Ubuntu
xpilot-ng package

crash on asking for internet game

Bug #1033250 reported by Dave Gilbert on 2012-08-05

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xpilot-ng (Debian)	Fix Released	Unknown	debbugs #695297
	xpilot-ng (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Repeated seg:
  start xpilot-ng (x11)
            select internet
  It says it's doing a DNS lookup

and then dies:

dg@major:~/Documents$ xpilot
  Copyright � 1991-2005 by Bj�rn Stabell, Ken Ronny Schouten, Bert Gijsbers, Dick Balaska, Uoti Urpala, Juha Lindstr�m, Kristian S�derblom and Erik Andersson.
  XPilot NG 4.7.3 comes with ABSOLUTELY NO WARRANTY; for details see the
  provided COPYING file.

============================================================
VERSION = 4.7.3
PACKAGE = xpilot-ng
Conf_localguru() = <email address hidden>
Conf_datadir() = /usr/share/games/xpilot-ng/
Conf_defaults_file_name() = /usr/share/games/xpilot-ng/defaults.txt
Conf_password_file_name() = /usr/share/games/xpilot-ng/password.txt
Conf_mapdir() = /usr/share/games/xpilot-ng/maps/
Conf_default_map() = ndh.xp2
Conf_servermotdfile() = /usr/share/games/xpilot-ng/servermotd.txt
Conf_robotfile() = /usr/share/games/xpilot-ng/robots.txt
Conf_logfile() = /usr/share/games/xpilot-ng/log.txt
Conf_localmotdfile() = /usr/share/games/xpilot-ng/localmotd.txt
Conf_ship_file() = /usr/share/games/xpilot-ng/shipshapes.txt
Conf_texturedir() = /usr/share/games/xpilot-ng/textures/
Conf_fontdir() = /usr/share/games/xpilot-ng/fonts/
Conf_sounddir() = /usr/share/games/xpilot-ng/sound/
Conf_soundfile() = /usr/share/games/xpilot-ng/sound/sounds.txt
Conf_zcat_ext() = .gz
Conf_zcat_format() = gzip -d -c < %s
============================================================
xpilot: ERROR: Xpilotrc_read: Failed to open file "/home/dg/.xpilotrc": (No such file or directory)
Using pixmap copying
*** buffer overflow detected ***: xpilot terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7fa67e39402c]
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7fa67e392f00]
/lib/x86_64-linux-gnu/libc.so.6(+0x107369)[0x7fa67e392369]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xdd)[0x7fa67e306bcd]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x4ff)[0x7fa67e2d2b7f]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x94)[0x7fa67e392404]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7fa67e39234d]
xpilot[0x420984]
xpilot[0x422403]
xpilot[0x424830]
xpilot[0x424de8]
xpilot[0x420f93]
xpilot[0x422697]
xpilot[0x404fb8]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7fa67e2ac76d]
xpilot[0x405071]
======= Memory map: ========
00400000-00467000 r-xp 00000000 08:11 3540953 /usr/games/xpilot-ng-x11
00667000-00668000 r--p 00067000 08:11 3540953 /usr/games/xpilot-ng-x11
00668000-0067b000 rw-p 00068000 08:11 3540953 /usr/games/xpilot-ng-x11
0067b000-006a4000 rw-p 00000000 00:00 0
01b11000-01ba2000 rw-p 00000000 00:00 0 [heap]
7fa668000000-7fa668021000 rw-p 00000000 00:00 0
7fa668021000-7fa66c000000 ---p 00000000 00:00 0
7fa670000000-7fa670021000 rw-p 00000000 00:00 0
7fa670021000-7fa674000000 ---p 00000000 00:00 0
7fa6754c1000-7fa6754d6000 r-xp 00000000 08:11 2888679 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa6754d6000-7fa6756d5000 ---p 00015000 08:11 2888679 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa6756d5000-7fa6756d6000 r--p 00014000 08:11 2888679 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa6756d6000-7fa6756d7000 rw-p 00015000 08:11 2888679 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fa6756d7000-7fa6756de000 r-xp 00000000 08:11 2887413 /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fa6756de000-7fa6758dd000 ---p 00007000 08:11 2887413 /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fa6758dd000-7fa6758de000 r--p 00006000 08:11 2887413 /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fa6758de000-7fa6758df000 rw-p 00007000 08:11 2887413 /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fa6758df000-7fa6758e1000 r-xp 00000000 08:11 2883629 /lib/libnss_mdns4_minimal.so.2
