[16346] in bugtraq
Re: FW: MacroMedia Flash/Shockwave plug-in on linux : memcpy
daemon@ATHENA.MIT.EDU (Chiaki Ishikawa)
Tue Aug 22 14:08:13 2000
Message-Id: <200008221133.UAA07357@sparc18.personal-media.co.jp>
Date: Tue, 22 Aug 2000 20:33:29 +0900
Reply-To: Chiaki Ishikawa <Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP>
From: Chiaki Ishikawa <Chiaki.Ishikawa@PERSONAL-MEDIA.CO.JP>
To: BUGTRAQ@SECURITYFOCUS.COM
X-PMC-CI-e-mail-id: 13464
(I am "Bcc:"ing this to a few people who sent me
inquiries and suggestions.)
Here is a follow up to my own post several days ago.
Firstly, it turns out that macromedia does have a means of
bug reproting and discussion among the developers.
>Technical Issues and Reporting Bugs
>-----------------------------------
>The Webplayers Discussion Group provides an open forum to discuss
>technical issues regarding Macromedia Players. Also of interest are
>the Flash, Flash Site Design, and Generator
>DiscussionGroups. Macromedia Technical Support actively monitors these
>groups, as well as hosting a community of users there. Descriptions
>and links to these discussion groups can be found at:
>
>http://www.macromedia.com/support/newsgroups.html
>
>Bug reports may be sent to beta_flashlinux@macromedia.com To allow us
>to investigate reported bugs, please include the following
>information:
>
>1) Platform and version
>2) Netscape version
>3) Reproducible steps including a URL to the web site where the
> problem was encountered.
>If we need further information about a bug, you will be contacted. An
>automated reply will be sent to assure you that we have received your
>bug report. Due to the volume of mail received we are not able to
>individually respond to each report.
Now, more details and the result of experiment suggested by Solar
Designer.
Before proceeding, I would like to thank Sharif Nassar who pointed out
that I should be able to know the exact URL by using web proxy such
as squid or junkbuster when I access the problematic web pages. By
using this method (which was indeed already set up on my PC, and I had
forgotten about the existence), I could find a couple of URLs that
contains flash/shockwave contents.
The slightly edited (to fit on narrow screen) raw squid log :
966180611.524 98883 127.0.0.1 TCP_MISS/200 526846 GET
http://www.washingtonpost.com/wp-srv/photo/conventions/flash/conv_intro/intro.swf
- TIMEOUT_DIRECT/www.washingtonpost.com application/x-shockwave-flash
966276649.312 4874 127.0.0.1 TCP_MISS/200 5870 GET
http://www.csmonitor.com/graphics/promos/dempromo.swf -
TIMEOUT_DIRECT/www.csmonitor.com application/x-shockwave-flash
The first one is the one that I mentioned at Washington Post site.
I didn't know I had accessed the second flash/shockwave page before.
Let us call the URLs as [1] and [2] respectively.
( URL [1] at Washington post., URL [2] at Christian Science Monitor.)
Solar Designer:
>libsafe depends on all components of programs you use to be compiled
>with frame pointers. If gcc's -fomit-frame-pointer was used on at
>least one source file in at least one software component (such as a
>browser plug-in), then libsafe's checks do the wrong thing and you
>may in fact be introducing DoS possibilities by using libsafe.
I should have known this.
>Have you tried visiting this URL without libsafe installed? If it
>still causes a crash, then you really have something to report.
Now, as suggested by Solar designer, I did the experiment.
I removed the loading of libsafe before running netscape/flash plug-in
to access the above URLs and compared result.
Result.
============================================================
No libsafe. With libsafe.
------------------------------------------------------------
Access to URL [1] Seems to be OK. Aborted by libsafe.
URL [2] OK. OK.
============================================================
The URL [2] seems to contain much smaller flash data and
netscape/flash plug-in had no problem with/without libsafe in handling it.
A little strange but such is life. I would appreciate any
true/false confirmation from people using linux for x86.
The URL [1] caused the abort by libsafe as reported previously,
but when I removed libsafe from the dynamic library loading path,
netscape/flash plug-in seems to handle it without problem.
(Since the data is large, I only looked at the first part of URL [1].
After a minute or so of initial dynamic images,
the screen comes to a menu selection and pauses.
I could pick up the menu all right. I didn't investigate further.
With libsafe, netscape gets aborted before showing ANY images at all
after downloading ~500kb data .)
So as Solar Designer suggested there may be issues concerning the
compilation switches (especially the one that controls the
preservation of frame pointer) of netscape flash/shockwave plug-in and
libsafe.
What puzzles me is that URL [2] doesn't cause abort by libsafe.
But again, someone in the know can figure out if the problem with URL [1]
is genuine or libsafe artifact.
(OK, now I understand that IF one module of NETSCAPE is compiled
without frame pointer preservation, then such might cause the abort of
libsafe at a seemingly unrelated module. Right?
But in this particular case, I think it is the plug-in module for
flash/shockwave since I only see this abort when flash/shockwave page
is accessed.)
--
Ishikawa, Chiaki ishikawa@personal-media.co.jp.NoSpam or
(family name, given name) Chiaki.Ishikawa@personal-media.co.jp.NoSpam
Personal Media Corp. ** Remove .NoSpam at the end before use **
Shinagawa, Tokyo, Japan 142-0051
