Bug 387298 - Crash when I try to burn audio cd or mixed mode cd using wma files
Summary: Crash when I try to burn audio cd or mixed mode cd using wma files
Status: RESOLVED FIXED
Alias: None
Product: k3b
Classification: Applications
Component: Audio Project (show other bugs)
Version: unspecified
Platform: Arch Linux Linux
: NOR crash
Target Milestone: ---
Assignee: k3b developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-25 15:13 UTC by Patrick Silva
Modified: 2018-04-16 11:16 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
backtrace (12.00 KB, text/plain)
2017-11-25 15:13 UTC, Patrick Silva
Details
core_backtrace (40.67 KB, text/plain)
2017-12-01 17:24 UTC, Patrick Silva
Details
Disassembly (40.72 KB, text/x-tex)
2017-12-01 17:51 UTC, Leslie Zhai
Details
backtrace from opensuse (15.54 KB, text/plain)
2017-12-01 20:58 UTC, Patrick Silva
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Silva 2017-11-25 15:13:39 UTC
Created attachment 109057 [details]
backtrace

This crash affects both K3b 17.08.3 and K3b-git on Arch Linux.
Backtrace attached.
Comment 1 Leslie Zhai 2017-11-27 03:15:02 UTC
Hi Dr. Chapatin,

BT info could't help, it only indicated might owing to k3b ffmpeg plugin, but no debug info, please build as:

cmake .. -DCMAKE_INSTALL_PREFIX=/usr    \
    -DCMAKE_CXX_COMPILER=clang++    \
    -DECM_ENABLE_SANITIZERS='address;undefined'    \
    -DCMAKE_CXX_FLAGS="-fsanitize-coverage=edge,indirect-calls,8bit-counters,trace-bb,trace-cmp" \
    -DCMAKE_BUILD_TYPE=Debug \
    -DKDE_INSTALL_LIBDIR=lib    \
    -DKDE_INSTALL_LIBEXECDIR=lib    \
    -DKDE_INSTALL_USE_QT_SYS_PATHS=ON   \
    -DK3B_BUILD_API_DOCS=ON \
    -DK3B_ENABLE_PERMISSION_HELPER=ON   \
    -DK3B_DEBUG=ON

Regards,
Leslie Zhai
Comment 2 Leslie Zhai 2017-11-27 03:17:13 UTC
Helpful BT and fuzzer info like this https://bugs.kde.org/show_bug.cgi?id=386983
Comment 3 Patrick Silva 2017-11-27 19:55:38 UTC
There is no debug symbols package on Arch Linux.
On neon user edition is not possible to install debug package

"The following packages have unmet dependencies:
 k3b-dbg : Depends: k3b (= 2.0.3-0ubuntu5) but 17.08.0+p16.04+git20171124.0022-0 is to be installed
E: Unable to correct problems, you have held broken packages."
Comment 4 Patrick Silva 2017-12-01 17:24:09 UTC
Created attachment 109157 [details]
core_backtrace

Crash is reproducible on Fedora 27.
Is my attachment useful for you Leslie?
Comment 5 Leslie Zhai 2017-12-01 17:43:32 UTC
Sorry unhelpful.. it has to use -DCMAKE_BUILD_TYPE=Debug option to rebuild K3B, then ELF contains helpful .debug_XXX sections.
Comment 6 Leslie Zhai 2017-12-01 17:51:48 UTC
Created attachment 109160 [details]
Disassembly

Built with clang and enabled debug -g option, then use objdump, it contains .debug_XXX sections and Intermix source code with disassembly.
Comment 7 Patrick Silva 2017-12-01 20:58:28 UTC
Created attachment 109163 [details]
backtrace from opensuse

Sorry, I have no technical knowledge to follow your instructions.
But maybe this backtrace generated on OpenSuse can help.
Comment 8 Pino Toscano 2017-12-02 05:09:07 UTC
@Leslie Zhai:
when CCing people to a bug, you ought to tell them why you are CCing them.
Comment 9 Leslie Zhai 2017-12-02 05:23:50 UTC
(In reply to Dr. Chapatin from comment #7)
> Created attachment 109163 [details]
> backtrace from opensuse
> 
> Sorry, I have no technical knowledge to follow your instructions.
> But maybe this backtrace generated on OpenSuse can help.