7fa6758e1000-7fa675ae0000 ---p 00002000 08:11 2883629 /lib/libnss_mdns4_minimal.so.2
7fa675ae0000-7fa675ae1000 r--p 00001000 08:11 2883629 /lib/libnss_mdns4_minimal.so.2
7fa675ae1000-7fa675ae2000 rw-p 00002000 08:11 2883629 /lib/libnss_mdns4_minimal.so.2
7fa675ae2000-7fa675ae7000 r-xp 00000000 08:11 3546629 /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fa675ae7000-7fa675ce6000 ---p 00005000 08:11 3546629 /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fa675ce6000-7fa675ce7000 r--p 00004000 08:11 3546629 /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fa675ce7000-7fa675ce8000 rw-p 00005000 08:11 3546629 /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fa675ce8000-7fa675cf1000 r-xp 00000000 08:11 3546647 /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fa675cf1000-7fa675ef0000 ---p 00009000 08:11 3546647 /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fa675ef0000-7fa675ef1000 r--p 00008000 08:11 3546647 /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fa675ef1000-7fa675ef2000 rw-p 00009000 08:11 3546647 /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fa675ef2000-7fa675efb000 r-xp 00000000 08:11 3546621 /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fa675efb000-7fa6760fb000 ---p 00009000 08:11 3546621 /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fa6760fb000-7fa6760fc000 r--p 00009000 08:11 3546621 /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fa6760fc000-7fa6760fd000 rw-p 0000a000 08:11 3546621 /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fa6760fd000-7fa6760fe000 ---p 00000000 00:00 0
7fa6760fe000-7fa6768fe000 rw-p 00000000 00:00 0 [stack:14283]
7fa6768fe000-7fa67a8ff000 rw-s 00000000 00:1b 2732217 /run/shm/pulse-shm-1820192035
7fa67a8ff000-7fa67a92c000 rw-p 00000000 00:00 0
7fa67a92c000-7fa67a92d000 ---p 00000000 00:00 0
7fa67a92d000-7fa67b12d000 rw-p 00000000 00:00 0 [stack:14282]
7fa67b12d000-7fa67b145000 r-xp 00000000 08:11 2887450 /lib/x86_64-linux-gnu/libresolv-2.15.so
7fa67b145000-7fa67b345000 ---p 00018000 08:11 2887450 /lib/x86_64-linux-gnu/libresolv-2.15.so
7fa67b345000-7fa67b346000 r--p 00018000 08:11 2887450 /lib/x86_64-linux-gnu/libresolv-2.15.so
7fa67b346000-7fa67b347000 rw-p 00019000 08:11 2887450 /lib/x86_64-linux-gnu/libresolv-2.15.so
7fa67b347000-7fa67b349000 rw-p 00000000 00:00 0
7fa67b349000-7fa67b34f000 r-xp 00000000 08:11 3547026 /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7fa67b34f000-7fa67b54e000 ---p 00006000 08:11 3547026 /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7fa67b54e000-7fa67b54f000 r--p 00005000 08:11 3547026 /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7fa67b54f000-7fa67b550000 rw-p 00006000 08:11 3547026 /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7fa67b550000-7fa67b57b000 r-xp 00000000 08:11 3547180 /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7fa67b57b000-7fa67b77b000 ---p 0002b000 08:11 3547180 /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7fa67b77b000-7fa67b77c000 r--p 0002b000 08:11 3547180 /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7fa67b77c000-7fa67b77d000 rw-p 0002c000 08:11 3547180 /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7fa67b77d000-7fa67ba30000 r-xp 00000000 08:11 3547182 /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7fa67ba30000-7fa67bc2f000 ---p 002b3000 08:11 3547182 /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7fa67bc2f000-7fa67bc4b000 r--p 002b2000 08:11 3547182 /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7fa67bc4b000-7fa67bc4c000 rw-p 002ce000 08:11 3547182 /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7fa67bc4c000-7fa67bc94000 r-xp 00000000 08:11 3546525 /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
7fa67bc94000-7fa67be94000 ---p 00048000 08:11 3546525 /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
7fa67be94000-7fa67be95000 r--p 00048000 08:11 3546525 /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0Aborted (core dumped)

