mangleme and Amaya from Yuhong Bao on 2010-12-22 (www-amaya@w3.org from January to March 2011)

From: Yuhong Bao <yuhongbao_386@hotmail.com>
Date: Wed, 22 Dec 2010 22:49:25 +0000
To: <www-amaya@w3.org>
Message-ID: <SNT125-W36B57D6DF2755DBD390E9DC31B0@phx.gbl>
I just tried mangleme on Amaya, and the attached HTML cause Amaya 11.3.1 to crash with this:
*** buffer overflow detected ***: /usr/lib/Amaya/wx/bin/amaya_bin terminated
======= Backtrace: =========
/lib/libc.so.6(__fortify_fail+0x37)[0x7f4728139217]
/lib/libc.so.6(+0xfe0d0)[0x7f47281380d0]
/lib/libc.so.6(+0xfd539)[0x7f4728137539]
/lib/libc.so.6(_IO_default_xsputn+0xcc)[0x7f47280afd1c]
/lib/libc.so.6(_IO_vfprintf+0x628)[0x7f472807f9c8]
/lib/libc.so.6(__vsprintf_chk+0x99)[0x7f47281375d9]
/lib/libc.so.6(__sprintf_chk+0x7f)[0x7f472813751f]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4d6f59]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4da38f]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4db759]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4e4038]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4e785e]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4e6a6c]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4ea3d9]
/usr/lib/Amaya/wx/bin/amaya_bin[0x4ea603]
/usr/lib/Amaya/wx/bin/amaya_bin[0x667f4b]
/usr/lib/Amaya/wx/bin/amaya_bin[0x8be527]
/usr/lib/Amaya/wx/bin/amaya_bin[0x857415]
/usr/lib/libgtk-x11-2.0.so.0(+0x13f03a)[0x7f472b05403a]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x15e)[0x7f4729c945de]
/usr/lib/libgobject-2.0.so.0(+0x21598)[0x7f4729ca8598]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x7f6)[0x7f4729ca9a76]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x208)[0x7f4729ca9dc8]
/usr/lib/libgtk-x11-2.0.so.0(+0x279abf)[0x7f472b18eabf]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x15e)[0x7f4729c945de]
/usr/lib/libgobject-2.0.so.0(+0x21598)[0x7f4729ca8598]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x7f6)[0x7f4729ca9a76]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_by_name+0x208)[0x7f4729ca9dc8]
/usr/lib/libgtk-x11-2.0.so.0(+0x1a1b63)[0x7f472b0b6b63]
/usr/lib/libgtk-x11-2.0.so.0(+0x1a1f07)[0x7f472b0b6f07]
/usr/lib/libgtk-x11-2.0.so.0(+0x142178)[0x7f472b057178]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x15e)[0x7f4729c945de]
/usr/lib/libgobject-2.0.so.0(+0x211dd)[0x7f4729ca81dd]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x639)[0x7f4729ca98b9]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x83)[0x7f4729caa033]
/usr/lib/libgtk-x11-2.0.so.0(+0x2590bf)[0x7f472b16e0bf]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x525)[0x7f472b050955]
/usr/lib/libgdk-x11-2.0.so.0(+0x5c86c)[0x7f472acc486c]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1f2)[0x7f47293d68c2]
/lib/libglib-2.0.so.0(+0x42748)[0x7f47293da748]
/lib/libglib-2.0.so.0(g_main_loop_run+0x195)[0x7f47293dac55]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xa7)[0x7f472b050bb7]
/usr/lib/Amaya/wx/bin/amaya_bin[0x9299c2]
/usr/lib/Amaya/wx/bin/amaya_bin[0x8ad054]
/usr/lib/Amaya/wx/bin/amaya_bin[0x9808f8]
/usr/lib/Amaya/wx/bin/amaya_bin[0x627492]
/lib/libc.so.6(__libc_start_main+0xfd)[0x7f4728058c4d]
/usr/lib/Amaya/wx/bin/amaya_bin[0x422bc9]
======= Memory map: ========
00400000-00e9f000 r-xp 00000000 08:04 2050497                            /usr/lib/Amaya/wx/bin/amaya_bin
0109e000-010a0000 r--p 00a9e000 08:04 2050497                            /usr/lib/Amaya/wx/bin/amaya_bin
010a0000-0115e000 rw-p 00aa0000 08:04 2050497                            /usr/lib/Amaya/wx/bin/amaya_bin
0115e000-03570000 rw-p 00000000 00:00 0 
054b3000-073f6000 rw-p 00000000 00:00 0                                  [heap]
7f471d00a000-7f471d371000 rw-s 00000000 00:04 4849695                    /SYSV00000000 (deleted)
7f471d371000-7f471d375000 r--p 00000000 08:04 2164488                    /usr/lib/Amaya/fonts/ESSTIX8_.TTF
