#38 buffer overflow detected

closed-out-of-date
nobody
None
5
2011-08-26
2009-07-31
Steve Kelem
No

I'm running ripperX 2.7.2 on OpenSuSE 11.0, i586.
When I rip and encode a CD, I get the following output:
*** buffer overflow detected ***: ripperX terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x48)[0xb773e4a8]
/lib/libc.so.6[0xb773c4e0]
/lib/libc.so.6[0xb773bb68]
/lib/libc.so.6(_IO_default_xsputn+0xa0)[0xb76c55e0]
/lib/libc.so.6(_IO_vfprintf+0xf72)[0xb7699e52]
/lib/libc.so.6(__vsprintf_chk+0xa7)[0xb773bc17]
/lib/libc.so.6(__sprintf_chk+0x2d)[0xb773bb5d]
ripperX[0x80549ce]
ripperX[0x8056a47]
ripperX[0x8056a8a]
/usr/lib/libglib-2.0.so.0[0xb791aa06]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1e9)[0xb791a2d9]
/usr/lib/libglib-2.0.so.0[0xb791d85b]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1ca)[0xb791dd2a]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb9)[0xb7caf279]
ripperX[0x8056e9d]
/lib/libc.so.6(__libc_start_main+0xe5)[0xb76715f5]
ripperX[0x804b871]
======= Memory map: ========
08048000-08078000 r-xp 00000000 08:05 1125254 /usr/bin/ripperX
08078000-08079000 r--p 0002f000 08:05 1125254 /usr/bin/ripperX
08079000-0807d000 rw-p 00030000 08:05 1125254 /usr/bin/ripperX
0807d000-082ac000 rw-p 0807d000 00:00 0 [heap]
a527f000-a535f000 r--p 00000000 08:07 430562 /opt/gnome/share/icons/gnome/icon-theme.cache
a535f000-a5a50000 r--p 00000000 08:05 176682 /usr/share/icons/gnome/icon-theme.cache
a5a50000-a6141000 r--p 00000000 08:05 176682 /usr/share/icons/gnome/icon-theme.cache
a6141000-a6832000 r--p 00000000 08:05 176682 /usr/share/icons/gnome/icon-theme.cache
a6832000-a6b88000 r--p 00000000 08:07 432195 /opt/gnome/share/icons/hicolor/icon-theme.cache
a6b88000-a7744000 r--p 00000000 08:05 727200 /usr/share/icons/hicolor/icon-theme.cache
a7744000-a886a000 r--p 00000000 08:07 608676 /opt/kde3/share/icons/hicolor/icon-theme.cache
a886a000-a9426000 r--p 00000000 08:05 727200 /usr/share/icons/hicolor/icon-theme.cache
a9426000-a9fe2000 r--p 00000000 08:05 727200 /usr/share/icons/hicolor/icon-theme.cache
a9fe2000-ad650000 r--p 00000000 08:05 471161 /usr/share/icons/oxygen/icon-theme.cache
ad650000-b0cbe000 r--p 00000000 08:05 471161 /usr/share/icons/oxygen/icon-theme.cache
b0cbe000-b432c000 r--p 00000000 08:05 471161 /usr/share/icons/oxygen/icon-theme.cache
b432c000-b432e000 rw-p b432c000 00:00 0
b432e000-b4363000 r--s 00000000 08:05 297438 /var/run/nscd/dbfAS2QS (deleted)
b4363000-b438d000 r--p 00000000 08:05 183380 /usr/share/fonts/truetype/albw.ttf
b438d000-b438f000 r-xp 00000000 08:05 164223 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b438f000-b4390000 r--p 00001000 08:05 164223 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b4390000-b4391000 rw-p 00002000 08:05 164223 /usr/lib/pango/1.6.0/modules/pango-basic-fc.so
b4391000-b4398000 r--s 00000000 08:05 183645 /var/cache/fontconfig/77e41c5059666d75f92e318d4be8c21e-x86.cache-2
b4398000-b439a000 r--s 00000000 08:05 181826 /var/cache/fontconfig/2736766d4907c6828b9382ebdbe3064b-x86.cache-2
b439a000-b439e000 r--s 00000000 08:05 183646 /var/cache/fontconfig/c16af864172909159ced9a806109b5c1-x86.cache-2
b439e000-b43a1000 r--s 00000000 08:05 181780 /var/cache/fontconfig/31f82260556886db06538972b4bc1ecd-x86.cache-2
b43a1000-b43e7000 r--s 00000000 08:05 183608 /var/cache/fontconfig/df311e82a1a24c41a75c2c930223552e-x86.cache-2
b43e7000-b442d000 r--s 00000000 08:05 183609 /var/cache/fontconfig/17090aa38d5c6f09fb8c5c354938f1d7-x86.cache-2
b442d000-b4431000 r--s 00000000 08:05 184632 /var/cache/fontconfig/dfa71740a345ccb654c4a3b2ceb1aa82-x86.cache-2
b4431000-b448f000 r--s 00000000 08:05 184647 /var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86.cache-2
b448f000-b4494000 r--s 00000000 08:05 183533 /var/cache/fontconfig/d62e99ef547d1d24cdb1bd22ec1a2976-x86.cache-2
b4494000-b44a0000 r--s 00000000 08:05 184629 /var/cache/fontconfig/71e44b93d92c4d850a6425411914df5e-x86.cache-2
b44a0000-b44a2000 r--s 00000000 08:05 183626 /var/cache/fontconfig/d458be102e54cf534d1eef0dcbb02d07-x86.cache-2
b44a2000-b44a9000 r--s 00000000 08:05 183616 /var/cache/fontconfig/f80f85ff075af895657a2def80df3f56-x86.cache-2
b44a9000-b44d1000 r--s 00000000 08:05 18

Discussion

  • Steve Kelem
    Steve Kelem
    2009-09-20

    This error happens on every CD that I have tried.

     
  • I get the same error on my Gentoo System when RipperX finished the last Track.

    And the Tracks 0 - 9 are tagged but Track Numbers > 10 aren't Tagged (rip to MP3).

     
  • Hi,

    the Problem is a Variable witch is defined to small.

    The Location of the Bug is:
    src/job_controll.c line: 436
    --- original: char s_track_num[2]; --- New: char s_track_num[3];

    the bufferoverflow happens on line: 483
    --- code: sprintf(s_track_num,"%d",(i+1)); // IF i > 9 two bytes are to less (Databyte + Databyte + \0 Line term)

     
  • Matt Hammond
    Matt Hammond
    2010-06-09

    The suggested bugfix (2010-05-28) appears to solve the problem for me.

     
  • Steve Sanbeg
    Steve Sanbeg
    2011-08-26

    I think this was caused by an old bug in the tagging code, which caused
    ripperX to crash when tagging tracks with 2 digit numbers; this was
    apparently fixed some time ago.

     
  • Steve Sanbeg
    Steve Sanbeg
    2011-08-26

    • status: open --> closed-out-of-date