ProblemType: Bug
DistroRelease: Ubuntu 12.10
Package: xpilot-ng (not installed)
ProcVersionSignature: Ubuntu 3.5.0-7.7-generic 3.5.0
Uname: Linux 3.5.0-7-generic x86_64
ApportVersion: 2.4-0ubuntu6
Architecture: amd64
Date: Sun Aug 5 18:37:57 2012
InstallationMedia: Kubuntu 12.10 "Quantal Quetzal" - Alpha amd64 (20120717)
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm
PATH=(custom, no user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: xpilot-ng
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Related branches

lp:~ubuntu-treblig/ubuntu/raring/xpilot-ng/bug-1033250

Merged into lp:ubuntu/raring/xpilot-ng

Barry Warsaw (community): Approve on 2012-12-11

Ubuntu branches: Pending requested 2012-12-03

lp:ubuntu/raring-proposed/xpilot-ng

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-08-05:

Download full text (21.3 KiB)

I'd love to be able to be able to attach the full apport crash report, but apport is sulking (bug 1023964); so here is a bt full from gdb:

dg@major:~$ gdb `which xpilot-ng`
GNU gdb (Linaro GDB) 7.4-2012.06-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/games/xpilot-ng...Reading symbols from /usr/lib/debug/usr/games/xpilot-ng-x11...done.
done.
(gdb) r
Starting program: /usr/games/xpilot-ng
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  Copyright � 1991-2005 by Bj�rn Stabell, Ken Ronny Schouten, Bert Gijsbers, Dick Balaska, Uoti Urpala, Juha Lindstr�m, Kristian S�derblom and Erik Andersson.
  XPilot NG 4.7.3 comes with ABSOLUTELY NO WARRANTY; for details see the
  provided COPYING file.

I'd love to be able to be able to attach the full apport crash report, but apport is sulking (bug 1023964); so here is a bt full from gdb:

dg@major:~$ gdb `which xpilot-ng`
GNU gdb (Linaro GDB) 7.4-2012.06-ubuntu
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://bugs.launchpad.net/gdb-linaro/>...
Reading symbols from /usr/games/xpilot-ng...Reading symbols from /usr/lib/debug/usr/games/xpilot-ng-x11...done.
done.
(gdb) r
Starting program: /usr/games/xpilot-ng 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
  Copyright � 1991-2005 by Bj�rn Stabell, Ken Ronny Schouten, Bert Gijsbers, Dick Balaska, Uoti Urpala, Juha Lindstr�m, Kristian S�derblom and Erik Andersson.
  XPilot NG 4.7.3 comes with ABSOLUTELY NO WARRANTY; for details see the
  provided COPYING file.

