OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: FW: MacroMedia Flash/Shockwave plug-in on linux : memcpy overrun problem.
From: Chiaki Ishikawa (Chiaki.IshikawaPERSONAL-MEDIA.CO.JP)
Date: Tue Aug 22 2000 - 06:33:29 CDT

X-PMC-CI-e-mail-id: 13464

(I am "Bcc:"ing this to a few people who sent me
inquiries and suggestions.)

Here is a follow up to my own post several days ago.

Firstly, it turns out that macromedia does have a means of
bug reproting and discussion among the developers.

>Technical Issues and Reporting Bugs
>-----------------------------------

>The Webplayers Discussion Group provides an open forum to discuss
>technical issues regarding Macromedia Players. Also of interest are
>the Flash, Flash Site Design, and Generator
>DiscussionGroups. Macromedia Technical Support actively monitors these
>groups, as well as hosting a community of users there. Descriptions
>and links to these discussion groups can be found at:
>
>http://www.macromedia.com/support/newsgroups.html
>

>Bug reports may be sent to beta_flashlinuxmacromedia.com To allow us
>to investigate reported bugs, please include the following
>information:
>
>1) Platform and version
>2) Netscape version
>3) Reproducible steps including a URL to the web site where the
> problem was encountered.

>If we need further information about a bug, you will be contacted. An
>automated reply will be sent to assure you that we have received your
>bug report. Due to the volume of mail received we are not able to
>individually respond to each report.

Now, more details and the result of experiment suggested by Solar
Designer.

Before proceeding, I would like to thank Sharif Nassar who pointed out
that I should be able to know the exact URL by using web proxy such
as squid or junkbuster when I access the problematic web pages. By
using this method (which was indeed already set up on my PC, and I had
forgotten about the existence), I could find a couple of URLs that
contains flash/shockwave contents.

The slightly edited (to fit on narrow screen) raw squid log :

966180611.524 98883 127.0.0.1 TCP_MISS/200 526846 GET
http://www.washingtonpost.com/wp-srv/photo/conventions/flash/conv_intro/intro.swf
- TIMEOUT_DIRECT/www.washingtonpost.com application/x-shockwave-flash

966276649.312 4874 127.0.0.1 TCP_MISS/200 5870 GET
http://www.csmonitor.com/graphics/promos/dempromo.swf -
TIMEOUT_DIRECT/www.csmonitor.com application/x-shockwave-flash

The first one is the one that I mentioned at Washington Post site.
I didn't know I had accessed the second flash/shockwave page before.
Let us call the URLs as [1] and [2] respectively.
( URL [1] at Washington post., URL [2] at Christian Science Monitor.)

Solar Designer:
>libsafe depends on all components of programs you use to be compiled
>with frame pointers. If gcc's -fomit-frame-pointer was used on at
>least one source file in at least one software component (such as a
>browser plug-in), then libsafe's checks do the wrong thing and you
>may in fact be introducing DoS possibilities by using libsafe.

I should have known this.

>Have you tried visiting this URL without libsafe installed? If it
>still causes a crash, then you really have something to report.

Now, as suggested by Solar designer, I did the experiment.
I removed the loading of libsafe before running netscape/flash plug-in
to access the above URLs and compared result.

Result.
============================================================
                        No libsafe. With libsafe.
------------------------------------------------------------

Access to URL [1] Seems to be OK. Aborted by libsafe.

          URL [2] OK. OK.

============================================================

The URL [2] seems to contain much smaller flash data and
netscape/flash plug-in had no problem with/without libsafe in handling it.
A little strange but such is life. I would appreciate any
true/false confirmation from people using linux for x86.

The URL [1] caused the abort by libsafe as reported previously,
but when I removed libsafe from the dynamic library loading path,
netscape/flash plug-in seems to handle it without problem.
(Since the data is large, I only looked at the first part of URL [1].
After a minute or so of initial dynamic images,
the screen comes to a menu selection and pauses.
I could pick up the menu all right. I didn't investigate further.
With libsafe, netscape gets aborted before showing ANY images at all
after downloading ~500kb data .)

So as Solar Designer suggested there may be issues concerning the
compilation switches (especially the one that controls the
preservation of frame pointer) of netscape flash/shockwave plug-in and
libsafe.
What puzzles me is that URL [2] doesn't cause abort by libsafe.
But again, someone in the know can figure out if the problem with URL [1]
is genuine or libsafe artifact.

(OK, now I understand that IF one module of NETSCAPE is compiled
without frame pointer preservation, then such might cause the abort of
libsafe at a seemingly unrelated module. Right?
But in this particular case, I think it is the plug-in module for
flash/shockwave since I only see this abort when flash/shockwave page
is accessed.) 

--
     Ishikawa, Chiaki        ishikawapersonal-media.co.jp.NoSpam  or
 (family name, given name) Chiaki.Ishikawapersonal-media.co.jp.NoSpam
    Personal Media Corp.      ** Remove .NoSpam at the end before use **
  Shinagawa, Tokyo, Japan 142-0051