[Mplayerxp-cvslog] SF.net SVN: mplayerxp:[625] mplayerxp
Brought to you by:
olov
Menu
▾
▴
[Mplayerxp-cvslog] SF.net SVN: mplayerxp:[625] mplayerxp
|
From: <nic...@us...> - 2012-12-29 12:10:50
|
Revision: 625
http://mplayerxp.svn.sourceforge.net/mplayerxp/?rev=625&view=rev
Author: nickols_k
Date: 2012-12-29 12:10:43 +0000 (Sat, 29 Dec 2012)
Log Message:
-----------
segfault-- and attempt to defect environment!
Note about illegal-patch:
No comments: listing of gdb tells even more that i'm able to say.
$gdb --args ./ffmpeg -ao alsa:hw:0 -vo x11 M/l.avi -vf menu=main
GNU gdb (GDB) 7.5
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /Data/-SF.NET-/MPXP/mplayerxp/mplayerxp/ffmpeg...done.
(gdb) break mplayerxp.cpp:2079
Breakpoint 1 at 0x4585cc: file mplayerxp.cpp, line 2079.
(gdb) run
Starting program: /Data/-SF.NET-/MPXP/mplayerxp/mplayerxp/ffmpeg -ao alsa:hw:0 -vo x11 M/l.avi -vf menu=main
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Breakpoint 1, main (argc=<optimized out>, args=<optimized out>, envp=
0x7fffffffdae0) at mplayerxp.cpp:2079
2079 envp[j+1] = NULL;
(gdb) print args[argc]
value has been optimized out
(gdb) print envp[j+1]
$1 = 0x21 <Address 0x21 out of bounds>
(gdb) n
2082 rc=mp_mprotect((any_t*)antiviral_hole1,sizeof(antiviral_hole1),MP_DENY_ALL);
(gdb) print envp[j+1]
$2 = 0x21 <Address 0x21 out of bounds>
(gdb) print envp[j+2]
$3 = 0x7ffff7ffb000 "\177ELF\002\001\001"
(gdb) print envp[j+3]
$4 = 0x10 <Address 0x10 out of bounds>
(gdb) print envp[j+4]
$5 = 0x178bfbff <Address 0x178bfbff out of bounds>
(gdb) print envp[j+5]
$6 = 0x6 <Address 0x6 out of bounds>
(gdb) print envp[j+6]
$7 = 0x1000 <Address 0x1000 out of bounds>
(gdb) print envp[j+7]
$8 = 0x11 <Address 0x11 out of bounds>
(gdb) print envp[j+8]
$9 = 0x64 <Address 0x64 out of bounds>
(gdb) print envp[j+9]
$10 = 0x3 <Address 0x3 out of bounds>
(gdb) print envp[j+10]
$11 = 0x400040 "\006"
(gdb) print envp[j+11]
$12 = 0x4 <Address 0x4 out of bounds>
(gdb) print envp[j+12]
$13 = 0x38 <Address 0x38 out of bounds>
(gdb) print envp[j+13]
$14 = 0x5 <Address 0x5 out of bounds>
(gdb) print envp[j+14]
$15 = 0x8 <Address 0x8 out of bounds>
(gdb) print envp[j+15]
$16 = 0x7 <Address 0x7 out of bounds>
Modified Paths:
--------------
mplayerxp/libvo2/x11_system.cpp
mplayerxp/mplayerxp.cpp
mplayerxp/osdep/mplib.cpp
mplayerxp/osdep/mplib.h
Modified: mplayerxp/libvo2/x11_system.cpp
===================================================================
--- mplayerxp/libvo2/x11_system.cpp 2012-12-29 10:39:06 UTC (rev 624)
+++ mplayerxp/libvo2/x11_system.cpp 2012-12-29 12:10:43 UTC (rev 625)
@@ -1021,8 +1021,10 @@
::shmctl(Shminfo[idx].shmid, IPC_RMID, 0);
}
void Xv_System::freeMyXImage(unsigned idx) {
- ::XShmDetach( get_display(),&Shminfo[idx]);