7f471d375000-7f471d379000 r--p 00000000 08:04 2164523                    /usr/lib/Amaya/fonts/ESSTIX7_.TTF
7f471d379000-7f471d37d000 r--p 00000000 08:04 2164523                    /usr/lib/Amaya/fonts/ESSTIX7_.TTF
7f471d37d000-7f471d3fa000 r--p 00000000 08:04 2164496                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-Bold.ttf
7f471d3fa000-7f471d446000 r--p 00000000 08:04 2164505                    /usr/lib/Amaya/fonts/DejaVuSansMono.ttf
7f471d446000-7f471d44c000 r--p 00000000 08:04 2164486                    /usr/lib/Amaya/fonts/ESSTIX6_.TTF
7f471d44c000-7f471d452000 r--p 00000000 08:04 2164526                    /usr/lib/Amaya/fonts/ESSTIX5_.TTF
7f471d452000-7f471d45a000 r--p 00000000 08:04 2164508                    /usr/lib/Amaya/fonts/ESSTIX3_.TTF
7f471d45a000-7f471d4cc000 r--p 00000000 08:04 2164485                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-Oblique.ttf
7f471d4cc000-7f471d54c000 r--p 00000000 08:04 2164527                    /usr/lib/Amaya/fonts/DejaVuSansCondensed.ttf
7f471d54c000-7f471d552000 r--p 00000000 08:04 2164486                    /usr/lib/Amaya/fonts/ESSTIX6_.TTF
7f471d552000-7f471d558000 r--p 00000000 08:04 2164486                    /usr/lib/Amaya/fonts/ESSTIX6_.TTF
7f471d558000-7f471d55e000 r--p 00000000 08:04 2164486                    /usr/lib/Amaya/fonts/ESSTIX6_.TTF
7f471d55e000-7f471d562000 r--p 00000000 08:04 2164523                    /usr/lib/Amaya/fonts/ESSTIX7_.TTF
7f471d562000-7f471d5d4000 r--p 00000000 08:04 2164485                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-Oblique.ttf
7f471d5d4000-7f471d647000 r--p 00000000 08:04 2164524                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-BoldOblique.ttf
7f471d647000-7f471d6ba000 r--p 00000000 08:04 2164524                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-BoldOblique.ttf
7f471d6ba000-7f471d737000 r--p 00000000 08:04 2164496                    /usr/lib/Amaya/fonts/DejaVuSansCondensed-Bold.ttf
7f471d769000-7f471dac6000 rw-s 00000000 00:04 4784158                    /SYSV00000000 (deleted)
7f471dac6000-7f471db09000 r--p 00000000 08:04 2164509                    /usr/lib/Amaya/fonts/DejaVuSerifCondensed.ttf
7f471db7a000-7f471dbfa000 r--p 00000000 08:04 2164527                    /usr/lib/Amaya/fonts/DejaVuSansCondensed.ttf
7f471dbfa000-7f471dc5a000 rw-s 00000000 00:04 4653084                    /SYSV00000000 (deleted)
7f471dc5a000-7f471dc9d000 r--p 00000000 08:04 2164509                    /usr/lib/Amaya/fonts/DejaVuSerifCondensed.ttf
7f471dc9d000-7f471dd29000 r--p 00000000 08:04 1777746                    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf
7f471dd29000-7f471dd39000 r-xp 00000000 08:04 1589413                    /lib/libbz2.so.1.0.4
7f471dd39000-7f471df38000 ---p 00010000 08:04 1589413                    /lib/libbz2.so.1.0.4
7f471df38000-7f471df39000 r--p 0000f000 08:04 1589413                    /lib/libbz2.so.1.0.4
7f471df39000-7f471df3a000 rw-p 00010000 08:04 1589413                    /lib/libbz2.so.1.0.4
7f471df3a000-7f471df70000 r-xp 00000000 08:04 1624288                    /usr/lib/libcroco-0.6.so.3.0.1
7f471df70000-7f471e16f000 ---p 00036000 08:04 1624288                    /usr/lib/libcroco-0.6.so.3.0.1
7f471e16f000-7f471e170000 r--p 00035000 08:04 1624288                    /usr/lib/libcroco-0.6.so.3.0.1
7f471e170000-7f471e173000 rw-p 00036000 08:04 1624288                    /usr/lib/libcroco-0.6.so.3.0.1
7f471e173000-7f471e1ad000 r-xp 00000000 08:04 1624550                    /usr/lib/libgsf-1.so.114.0.16
7f471e1ad000-7f471e3ac000 ---p 0003a000 08:04 1624550                    /usr/lib/libgsf-1.so.114.0.16
7f471e3ac000-7f471e3af000 r--p 00039000 08:04 1624550                    /usr/lib/libgsf-1.so.114.0.16

Yuhong Bao
Attachments

text/html attachment: remangle.html
Received on Tuesday, 4 January 2011 09:51:05 UTC