============================================================
VERSION                   = 4.7.3
PACKAGE                   = xpilot-ng
Conf_localguru()          = xpilot-hacks@lists.sourceforge.net
Conf_datadir()            = /usr/share/games/xpilot-ng/
Conf_defaults_file_name() = /usr/share/games/xpilot-ng/defaults.txt
Conf_password_file_name() = /usr/share/games/xpilot-ng/password.txt
Conf_mapdir()             = /usr/share/games/xpilot-ng/maps/
Conf_default_map()        = ndh.xp2
Conf_servermotdfile()     = /usr/share/games/xpilot-ng/servermotd.txt
Conf_robotfile()          = /usr/share/games/xpilot-ng/robots.txt
Conf_logfile()            = /usr/share/games/xpilot-ng/log.txt
Conf_localmotdfile()      = /usr/share/games/xpilot-ng/localmotd.txt
Conf_ship_file()          = /usr/share/games/xpilot-ng/shipshapes.txt
Conf_texturedir()         = /usr/share/games/xpilot-ng/textures/
Conf_fontdir()            = /usr/share/games/xpilot-ng/fonts/
Conf_sounddir()           = /usr/share/games/xpilot-ng/sound/
Conf_soundfile()          = /usr/share/games/xpilot-ng/sound/sounds.txt
Conf_zcat_ext()           = .gz
Conf_zcat_format()        = gzip -d -c < %s
============================================================
xpilot-ng: ERROR: Xpilotrc_read: Failed to open file "/home/dg/.xpilotrc": (No such file or directory)
[New Thread 0x7ffff3c12700 (LWP 17287)]
[Thread 0x7ffff3c12700 (LWP 17287) exited]
[New Thread 0x7ffff3c12700 (LWP 17288)]
[New Thread 0x7fffef3e3700 (LWP 17289)]
Using pixmap copying
*** buffer overflow detected ***: /usr/games/xpilot-ng terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x5c)[0x7ffff6e7a02c]
/lib/x86_64-linux-gnu/libc.so.6(+0x107f00)[0x7ffff6e78f00]
/lib/x86_64-linux-gnu/libc.so.6(+0x107369)[0x7ffff6e78369]
/lib/x86_64-linux-gnu/libc.so.6(_IO_default_xsputn+0xdd)[0x7ffff6decbcd]
/lib/x86_64-linux-gnu/libc.so.6(_IO_vfprintf+0x4ff)[0x7ffff6db8b7f]
/lib/x86_64-linux-gnu/libc.so.6(__vsprintf_chk+0x94)[0x7ffff6e78404]
/lib/x86_64-linux-gnu/libc.so.6(__sprintf_chk+0x7d)[0x7ffff6e7834d]
/usr/games/xpilot-ng[0x420984]
/usr/games/xpilot-ng[0x422403]
/usr/games/xpilot-ng[0x424830]
/usr/games/xpilot-ng[0x424de8]
/usr/games/xpilot-ng[0x420f93]
/usr/games/xpilot-ng[0x422697]
/usr/games/xpilot-ng[0x404fb8]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xed)[0x7ffff6d9276d]
/usr/games/xpilot-ng[0x405071]
======= Memory map: ========
00400000-00467000 r-xp 00000000 08:11 3540953                            /usr/games/xpilot-ng-x11
00667000-00668000 r--p 00067000 08:11 3540953                            /usr/games/xpilot-ng-x11
00668000-0067b000 rw-p 00068000 08:11 3540953                            /usr/games/xpilot-ng-x11
0067b000-00735000 rw-p 00000000 00:00 0                                  [heap]
7fffe0000000-7fffe0021000 rw-p 00000000 00:00 0 
7fffe0021000-7fffe4000000 ---p 00000000 00:00 0 
7fffe8000000-7fffe8021000 rw-p 00000000 00:00 0 
7fffe8021000-7fffec000000 ---p 00000000 00:00 0 
7fffedfa7000-7fffedfbc000 r-xp 00000000 08:11 2888679                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fffedfbc000-7fffee1bb000 ---p 00015000 08:11 2888679                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fffee1bb000-7fffee1bc000 r--p 00014000 08:11 2888679                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fffee1bc000-7fffee1bd000 rw-p 00015000 08:11 2888679                    /lib/x86_64-linux-gnu/libgcc_s.so.1
7fffee1bd000-7fffee1c4000 r-xp 00000000 08:11 2887413                    /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fffee1c4000-7fffee3c3000 ---p 00007000 08:11 2887413                    /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fffee3c3000-7fffee3c4000 r--p 00006000 08:11 2887413                    /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fffee3c4000-7fffee3c5000 rw-p 00007000 08:11 2887413                    /lib/x86_64-linux-gnu/libnss_dns-2.15.so
7fffee3c5000-7fffee3c7000 r-xp 00000000 08:11 2883629                    /lib/libnss_mdns4_minimal.so.2
7fffee3c7000-7fffee5c6000 ---p 00002000 08:11 2883629                    /lib/libnss_mdns4_minimal.so.2
7fffee5c6000-7fffee5c7000 r--p 00001000 08:11 2883629                    /lib/libnss_mdns4_minimal.so.2
7fffee5c7000-7fffee5c8000 rw-p 00002000 08:11 2883629                    /lib/libnss_mdns4_minimal.so.2
7fffee5c8000-7fffee5cd000 r-xp 00000000 08:11 3546629                    /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fffee5cd000-7fffee7cc000 ---p 00005000 08:11 3546629                    /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fffee7cc000-7fffee7cd000 r--p 00004000 08:11 3546629                    /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fffee7cd000-7fffee7ce000 rw-p 00005000 08:11 3546629                    /usr/lib/x86_64-linux-gnu/libXfixes.so.3.1.0
7fffee7ce000-7fffee7d7000 r-xp 00000000 08:11 3546647                    /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fffee7d7000-7fffee9d6000 ---p 00009000 08:11 3546647                    /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fffee9d6000-7fffee9d7000 r--p 00008000 08:11 3546647                    /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fffee9d7000-7fffee9d8000 rw-p 00009000 08:11 3546647                    /usr/lib/x86_64-linux-gnu/libXrender.so.1.3.0
