2];
      char *artist;
      ID3Tag *myTag;
 
--- 432,438 ----
      int madewavs = FALSE;
      int mademp3s = FALSE;
      int tracksdone = 0;
!     char s_track_num[3];
      char *artist;
      ID3Tag *myTag;


Update /usr/local/portage/media-sound/ripperx/files/ripperx-2.7.2.ebuild to use the new patch:
Code:

# Copyright 1999-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/media-sound/ripperx/ripperx-2.7.2.ebuild,v 1.7 2009/07/23 08:37:54 ssuominen Exp $

EAPI=2
inherit eutils

MY_P=${P/x/X}
MY_PN=${PN/x/X}

DESCRIPTION="a GTK program to rip CD audio tracks and encode them to the Ogg, MP3, or FLAC formats."
HOMEPAGE="http://sourceforge.net/projects/ripperx"
SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"

LICENSE="GPL-2"
SLOT="0"
KEYWORDS="amd64 ppc sparc x86"
IUSE="nls"

RDEPEND=">=x11-libs/gtk+-2
   media-sound/lame
   media-sound/cdparanoia
   media-libs/id3lib"
DEPEND="${RDEPEND}
   dev-util/pkgconfig
   nls? ( sys-devel/gettext )"

S=${WORKDIR}/${MY_P}

src_prepare() {
   epatch "${FILESDIR}"/${P}-ldflags.patch \
      "${FILESDIR}"/${P}-pkgconfig.patch \
      "${FILESDIR}"/${P}-tracknum.patch
}

src_configure() {
   econf \
      --disable-dependency-tracking \
      $(use_enable nls)
}

src_install() {
   emake DESTDIR="${D}" install || die "emake install failed"
   dodoc BUGS CHANGES FAQ README* TODO
   doicon src/xpms/${MY_PN}-icon.xpm
   make_desktop_entry ${MY_PN} ${MY_PN} ${MY_PN}-icon
}


and then digest it

Code:
cd /usr/local/portage/media-sound/ripperx/
ebuild ripperx-2.7.2.ebuild digest


You should be able to emerge it now. Hopefully that helps someone.
Back to top
View user's profile Send private message
Tux12Fun
Apprentice
Apprentice


Joined: 16 Aug 2007
Posts: 156

PostPosted: Mon Oct 11, 2010 10:31 pm    Post subject: Reply with quote

Hi,

may be you could open a Gentoo Bugreport, so the Ebuild maintainers could insert this patch to the tree.

Thank you for your work.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum