Re: FW: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem.

[Chiaki Ishikawa <Chiaki.Ishikawa () PERSONAL-MEDIA CO JP>]

X-PMC-CI-e-mail-id: 13464

(I am "Bcc:"ing this to a few people who sent me
inquiries and suggestions.)

Here is a follow up to my own post several days ago.

Firstly, it turns out that macromedia does have a means of
bug reproting and discussion among the developers.

> Technical Issues and Reporting Bugs
> -----------------------------------

> The Webplayers Discussion Group provides an open forum to discuss
> technical issues regarding Macromedia Players. Also of interest are
> the Flash, Flash Site Design, and Generator
> DiscussionGroups. Macromedia Technical Support actively monitors these
> groups, as well as hosting a community of users there. Descriptions
> and links to these discussion groups can be found at:
>
> http://www.macromedia.com/support/newsgroups.html

> Bug reports may be sent to beta_flashlinux () macromedia com To allow us
> to investigate reported bugs, please include the following
> information:
>
> 1) Platform and version
> 2) Netscape version
> 3) Reproducible steps including a URL to the web site where the
>    problem was encountered.

> If we need further information about a bug, you will be contacted.  An
> automated reply will be sent to assure you that we have received your
> bug report.  Due to the volume of mail received we are not able to
> individually respond to each report.

Now, more details and the result of experiment suggested by Solar
Designer.

Before proceeding, I would like to thank Sharif Nassar who pointed out
that I should be able to know the exact URL by using web proxy such
as squid or junkbuster when I access the problematic web pages.  By
using this method (which was indeed already set up on my PC, and I had
forgotten about the existence), I could find a couple of URLs that
contains flash/shockwave contents.

The slightly edited (to fit on narrow screen) raw squid log :

966180611.524 98883 127.0.0.1 TCP_MISS/200 526846 GET
http://www.washingtonpost.com/wp-srv/photo/conventions/flash/conv_intro/intro.swf
- TIMEOUT_DIRECT/www.washingtonpost.com application/x-shockwave-flash

966276649.312 4874 127.0.0.1 TCP_MISS/200 5870 GET
http://www.csmonitor.com/graphics/promos/dempromo.swf -
TIMEOUT_DIRECT/www.csmonitor.com application/x-shockwave-flash

The first one is the one that I mentioned at Washington Post site.
I didn't know I had accessed the second flash/shockwave page before.
Let us call the URLs as [1] and [2] respectively.
( URL [1] at Washington post., URL [2] at Christian Science Monitor.)


Solar Designer:
> libsafe depends on all components of programs you use to be compiled
> with frame pointers.  If gcc's -fomit-frame-pointer was used on at
> least one source file in at least one software component (such as a
> browser plug-in), then libsafe's checks do the wrong thing and you
> may in fact be introducing DoS possibilities by using libsafe.

I should have known this.

> Have you tried visiting this URL without libsafe installed?  If it
> still causes a crash, then you really have something to report.

Now, as suggested by Solar designer, I did the experiment.
I removed the loading of libsafe before running netscape/flash plug-in
to access the above URLs and compared result.

Result.
============================================================
                        No libsafe.             With libsafe.
------------------------------------------------------------

Access to URL [1]       Seems to be OK.         Aborted by libsafe.

          URL [2]               OK.                     OK.

============================================================

The URL [2] seems to contain much smaller flash data and
netscape/flash plug-in had no problem with/without libsafe in handling it.
A little strange but such is life. I would appreciate any
true/false confirmation from people using linux for x86.

The URL [1] caused the abort by libsafe as reported previously,
but when I removed libsafe from the dynamic library loading path,
netscape/flash plug-in seems to handle it without problem.
(Since the data is large, I only looked at the first part of URL [1].
After a minute or so of initial dynamic images,
the screen comes to a menu selection and pauses.
I could pick up the menu all right. I didn't investigate further.
With libsafe, netscape gets aborted before showing ANY images at all
after downloading ~500kb data .)

So as Solar Designer suggested there may be issues concerning the
compilation switches (especially the one that controls the
preservation of frame pointer) of netscape flash/shockwave plug-in and
libsafe.
What puzzles me is that URL [2] doesn't cause abort by libsafe.
But again, someone in the know can figure out if the problem with URL [1]
is genuine or libsafe artifact.

(OK, now I understand that IF one module of NETSCAPE is compiled
without frame pointer preservation, then such might cause the abort of
libsafe at a seemingly unrelated module.  Right?
But in this particular case, I think it is the plug-in module for
flash/shockwave since I only see this abort when flash/shockwave page
is accessed.)

--
     Ishikawa, Chiaki        ishikawa () personal-media co jp.NoSpam  or
 (family name, given name) Chiaki.Ishikawa () personal-media co jp.NoSpam
    Personal Media Corp.      ** Remove .NoSpam at the end before use **
  Shinagawa, Tokyo, Japan 142-0051