7fffee9d8000-7fffee9e1000 r-xp 00000000 08:11 3546621                    /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fffee9e1000-7fffeebe1000 ---p 00009000 08:11 3546621                    /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fffeebe1000-7fffeebe2000 r--p 00009000 08:11 3546621                    /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fffeebe2000-7fffeebe3000 rw-p 0000a000 08:11 3546621                    /usr/lib/x86_64-linux-gnu/libXcursor.so.1.0.2
7fffeebe3000-7fffeebe4000 ---p 00000000 00:00 0 
7fffeebe4000-7fffef3e4000 rw-p 00000000 00:00 0                          [stack:17289]
7fffef3e4000-7ffff33e5000 rw-s 00000000 00:1b 2831369                    /run/shm/pulse-shm-1336221867
7ffff33e5000-7ffff3412000 rw-p 00000000 00:00 0 
7ffff3412000-7ffff3413000 ---p 00000000 00:00 0 
7ffff3413000-7ffff3c13000 rw-p 00000000 00:00 0                          [stack:17288]
7ffff3c13000-7ffff3c2b000 r-xp 00000000 08:11 2887450                    /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff3c2b000-7ffff3e2b000 ---p 00018000 08:11 2887450                    /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff3e2b000-7ffff3e2c000 r--p 00018000 08:11 2887450                    /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff3e2c000-7ffff3e2d000 rw-p 00019000 08:11 2887450                    /lib/x86_64-linux-gnu/libresolv-2.15.so
7ffff3e2d000-7ffff3e2f000 rw-p 00000000 00:00 0 
7ffff3e2f000-7ffff3e35000 r-xp 00000000 08:11 3547026                    /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7ffff3e35000-7ffff4034000 ---p 00006000 08:11 3547026                    /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7ffff4034000-7ffff4035000 r--p 00005000 08:11 3547026                    /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7ffff4035000-7ffff4036000 rw-p 00006000 08:11 3547026                    /usr/lib/x86_64-linux-gnu/libogg.so.0.8.0
7ffff4036000-7ffff4061000 r-xp 00000000 08:11 3547180                    /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7ffff4061000-7ffff4261000 ---p 0002b000 08:11 3547180                    /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7ffff4261000-7ffff4262000 r--p 0002b000 08:11 3547180                    /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7ffff4262000-7ffff4263000 rw-p 0002c000 08:11 3547180                    /usr/lib/x86_64-linux-gnu/libvorbis.so.0.4.5
7ffff4263000-7ffff4516000 r-xp 00000000 08:11 3547182                    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7ffff4516000-7ffff4715000 ---p 002b3000 08:11 3547182                    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7ffff4715000-7ffff4731000 r--p 002b2000 08:11 3547182                    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7ffff4731000-7ffff4732000 rw-p 002ce000 08:11 3547182                    /usr/lib/x86_64-linux-gnu/libvorbisenc.so.2.0.8
7ffff4732000-7ffff477a000 r-xp 00000000 08:11 3546525                    /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
7ffff477a000-7ffff497a000 ---p 00048000 08:11 3546525                    /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
7ffff497a000-7ffff497b000 r--p 00048000 08:11 3546525                    /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
7ffff497b000-7ffff497c000 rw-p 00049000 08:11 3546525                    /usr/lib/x86_64-linux-gnu/libFLAC.so.8.2.0
Program received signal SIGABRT, Aborted.
0x00007ffff6da7445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) where
#0  0x00007ffff6da7445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007ffff6daabab in abort () from /lib/x86_64-linux-gnu/libc.so.6
#2  0x00007ffff6de4e2e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#3  0x00007ffff6e7a02c in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
#4  0x00007ffff6e78f00 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
#5  0x00007ffff6e78369 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x00007ffff6decbcd in _IO_default_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
#7  0x00007ffff6db8b7f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
#8  0x00007ffff6e78404 in __vsprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
#9  0x00007ffff6e7834d in __sprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
#10 0x0000000000420984 in sprintf (__fmt=0x4501af "%4d", __s=0x71ff58 "1000")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
#11 Welcome_show_server_list (conpar=0x69d780) at welcome.c:1035
#12 0x0000000000422403 in Internet_cb (widget=<optimized out>, user_data=0x69d780, text=<optimized out>)
    at welcome.c:1147
#13 0x0000000000424830 in Widget_button (event=<optimized out>, widget_desc=3, pressed=0 '\000') at widget.c:1044
#14 0x0000000000424de8 in Widget_event (event=0x7fffffffde60) at widget.c:1283
