Menu

#33 Turning GyachI Voice Chat on results in buffer overflow

open
nobody
General (29)
5
2007-03-22
2007-03-22
Ihab
No

I'm using GyachI 1.0.5-3. This bug was achieved by doing the following steps:

First of all I clicked on Enable Voice Chat, I got the popup label that confirms "Voice chat has been enabled. Start pY! Voice Chat." and I press ok.

Next, I press on Launch pY! Voice Chat and the voicechat panel comes up.

After that, I click the ON button and that causes the buffer overflow which causes the GYachI Voice Chat alone to crash.

Here's the output from the konsole once the buffer overflow occurs:

*** buffer overflow detected ***: gyachivoice terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x420ea361]
gyachivoice[0x805a1b0]
gyachivoice[0x805a385]
/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x49)[0x4fc640f9]
/lib/libgobject-2.0.so.0(g_closure_invoke+0x12b)[0x4fc56d9b]
/lib/libgobject-2.0.so.0[0x4fc67433]
/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x8c7)[0x4fc68957]
/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x4fc68b19]
/usr/lib/libgtk-x11-2.0.so.0(gtk_button_clicked+0x53)[0x4efdde13]
/usr/lib/libgtk-x11-2.0.so.0[0x4f173648]
/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__VOID+0x49)[0x4fc640f9]
/lib/libgobject-2.0.so.0[0x4fc55589]
/lib/libgobject-2.0.so.0(g_closure_invoke+0x12b)[0x4fc56d9b]
/lib/libgobject-2.0.so.0[0x4fc678ca]
/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x8c7)[0x4fc68957]
/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x4fc68b19]
/usr/lib/libgtk-x11-2.0.so.0(gtk_button_released+0x53)[0x4efddea3]
/usr/lib/libgtk-x11-2.0.so.0[0x4efddf01]
/usr/lib/libgtk-x11-2.0.so.0[0x4f0aea60]
/lib/libgobject-2.0.so.0[0x4fc55589]
/lib/libgobject-2.0.so.0(g_closure_invoke+0x12b)[0x4fc56d9b]
/lib/libgobject-2.0.so.0[0x4fc67a83]
/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x68f)[0x4fc6871f]
/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x4fc68b19]
/usr/lib/libgtk-x11-2.0.so.0[0x4f1c3508]
/usr/lib/libgtk-x11-2.0.so.0(gtk_propagate_event+0x183)[0x4f0a7e33]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x317)[0x4f0a9037]
/usr/lib/libgdk-x11-2.0.so.0[0x4f39712a]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x182)[0x4fbd4442]
/lib/libglib-2.0.so.0[0x4fbd741f]
/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9)[0x4fbd77c9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x4f0a94b4]
gyachivoice(vfprintf+0x435)[0x804bb0d]
/lib/libc.so.6(__libc_start_main+0xdc)[0x4201ef2c]
gyachivoice(vfprintf+0x1a9)[0x804b881]
======= Memory map: ========
00110000-00117000 rwxp 00110000 00:00 0
00117000-0011d000 r-xs 00000000 fd:00 17629466 /var/cache/fontconfig/b79f3aaa7d385a141ab53ec885cc22a8-x86.cache-2
0011d000-0011f000 r-xs 00000000 fd:00 17629238 /var/cache/fontconfig/87f5e051180a7a75f16eb6fe7dbd3749-x86.cache-2
0011f000-00120000 rwxs 00000000 00:08 2392065 /SYSV0056a4d5 (deleted)
00120000-00121000 r-xs 80000000 00:10 7065 /dev/snd/pcmC0D0p
00121000-00122000 rwxs 81000000 00:10 7065 /dev/snd/pcmC0D0p
00122000-00142000 rwxs 00000000 00:08 2424854 /SYSV0056a4d6 (deleted)
00142000-00143000 r-xs 80000000 00:10 6958 /dev/snd/pcmC0D0c
00143000-00144000 rwxs 81000000 00:10 6958 /dev/snd/pcmC0D0c
00144000-00154000 rwxs 00000000 00:10 6958 /dev/snd/pcmC0D0c
00174000-00178000 r-xp 00000000 fd:00 5543951 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
00178000-00179000 rwxp 00003000 fd:00 5543951 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-png.so
0024f000-00254000 r-xs 00000000 fd:00 17629999 /var/cache/fontconfig/beeeeb3dfe132a8a0633a017c99ce0c0-x86.cache-2
002c4000-002ca000 r-xs 00000000 fd:00 17629808 /var/cache/fontconfig/7ddba6133ef499da58de5e8c586d3b75-x86.cache-2