Hi Pino,

Sorry I am not good at English language, I am inputting slowly try to express clearly, please wait for minutes patiently :)

Please help me to check https://github.com/KDE/k3b/blob/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp#L289

I argue that it might be:

1. Memory copy function accesses out-of-bound array element
2. Memory copy function overflows destination buffer
3. Memory copy function accesses out-of-bound array element
4. Memory copy function overflows destination buffer
5. overlapping
6. Null pointer argument in call to memory copy function

But my sincere thanks goes to you for maintaining ffmpeg plugin https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp 

Regards,
Leslie Zhai - a LLVM developer https://reviews.llvm.org/p/xiangzhai/
Comment 10 Leslie Zhai 2017-12-02 05:27:32 UTC
Hi Dr. Chapatin,

Also thank you for bug report! it is able to use Clang Static Analyzer to detect potential bugs, for example: the testcase for memcpy https://github.com/llvm-mirror/clang/blob/master/test/Analysis/bstring.c

Regards,
Leslie Zhai
Comment 12 Pino Toscano 2017-12-02 05:59:36 UTC
(In reply to Leslie Zhai from comment #9)
> But my sincere thanks goes to you for maintaining ffmpeg plugin
> https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/
> k3bffmpegwrapper.cpp 

I am *not* the maintainer of that code.  Or in general, I am *not* the maintainer of k3b, who is Leslie Zhai.
Comment 13 Leslie Zhai 2017-12-02 06:06:56 UTC
Hi Pino,

I respect you the pioneer of KDE developer, please code review firstly, when LGTM, then git push to the K3B repository, thanks a lot!

The latest commit log:

https://github.com/KDE/k3b/commits/master/plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp


commit c01a9cbffec61c7a5fe4c835d166924aff7c2c75
Merge: 93855a3 1777236
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 11:18:34 2017 +0100

commit c01a9cbffec61c7a5fe4c835d166924aff7c2c75
Merge: 93855a3 1777236
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 11:18:34 2017 +0100

    Merge remote-tracking branch 'origin/2.0'

commit 1777236203f21eed7a9baade632472094c8081d3
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 10:48:45 2017 +0100

    ffmpeg: fix/simplify metadata conversion to string
    
    Comparing a pointer with an integer value is (correctly) an error with
    GCC 7.

commit 3690ab2246c8e3d050d65f3d24171573ecafd501
Author: Pino Toscano <pino@kde.org>
Date:   Sat Feb 4 10:38:53 2017 +0100

    ffmpeg: fix avcodec version for av_frame_alloc
    
    Fixes commit 5b9b3537b658ad342d688fa4f210113a3d066d2a.

commit 88b3596675e06c04573b4c0a296d4eabcc94680f
Author: Leslie Zhai <xiangzhai83@gmail.com>
Date:   Mon Nov 28 12:28:15 2016 +0800

    Export K3b::BootItem compiled for clang++


I will fix the bug, it is my responsibility!

Regards,
Leslie Zhai
Comment 14 Pino Toscano 2017-12-02 06:10:49 UTC
(In reply to Leslie Zhai from comment #13)
> I respect you the pioneer of KDE developer, please code review firstly, when
> LGTM, then git push to the K3B repository, thanks a lot!

Pioneer of what?  Your sentences make no sense to me, sorry.
Again, just because I did the last two commits to that code, that does not make me its maintainer.
Comment 15 Leslie Zhai 2017-12-02 07:12:27 UTC
Git commit 947aebe181cda58933eafc28d0c46f7dc0515453 by Leslie Zhai.
Committed on 02/12/2017 at 07:11.
Pushed by lesliezhai into branch 'master'.

Fix potential null passed to a callee that requires a non-null argument.

M  +5    -2    plugins/decoder/ffmpeg/k3bffmpegwrapper.cpp

https://commits.kde.org/k3b/947aebe181cda58933eafc28d0c46f7dc0515453