#15 0x0000000000420f93 in Welcome_process_one_event (event=<optimized out>, conpar=<optimized out>) at welcome.c:1491
#16 0x0000000000422697 in Welcome_input_loop (conpar=0x69d780) at welcome.c:1536
#17 Welcome_doit (conpar=0x69d780) at welcome.c:1572
#18 Welcome_screen (conpar=0x69d780) at welcome.c:1586
#19 0x0000000000404fb8 in main (argc=1, argv=0x7fffffffe078) at xpilot.c:136
(gdb) bt all
No symbol "all" in current context.
(gdb) bt full
#0  0x00007ffff6da7445 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1  0x00007ffff6daabab in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2  0x00007ffff6de4e2e in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#3  0x00007ffff6e7a02c in __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#4  0x00007ffff6e78f00 in __chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#5  0x00007ffff6e78369 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#6  0x00007ffff6decbcd in _IO_default_xsputn () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#7  0x00007ffff6db8b7f in vfprintf () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#8  0x00007ffff6e78404 in __vsprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#9  0x00007ffff6e7834d in __sprintf_chk () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#10 0x0000000000420984 in sprintf (__fmt=0x4501af "%4d", __s=0x71ff58 "1000")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
No locals.
#11 Welcome_show_server_list (conpar=0x69d780) at welcome.c:1035
        player_width = 20
        queue_width = 20
        bases_width = 20
        team_width = 20
        fps_width = 27
        status_width = 89
        version_width = 222
        map_width = 68
        server_width = 259
        ping_width = 35
        stat_width = 230
        yoff = 29
        label_height = 21
        queue_offset = 20
        bases_offset = 40
        team_offset = 60
---Type <return> to continue, or q <return> to quit---
        fps_offset = <optimized out>
        status_offset = <optimized out>
        version_offset = 141
        map_offset = 224
        server_offset = 440
        ping_offset = 701
        stat_offset = 736
        w = <optimized out>
        all_offset = <optimized out>
        sip = 0x71fed0
        start_server_it = 0x712520
        next_width = 7470944
        first_width = <optimized out>
        pingw_width = <optimized out>
        next_height = 7470800
        first_height = 7470800
#12 0x0000000000422403 in Internet_cb (widget=<optimized out>, user_data=0x69d780, text=<optimized out>)
    at welcome.c:1147
        conpar = 0x69d780
#13 0x0000000000424830 in Widget_button (event=<optimized out>, widget_desc=3, pressed=0 '\000') at widget.c:1044
        widget = 0x711958
        entry_widget = <optimized out>
        pulldown_widget = <optimized out>
        sub_widget = <optimized out>
        boolw = <optimized out>
        menuw = <optimized out>
        pullw = <optimized out>
        activw = 0x718ad0
        intw = <optimized out>
        colorw = <optimized out>
        doublew = <optimized out>
        arroww = <optimized out>
        entryw = <optimized out>
        i = <optimized out>
        ival = <optimized out>
        cval = <optimized out>
        sub_widget_desc = <optimized out>
        dval = <optimized out>
        delta = <optimized out>
        dmin = <optimized out>
---Type <return> to continue, or q <return> to quit---
        offset = <optimized out>
        newoffset = <optimized out>
#14 0x0000000000424de8 in Widget_event (event=0x7fffffffde60) at widget.c:1283
        i = <optimized out>
        count = 1
        widget = <optimized out>
        sliderw = <optimized out>
#15 0x0000000000420f93 in Welcome_process_one_event (event=<optimized out>, conpar=<optimized out>) at welcome.c:1491
        cmev = <optimized out>
        conf = <optimized out>
#16 0x0000000000422697 in Welcome_input_loop (conpar=0x69d780) at welcome.c:1536
        event = {type = 5, xany = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839}, 
          xkey = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, root = 357, 
            subwindow = 0, time = 24201606, x = 62, y = 18, x_root = 533, y_root = 299, state = 256, keycode = 1, 
            same_screen = 1}, xbutton = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, 
            root = 357, subwindow = 0, time = 24201606, x = 62, y = 18, x_root = 533, y_root = 299, state = 256, 
            button = 1, same_screen = 1}, xmotion = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            window = 79691839, root = 357, subwindow = 0, time = 24201606, x = 62, y = 18, x_root = 533, y_root = 299, 
            state = 256, is_hint = 1 '\001', same_screen = 1}, xcrossing = {type = 5, serial = 207, send_event = 0, 
            display = 0x6f3450, window = 79691839, root = 357, subwindow = 0, time = 24201606, x = 62, y = 18, 
            x_root = 533, y_root = 299, mode = 256, detail = 1, same_screen = 1, focus = 1, state = 0}, xfocus = {
            type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, mode = 357, detail = 0}, 
