Bug#641629: twinkle: reliably segfaults when accepting a call

Helmut Grohne helmut at subdivi.de
Wed Sep 14 18:56:39 UTC 2011


Package: twinkle
Version: 1:1.4.2-2+b4
Severity: important
Tags: security

I can reproducably segfault twinkle by accepting a call. First of all I
removed my ~/.twinkle. Then I did a wizard-setup for a standard
sipgate.de account. I used another sipgate.de account with ekiga to call
my account. When I accept the call with twinkle it segfaults.

As a bare minimum I can provide a traceback.

#0  0x00007ffff5941074 in speex_echo_state_destroy () from /usr/lib/libspeexdsp.so.1
No symbol table info available.
#1  0x00000000006284c5 in ?? ()
No symbol table info available.
#2  0x00000000005a3aae in ?? ()
No symbol table info available.
#3  0x000000000059875e in ?? ()
No symbol table info available.
#4  0x0000000000504e02 in ?? ()
No symbol table info available.
#5  0x00000000005110e1 in ?? ()
No symbol table info available.
#6  0x000000000045aacd in ?? ()
No symbol table info available.
#7  0x00000000004e0889 in ?? ()
No symbol table info available.
#8  0x00007ffff4d4833f in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#9  0x00007ffff4d48417 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#10 0x00007ffff500b2df in QAction::qt_emit(int, QUObject*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#11 0x00007ffff4d48363 in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#12 0x00007ffff4d48417 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#13 0x00007ffff4d72053 in QWidget::event(QEvent*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#14 0x00007ffff4cf6acd in QApplication::internalNotify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#15 0x00007ffff4cf71d3 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#16 0x00007ffff4ca2b06 in QETWidget::translateMouseEvent(_XEvent const*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#17 0x00007ffff4ca1bf1 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#18 0x00007ffff4caff74 in QEventLoop::processEvents(unsigned int) () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#19 0x00007ffff4d08219 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#20 0x00007ffff4d081a2 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3
No symbol table info available.
#21 0x000000000044406e in ?? ()
No symbol table info available.
#22 0x000000000042d0fd in ?? ()
No symbol table info available.
#23 0x00007ffff3767ead in __libc_start_main (main=<optimized out>, argc=<optimized out>, ubp_av=<optimized out>, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffe468) at libc-start.c:228
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 7219756762275237665, 4401736, 140737488348272, 0, 0, -7219756761343602911, -7219731546571026655}, mask_was_saved = 0}}, priv = {
            pad = {0x0, 0x0, 0x66b0c0, 0x7fffffffe478}, data = {prev = 0x0, cleanup = 0x0, canceltype = 6729920}}}
        not_first_call = <optimized out>
#24 0x0000000000432a71 in ?? ()
No symbol table info available.
#25 0x00007fffffffe468 in ?? ()
No symbol table info available.
#26 0x000000000000001c in ?? ()
No symbol table info available.
#27 0x0000000000000001 in ?? ()
No symbol table info available.
#28 0x00007fffffffe728 in ?? ()
No symbol table info available.
#29 0x0000000000000000 in ?? ()
No symbol table info available.

The first question to be answered would be whether this is a Debian
specific bug. As can be seen from the version number (1:1.4.2-2+b4) of
the package, it is the fourth rebuild of the package with changing
libraries.

Is there anything I can do to further track down the cause of the
problem?

Note that I tagged the bug as a security issue, because it can be used
to remotely crash twinkle instances. If the Debian security team feels
different, I ask them to remove the tag.

Helmut

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Versions of packages twinkle depends on:
ii  libasound2            1.0.24.1-4    
ii  libboost-regex1.46.1  1.46.1-7      
ii  libc6                 2.13-20       
ii  libccgnu2-1.7-0       1.7.3-1.1     
ii  libccrtp1-1.8-0       1.8.0-1.2     
ii  libgcc1               1:4.6.1-10    
ii  libgsm1               1.0.13-3      
ii  libmagic1             5.08-1        
ii  libncurses5           5.9-1         
ii  libqt3-mt             3:3.3.8b-11   
ii  libreadline6          6.2-4         
ii  libsndfile1           1.0.25-3      
ii  libspeex1             1.2~rc1-1     
ii  libspeexdsp1          1.2~rc1-1     
ii  libstdc++6            4.6.1-10      
ii  libx11-6              2:1.4.4-1     
ii  libxext6              2:1.3.0-3     
ii  libxml2               2.7.8.dfsg-4  
ii  libzrtpcpp-1.4-0      1.4.6-1.1     
ii  zlib1g                1:1.2.5.dfsg-1

twinkle recommends no packages.

twinkle suggests no packages.

-- no debconf information





More information about the Pkg-voip-maintainers mailing list