- ::shmdt( Shminfo[idx].shmaddr );
+ if(Shminfo[idx].shmid) {
+ ::XShmDetach( get_display(),&Shminfo[idx]);
+ ::shmdt( Shminfo[idx].shmaddr );
+ }
}
void Xv_System::put_image(XvImage*image,const vo_rect_t& r) const {
Modified: mplayerxp/mplayerxp.cpp
===================================================================
--- mplayerxp/mplayerxp.cpp 2012-12-29 10:39:06 UTC (rev 624)
+++ mplayerxp/mplayerxp.cpp 2012-12-29 12:10:43 UTC (rev 625)
@@ -2064,6 +2064,7 @@
str=args[i];
argv.push_back(str);
}
+ args[argc] = (char*)make_false_pointer((any_t*)antiviral_hole1);
std::map<std::string,std::string> envm;
unsigned j=0;
size_t pos;
@@ -2075,6 +2076,7 @@
str=str.substr(0,pos);
envm[str]=stmp;
}
+ envp[j+1] = NULL;
/* init antiviral protection */
int rc;
rc=mp_mprotect((any_t*)antiviral_hole1,sizeof(antiviral_hole1),MP_DENY_ALL);
Modified: mplayerxp/osdep/mplib.cpp
===================================================================
--- mplayerxp/osdep/mplib.cpp 2012-12-29 10:39:06 UTC (rev 624)
+++ mplayerxp/osdep/mplib.cpp 2012-12-29 12:10:43 UTC (rev 625)
@@ -27,16 +27,28 @@
return buffer;
}
+any_t* make_false_pointer(any_t* tmplt) {
+ long lo_mask=(sizeof(any_t*)*8/2)-1;
+ long hi_mask=~lo_mask;
+ long false_pointer;
+ false_pointer=::rand()&lo_mask;
+ false_pointer|=(reinterpret_cast<long>(tmplt)&hi_mask);
+ return reinterpret_cast<any_t*>(false_pointer);
+}
+
+any_t* __FASTCALL__ make_false_pointer_to(any_t* tmplt,unsigned size) {
+ long false_pointer=reinterpret_cast<long>(tmplt);
+ false_pointer+=::rand()%size;
+ return reinterpret_cast<any_t*>(false_pointer);
+}
+
any_t* fill_false_pointers(any_t* buffer,size_t size)
{
unsigned i,psize=(size/sizeof(any_t*))*sizeof(any_t*);
- long lo_mask=(sizeof(any_t*)*8/2)-1;
- long hi_mask=~lo_mask;
- long filler;
+ any_t* filler;
for(i=0;i<psize/sizeof(long);i++) {
- filler=::rand()&lo_mask;
- filler|=(reinterpret_cast<long>(buffer)&hi_mask);
- ((long *)buffer)[i]=::rand()%2?filler:0;
+ filler=make_false_pointer(buffer);
+ ((long *)buffer)[i]=::rand()%2?reinterpret_cast<long>(filler):0;
}
::memset(&((char *)buffer)[psize],0,size-psize);
return buffer;
Modified: mplayerxp/osdep/mplib.h
===================================================================
--- mplayerxp/osdep/mplib.h 2012-12-29 10:39:06 UTC (rev 624)
+++ mplayerxp/osdep/mplib.h 2012-12-29 12:10:43 UTC (rev 625)
@@ -74,6 +74,8 @@
print_backtrace(why,stack,ncalls);
}
any_t* __FASTCALL__ rnd_fill(any_t* buffer,size_t size);
+ any_t* __FASTCALL__ make_false_pointer(any_t* tmplt);
+ any_t* __FASTCALL__ make_false_pointer_to(any_t* tmplt,unsigned size);
any_t* __FASTCALL__ fill_false_pointers(any_t* buffer,size_t size);
any_t* get_caller_address(unsigned num_caller=0);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