          xexpose = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, x = 357, y = 0, 
            width = 0, height = 0, count = 24201606}, xgraphicsexpose = {type = 5, serial = 207, send_event = 0, 
            display = 0x6f3450, drawable = 79691839, x = 357, y = 0, width = 0, height = 0, count = 24201606, 
            major_code = 0, minor_code = 62}, xnoexpose = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            drawable = 79691839, major_code = 357, minor_code = 0}, xvisibility = {type = 5, serial = 207, 
            send_event = 0, display = 0x6f3450, window = 79691839, state = 357}, xcreatewindow = {type = 5, 
            serial = 207, send_event = 0, display = 0x6f3450, parent = 79691839, window = 357, x = 0, y = 0, 
            width = 24201606, height = 0, border_width = 62, override_redirect = 18}, xdestroywindow = {type = 5, 
            serial = 207, send_event = 0, display = 0x6f3450, event = 79691839, window = 357}, xunmap = {type = 5, 
            serial = 207, send_event = 0, display = 0x6f3450, event = 79691839, window = 357, from_configure = 0}, 
          xmap = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, event = 79691839, window = 357, 
            override_redirect = 0}, xmaprequest = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            parent = 79691839, window = 357}, xreparent = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            event = 79691839, window = 357, parent = 0, x = 24201606, y = 0, override_redirect = 62}, xconfigure = {
            type = 5, serial = 207, send_event = 0, display = 0x6f3450, event = 79691839, window = 357, x = 0, y = 0, 
            width = 24201606, height = 0, border_width = 62, above = 1284195222037, override_redirect = 256}, 
          xgravity = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, event = 79691839, window = 357, x = 0, 
            y = 0}, xresizerequest = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, 
---Type <return> to continue, or q <return> to quit---
            width = 357, height = 0}, xconfigurerequest = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            parent = 79691839, window = 357, x = 0, y = 0, width = 24201606, height = 0, border_width = 62, 
            above = 1284195222037, detail = 256, value_mask = 4294967297}, xcirculate = {type = 5, serial = 207, 
            send_event = 0, display = 0x6f3450, event = 79691839, window = 357, place = 0}, xcirculaterequest = {
            type = 5, serial = 207, send_event = 0, display = 0x6f3450, parent = 79691839, window = 357, place = 0}, 
          xproperty = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, atom = 357, 
            time = 0, state = 24201606}, xselectionclear = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            window = 79691839, selection = 357, time = 0}, xselectionrequest = {type = 5, serial = 207, send_event = 0, 
            display = 0x6f3450, owner = 79691839, requestor = 357, selection = 0, target = 24201606, 
            property = 77309411390, time = 1284195222037}, xselection = {type = 5, serial = 207, send_event = 0, 
            display = 0x6f3450, requestor = 79691839, selection = 357, target = 0, property = 24201606, 
            time = 77309411390}, xcolormap = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, 
            window = 79691839, colormap = 357, new = 0, state = 0}, xclient = {type = 5, serial = 207, send_event = 0, 
            display = 0x6f3450, window = 79691839, message_type = 357, format = 0, data = {
              b = "\206Iq\001\000\000\000\000>\000\000\000\022\000\000\000\025\002\000", s = {18822, 369, 0, 0, 62, 0, 
                18, 0, 533, 0}, l = {24201606, 77309411390, 1284195222037, 4294967552, 4294967297}}}, xmapping = {
            type = 5, serial = 207, send_event = 0, display = 0x6f3450, window = 79691839, request = 357, 
            first_keycode = 0, count = 0}, xerror = {type = 5, display = 0xcf, resourceid = 0, serial = 7287888, 
            error_code = 63 '?', request_code = 0 '\000', minor_code = 192 '\300'}, xkeymap = {type = 5, serial = 207, 
            send_event = 0, display = 0x6f3450, window = 79691839, 
            key_vector = "e\001", '\000' <repeats 14 times>"\206, Iq\001\000\000\000\000>\000\000\000\022\000\000"}, 
          xgeneric = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, extension = 79691839, evtype = 0}, 
          xcookie = {type = 5, serial = 207, send_event = 0, display = 0x6f3450, extension = 79691839, evtype = 0, 
            cookie = 357, data = 0x0}, pad = {140733193388037, 207, 0, 7287888, 79691839, 357, 0, 24201606, 77309411390, 
            1284195222037, 4294967552, 4294967297, 0 <repeats 12 times>}}
        result = <optimized out>
#17 Welcome_doit (conpar=0x69d780) at welcome.c:1572
        result = <optimized out>
#18 Welcome_screen (conpar=0x69d780) at welcome.c:1586
        result = 0
#19 0x0000000000404fb8 in main (argc=1, argv=0x7fffffffe078) at xpilot.c:136
        result = <optimized out>
        retval = 1
        auto_shutdown = 0 '\000'
(gdb)

