Package: mp3check Version: 0.8.7-1 Severity: normal Tags: patch upstream When the last audio frame is truncated, "mp3check --cut-junk-end" fails to detect and get rid of it.
In the best case scenario, when the mp3 file has no id3 tag, the corrupted frame is left as is. In the worst case scenario, when the frame is followed by id3 tags, the frame is considered as complete and the tags are restored beyond the end of the memory-mapped file, which may cause a segmentation fault. The attached patch aims to detect and eliminate any truncated last audio frame when mp3check is called with the --cut-junk-end option. Incidentally, this may also close bug #315497. Xavier -- System Information: Debian Release: 7.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-54-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mp3check depends on: ii libc6 2.13-38 ii libgcc1 1:4.7.2-5 ii libstdc++6 4.7.2-5 mp3check recommends no packages. Versions of packages mp3check suggests: pn mpg321 <none> -- no debconf information
Description: Fix to prevent segfaults when the last audio frame is truncated. When the last audio frame is truncated, "mp3check --cut-junk-end" fails to detect and get rid of it. . In the best case scenario, when the mp3 file has no id3 tag, the corrupted frame is left as is. . In the worst case scenario, when the frame is followed by id3 tags, the frame is considered as complete and the tags are restored beyond the end of the memory-mapped file, which may cause a segmentation fault. . This patch aims to detect and eliminate any truncated last audio frame when mp3check is called with the --cut-junk-end option. Author: Xavier Hienne <xhie...@free.fr> Bug-Ubuntu: https://launchpad.net/bugs/592766 --- Bug-Debian: http://bugs.debian.org/<bugnumber> --- mp3check-0.8.7.orig/mp3check.cc +++ mp3check-0.8.7/mp3check.cc @@ -1069,6 +1069,7 @@ bool cut_junk_end(const char *name, cons cok, (tag->isValidSpecs()?"valid":"invalid"), (tag->version())>>8, (tag->version())&0xff, cnor); have_a_tag = true; + rest-=128; } else { @@ -1115,18 +1116,13 @@ bool cut_junk_end(const char *name, cons // skip to next frame l = frame_length(h); + if (l > rest) break; p += l; rest -= l; start += l; } } - // in case we had found a tag - if((rest >= 128) && have_a_tag) - { - rest-=128; - } - // remove incomplete last frames //if((rest < 0) && remove_truncated_last_frame) //{