00332000-00338000 r-xp 00000000 fd:00 5538142 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
00338000-00339000 rwxp 00005000 fd:00 5538142 /usr/lib/gtk-2.0/2.10.0/loaders/libpixbufloader-xpm.so
00344000-00345000 rwxs 00000000 00:08 21200961 /SYSV0056a4d7 (deleted)
00379000-0037a000 r-xp 00379000 00:00 0 [vdso]
003ae000-003b6000 r-xs 00000000 fd:00 17629807 /var/cache/fontconfig/e19de935dec46bbf3ed114ee4965548a-x86.cache-2
003bd000-003cd000 rwxs 00000000 00:10 7065 /dev/snd/pcmC0D0p
003ee000-0045b000 r-xp 00000000 fd:00 5965505 /usr/share/fonts/dejavu-lgc/DejaVuLGCSans.ttf
0051b000-00524000 r-xp 00000000 fd:00 5898280 /lib/libnss_files-2.5.so
00524000-00525000 r-xp 00008000 fd:00 5898280 /lib/libnss_files-2.5.so
00525000-00526000 rwxp 00009000 fd:00 5898280 /lib/libnss_files-2.5.so
00693000-00893000 r-xp 00000000 fd:00 5265009 /usr/lib/locale/locale-archive
008da000-008eb000 r-xp 00000000 fd:00 5538314 /usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
008eb000-008ec000 rwxp 00011000 fd:00 5538314 /usr/lib/gtk-2.0/2.10.0/engines/libclearlooks.so
00990000-009f0000 rwxs 00000000 00:08 24510535 /SYSV00000000 (deleted)
00aec000-00aed000 rwxp 00000000 00:10 1794 /dev/zero
00cc5000-00cc6000 r-xp 00000000 fd:00 5341366 /usr/lib/gconv/ISO8859-1.so
00cc6000-00cc8000 rwxp 00000000 fd:00 5341366 /usr/lib/gconv/ISO8859-1.so
00d79000-00d7b000 r-xp 00000000 fd:00 5506289 /usr/lib/pango/1.5.0/modules/pango-basic-fc.so
00d7b000-00d7c000 rwxp 00001000 fd:00 5506289 /usr/lib/pango/1.5.0/modules/pango-basic-fc.so
00e69000-00e6a000 rwxp 00e69000 00:00 0
00e8b000-00e8c000 rwxp 00e8b000 00:00 0
00fc1000-00fc8000 r-xs 00000000 fd:00 5341443 /usr/lib/gconv/gconv-modules.cache
00fde000-00fe0000 r-xs 00000000 fd:00 17629550 /var/cache/fontconfig/e3ead4b767b8819993a6fa3ae306afa9-x86.cache-2
00fe0000-00fe1000 --xp 00fe0000 00:00 0
00fe1000-019e1000 rwxp 00fe1000 00:00 0
08047000-08064000 r-xp 00000000 fd:00 5267712 /usr/bin/gyachivoice
08064000-0806c000 rwxp 0001d000 fd:00 5267712 /usr/bin/gyachivoice
0806c000-080c2000 rwxp 0806c000 00:00 0
09aaa000-09c40000 rwxp 09aaa000 00:00 0
41fec000-42005000 r-xp 00000000 fd:00 5898258 /lib/ld-2.5.so
42005000-42006000 r-xp 00018000 fd:00 5898258 /lib/ld-2.5.so
42006000-42007000 rwxp 00019000 fd:00 5898258 /lib/ld-2.5.so
42009000-42140000 r-xp 00000000 fd:00 5898269 /lib/libc-2.5.so
42140000-42142000 r-xp 00137000 fd:00 5898269 /lib/libc-2.5.so
42142000-42143000 rwxp 00139000 fd:00 5898269 /lib/libc-2.5.so
42143000-42146000 rwxp 42143000 00:00 0
42148000-4216d000 r-xp 00000000 fd:00 5899807 /lib/libm-2.5.so
4216d000-4216e000 r-xp 00024000 fd:00 5899807 /lib/libm-2.5.so
4216e000-4216f000 rwxp 00025000 fd:00 5899807 /lib/libm-2.5.so
42171000-42173000 r-xp 00000000 fd:00 5899805 /lib/libdl-2.5.so
42173000-42174000 r-xp 00001000 fd:00 5899805 /lib/libdl-2.5.so
42174000-42175000 rwxp 00002000 fd:00 5899805 /lib/libdl-2.5.so
42177000-42189000 r-xp 00000000 fd:00 5264621 /usr/lib/libz.so.1.2.3
42189000-4218a000 rwxp 00011000 fd:00 5264621 /usr/lib/libz.so.1.2.3
4222c000-4232a000 r-xp 00000000 fd:00 5264615 /usr/lib/libX11.so.6.2.0
4232a000-4232e000 rwxp 000fd000 fd:00 5264615 /usr/lib/libX11.so.6.2.0
42330000-42335000 r-xp 00000000 fd:00 5264613 /usr/lib/libXdmcp.so.6.0.0
42335000-42336000 rwxp 00004000 fd:00 5264613 /usr/lib/libXdmcp.so.6.0.0
42338000-4233a000 r-xp 00000000 fd:00 5264612 /usr/lib/libXau.so.6.0.0
4233a000-4233b000 rwxp 00001000 fd:00 5264612 /usr/lib/libXau.so.6.0.0
4237e000-4238d000 r-xp 00000000 fd:00 5264760 /usr/lib/libXext.so.6.4.0
4238d000-4238e000 rwxp 0000e000 fd:00 5264760 /usr/lib/libXext.so.6.4.0
42390000-423af000 r-xp 00000000 fd:00 5899809 /lib/libexpat.so.0.5.0
423af000-423b1000 rwxp 0001e000 fd:00

Discussion

Log in to post a comment.

MongoDB Logo MongoDB