aumix crash on setting volume on Ubuntu 8.10
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
aumix (Ubuntu) |
Fix Released
|
High
|
Kees Cook |
Bug Description
Binary package hint: aumix
If i run aumix with command line 'aumix -w +5' then it crashes with following message from libc:
*** buffer overflow detected ***: aumix terminated
======= Backtrace: =========
/lib/tls/
/lib/tls/
/lib/tls/
aumix[0x8049cbc]
aumix[0x804a4b0]
/lib/tls/
aumix(Gpm_
======= Memory map: ========
08048000-0804f000 r-xp 00000000 08:04 18564236 /usr/bin/aumix
0804f000-08050000 r--p 00006000 08:04 18564236 /usr/bin/aumix
08050000-08051000 rw-p 00007000 08:04 18564236 /usr/bin/aumix
08051000-08072000 rw-p 08051000 00:00 0 [heap]
b7c5e000-b7c9d000 r--p 00000000 08:04 18614843 /usr/lib/
b7c9d000-b7d7e000 r--p 00000000 08:04 18614844 /usr/lib/
b7d7e000-b7d7f000 rw-p b7d7e000 00:00 0
b7d7f000-b7d81000 r-xp 00000000 08:04 5832838 /lib/tls/
b7d81000-b7d82000 r--p 00001000 08:04 5832838 /lib/tls/
b7d82000-b7d83000 rw-p 00002000 08:04 5832838 /lib/tls/
b7d83000-b7edb000 r-xp 00000000 08:04 5832802 /lib/tls/
b7edb000-b7edd000 r--p 00158000 08:04 5832802 /lib/tls/
b7edd000-b7ede000 rw-p 0015a000 08:04 5832802 /lib/tls/
b7ede000-b7ee2000 rw-p b7ede000 00:00 0
b7ee2000-b7f0f000 r-xp 00000000 08:04 5799956 /lib/libncurses
b7f0f000-b7f12000 rw-p 0002c000 08:04 5799956 /lib/libncurses
b7f12000-b7f17000 r-xp 00000000 08:04 18564954 /usr/lib/
b7f17000-b7f18000 r--p 00004000 08:04 18564954 /usr/lib/
b7f18000-b7f19000 rw-p 00005000 08:04 18564954 /usr/lib/
b7f1b000-b7f27000 r-xp 00000000 08:04 5800161 /lib/libgcc_s.so.1
b7f27000-b7f28000 r--p 0000b000 08:04 5800161 /lib/libgcc_s.so.1
b7f28000-b7f29000 rw-p 0000c000 08:04 5800161 /lib/libgcc_s.so.1
b7f29000-b7f2a000 r--p 00000000 08:04 18613167 /usr/lib/
b7f2a000-b7f2b000 r--p 00000000 08:04 18612344 /usr/lib/
b7f2b000-b7f2c000 r--p 00000000 08:04 18612345 /usr/lib/
b7f2c000-b7f2d000 r--p 00000000 08:04 18628654 /usr/lib/
b7f2d000-b7f2e000 r--p 00000000 08:04 18613179 /usr/lib/
b7f2e000-b7f2f000 r--p 00000000 08:04 18616796 /usr/lib/
b7f2f000-b7f30000 r--p 00000000 08:04 18612346 /usr/lib/
b7f30000-b7f31000 r--p 00000000 08:04 18612347 /usr/lib/
b7f31000-b7f32000 r--p 00000000 08:04 18612348 /usr/lib/
b7f32000-b7f39000 r--s 00000000 08:04 18585804 /usr/lib/
b7f39000-b7f3a000 r--p 00000000 08:04 18612354 /usr/lib/
b7f3a000-b7f3c000 rw-p b7f3a000 00:00 0
b7f3c000-b7f3d000 r-xp b7f3c000 00:00 0 [vdso]
b7f3d000-b7f57000 r-xp 00000000 08:04 5800046 /lib/ld-2.8.90.so
b7f57000-b7f58000 r--p 0001a000 08:04 5800046 /lib/ld-2.8.90.so
b7f58000-b7f59000 rw-p 0001b000 08:04 5800046 /lib/ld-2.8.90.so
bfb85000-bfb9a000 rw-p bffeb000 00:00 0 [stack]
[1] 8338 abort (core dumped) aumix -w +5
Distribution: Ubuntu 8.10
Result of uname -a: Linux alexott 2.6.24-7-generic #1 SMP Thu Feb 7 01:29:58 UTC 2008 i686 GNU/Linux
core is attached
I have the same problem when I try to step the value of a volume by a specified amount on the command line such as 'aumix -v+10'. However, it does not crash when I just set the value to a certain level, such as 'aumix -v10'. I am running the latest intrepid with the 2.6.27-1-generic amd64 kernel. I wont post my backtrace and memory map because they are pretty much the same (mostly just different addresses) as what has already been reported. However, if they would be useful I can post them.