Bug#361046: gjay: Crashes upon encounterin an mp3 free format frame

[Lauri Alanko]

Package: gjay
Version: 0.2.8.3-4.1
Severity: normal

GJay segfaulted in the initial scanning phase upon reading a particular
mp3 file.

#0  0x000000000041b2a1 in header_bitrate (h=0x7fffffe89040) at mp3.c:300
#1  0x000000000041b1f6 in frame_length (header=0x7fffffe89040) at mp3.c:291
#2  0x000000000041b184 in get_header (file=0xa38f60, header=0x7fffffe89040)
    at mp3.c:287
#3  0x000000000041ad62 in get_first_header (mp3=0x7fffffe892b0, 
    startpos=3240540) at mp3.c:204
#4  0x000000000041a90f in get_mp3_info (mp3=0x7fffffe892b0, scantype=1, 
    fullscan_vbr=0) at mp3.c:132

It turns out that the problem is that at

int header_bitrate(mp3header *h) {
    return bitrate[h->version & 1][3-h->layer][h->bitrate-1];
}

h->bitrate had the value of 0, causing an array underrun. According to
quick googling, zero is a valid value for the bitrate field in a frame
header, indicating a "free format" frame. I don't know exactly what this
means, and it may well be that the mp3 file was more or less broken.

In any case, value zero in the bitrate field should be either support or
detected and rejected.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16la2
Locale: LANG=C, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)

Versions of packages gjay depends on:
ii  libatk1.0-0         1.10.3-1             The ATK accessibility toolkit
ii  libc6               2.3.6-3              GNU C Library: Shared libraries an
ii  libcairo2           1.0.2-3              The Cairo 2D vector graphics libra
ii  libfontconfig1      2.3.2-2              generic font configuration library
ii  libglib2.0-0        2.10.1-2             The GLib library of C routines
ii  libgsl0             1.7.90-1             GNU Scientific Library (GSL) -- li
ii  libgtk2.0-0         2.8.13-1             The GTK+ graphical user interface 
ii  libpango1.0-0       1.12.0-2             Layout and rendering of internatio
ii  libx11-6            6.8.2.dfsg.1-11      X Window System protocol client li
ii  libxcursor1         1.1.3-1              X cursor management library
ii  libxext6            6.8.2.dfsg.1-11      X Window System miscellaneous exte
ii  libxi6              6.8.2.dfsg.1-11      X Window System Input extension li
ii  libxinerama1        6.8.2.dfsg.1-11      X Window System multi-head display
ii  libxrandr2          6.8.2.dfsg.1-11      X Window System Resize, Rotate and
ii  libxrender1         1:0.9.0.2-1          X Rendering Extension client libra
ii  mp3info             0.8.4-8              An MP3 technical info viewer and I
ii  mpg321 [mpg123]     0.2.10.3             A Free command-line mp3 player, co
ii  xmms                1.2.10+cvs20050809-5 Versatile X audio player

gjay recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]