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-08-05:

I don't understand this backtrace; it shows the failing printf as the one at welcome.c:1035 which is:

sprintf(sip->pingtime_str, "%4d", sip->pingtime);
and meta.h has:

pingtime_str[5]

so that's all peachy - 4 character string into a 5 char array.

but the backtrace for sprintf is odd; why is it showing two paramters - almost as if it's lost the 1st parameter:

#10 0x0000000000420984 in sprintf (__fmt=0x4501af "%4d", __s=0x71ff58 "1000")
    at /usr/include/x86_64-linux-gnu/bits/stdio2.h:34
No locals.
#11 Welcome_show_server_list (conpar=0x69d780) at welcome.c:1035
        player_width = 20
        queue_width = 20
        bases_width = 20
        team_width = 20
        fps_width = 27
        status_width = 89
        version_width = 222
        map_width = 68
        server_width = 259
        ping_width = 35
        stat_width = 230
        yoff = 29
        label_height = 21
        queue_offset = 20
        bases_offset = 40
        team_offset = 60
---Type <return> to continue, or q <return> to quit---
        fps_offset = <optimized out>
        status_offset = <optimized out>
        version_offset = 141
        map_offset = 224
        server_offset = 440
        ping_offset = 701
        stat_offset = 736
        w = <optimized out>
        all_offset = <optimized out>
        sip = 0x71fed0
        start_server_it = 0x712520
        next_width = 7470944
        first_width = <optimized out>
        pingw_width = <optimized out>
        next_height = 7470800
        first_height = 7470800

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-08-05:

oh ok, here's the problem; in this case we're seeing sip->pingtime get a value of 10000 so it's overflowing that buffer; something needs to up the size of the buffer and/or use snprintf.

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-08-05:

Triaged: Found the buffer that's got to big

Changed in xpilot-ng (Ubuntu):
status:	New → Triaged

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-12-03:

Reported upstream; http://sourceforge.net/tracker/?func=detail&aid=3591921&group_id=13411&atid=113411

bzr branch linked with fix.

Changed in xpilot-ng (Ubuntu):
status:	Triaged → In Progress

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-12-06:

Gah - got the wrong bug

Changed in xpilot-ng (Debian):
importance:	Unknown → Undecided
status:	Unknown → New

Revision history for this message

Dave Gilbert (ubuntu-treblig) wrote on 2012-12-06:

the right bug

Changed in xpilot-ng (Debian):
importance:	Undecided → Unknown
status:	New → Unknown

Bug Watch Updater (bug-watch-updater) on 2012-12-06

Changed in xpilot-ng (Debian):
status:	Unknown → New

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-12-13:

This bug was fixed in the package xpilot-ng - 1:4.7.3-1.4ubuntu1

---------------
xpilot-ng (1:4.7.3-1.4ubuntu1) raring; urgency=low

* Fix buffer overrun caused by pingtime_str being 1 char too short for
PING_UNKNOWN magic value (LP: #1033250)
-- <email address hidden> (Dr. David Alan Gilbert) Mon, 03 Dec 2012 00:47:13 +0000

Changed in xpilot-ng (Ubuntu):
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2020-01-08

Changed in xpilot-ng (Debian):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #695294
[done normal] Edit
debbugs #695297
[done normal patch] Edit
sf #3591921 Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuxpilot-ng package

crash on asking for internet game

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
xpilot-ng package