Bugtraq mailing list archives
Re: FW: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem.
From: Chiaki Ishikawa <Chiaki.Ishikawa () PERSONAL-MEDIA CO JP>
Date: Tue, 22 Aug 2000 20:33:29 +0900
X-PMC-CI-e-mail-id: 13464 (I am "Bcc:"ing this to a few people who sent me inquiries and suggestions.) Here is a follow up to my own post several days ago. Firstly, it turns out that macromedia does have a means of bug reproting and discussion among the developers.
Technical Issues and Reporting Bugs -----------------------------------
The Webplayers Discussion Group provides an open forum to discuss technical issues regarding Macromedia Players. Also of interest are the Flash, Flash Site Design, and Generator DiscussionGroups. Macromedia Technical Support actively monitors these groups, as well as hosting a community of users there. Descriptions and links to these discussion groups can be found at: http://www.macromedia.com/support/newsgroups.html
Bug reports may be sent to beta_flashlinux () macromedia com To allow us to investigate reported bugs, please include the following information: 1) Platform and version 2) Netscape version 3) Reproducible steps including a URL to the web site where the problem was encountered.
If we need further information about a bug, you will be contacted. An automated reply will be sent to assure you that we have received your bug report. Due to the volume of mail received we are not able to individually respond to each report.
Now, more details and the result of experiment suggested by Solar Designer. Before proceeding, I would like to thank Sharif Nassar who pointed out that I should be able to know the exact URL by using web proxy such as squid or junkbuster when I access the problematic web pages. By using this method (which was indeed already set up on my PC, and I had forgotten about the existence), I could find a couple of URLs that contains flash/shockwave contents. The slightly edited (to fit on narrow screen) raw squid log : 966180611.524 98883 127.0.0.1 TCP_MISS/200 526846 GET http://www.washingtonpost.com/wp-srv/photo/conventions/flash/conv_intro/intro.swf - TIMEOUT_DIRECT/www.washingtonpost.com application/x-shockwave-flash 966276649.312 4874 127.0.0.1 TCP_MISS/200 5870 GET http://www.csmonitor.com/graphics/promos/dempromo.swf - TIMEOUT_DIRECT/www.csmonitor.com application/x-shockwave-flash The first one is the one that I mentioned at Washington Post site. I didn't know I had accessed the second flash/shockwave page before. Let us call the URLs as [1] and [2] respectively. ( URL [1] at Washington post., URL [2] at Christian Science Monitor.) Solar Designer:
libsafe depends on all components of programs you use to be compiled with frame pointers. If gcc's -fomit-frame-pointer was used on at least one source file in at least one software component (such as a browser plug-in), then libsafe's checks do the wrong thing and you may in fact be introducing DoS possibilities by using libsafe.
I should have known this.
Have you tried visiting this URL without libsafe installed? If it still causes a crash, then you really have something to report.
Now, as suggested by Solar designer, I did the experiment. I removed the loading of libsafe before running netscape/flash plug-in to access the above URLs and compared result. Result. ============================================================ No libsafe. With libsafe. ------------------------------------------------------------ Access to URL [1] Seems to be OK. Aborted by libsafe. URL [2] OK. OK. ============================================================ The URL [2] seems to contain much smaller flash data and netscape/flash plug-in had no problem with/without libsafe in handling it. A little strange but such is life. I would appreciate any true/false confirmation from people using linux for x86. The URL [1] caused the abort by libsafe as reported previously, but when I removed libsafe from the dynamic library loading path, netscape/flash plug-in seems to handle it without problem. (Since the data is large, I only looked at the first part of URL [1]. After a minute or so of initial dynamic images, the screen comes to a menu selection and pauses. I could pick up the menu all right. I didn't investigate further. With libsafe, netscape gets aborted before showing ANY images at all after downloading ~500kb data .) So as Solar Designer suggested there may be issues concerning the compilation switches (especially the one that controls the preservation of frame pointer) of netscape flash/shockwave plug-in and libsafe. What puzzles me is that URL [2] doesn't cause abort by libsafe. But again, someone in the know can figure out if the problem with URL [1] is genuine or libsafe artifact. (OK, now I understand that IF one module of NETSCAPE is compiled without frame pointer preservation, then such might cause the abort of libsafe at a seemingly unrelated module. Right? But in this particular case, I think it is the plug-in module for flash/shockwave since I only see this abort when flash/shockwave page is accessed.) -- Ishikawa, Chiaki ishikawa () personal-media co jp.NoSpam or (family name, given name) Chiaki.Ishikawa () personal-media co jp.NoSpam Personal Media Corp. ** Remove .NoSpam at the end before use ** Shinagawa, Tokyo, Japan 142-0051
Current thread:
- Re: FW: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem. Chiaki Ishikawa (Aug 22)