On 01/17/21 22:54 pm, Sebastian Ramacher wrote: >> >> In https://trac.videolan.org/vlc/ticket/25252, upstream answer : >> >> > That CDDB bug was fixed 9 years ago in VLC contribs. Complain to Debian. >> >> Can you have a look on debian side ? > > Reassigning to libcddb2. >
I believe this is the patch in VLC's vendored copy they are referring to: https://code.videolan.org/videolan/vlc/-/commit/29d3ded7194271 It disables the use of alarm() to set a timeout for gethostbyname() which isn't safe if called from a program with multiple threads. > >> >> I made test with fedora 33 live + install proccess >> (https://www.videolan.org/vlc/download-fedora.html). >> vlc is functional. >> Fedora seems to use a different patch which just disables _FORTIFY_SOURCE in that file to avoid the longjmp() crash: https://src.fedoraproject.org/rpms/libcddb/blob/rawhide/f/libcddb-1.3.2-rhbz770611.patch Although I think it still has a problem where SIGALRM can be delivered to any thread in the program, so it's better to avoid using alarm() entirely as the VLC patch does. gethostbyname will time out by itself anyway. I've rebuilt the package with the patch below and tested locally without any problems. diff --git a/lib/cddb_net.c b/lib/cddb_net.c index 7adf37b..aac3967 100644 --- a/lib/cddb_net.c +++ b/lib/cddb_net.c @@ -228,6 +228,10 @@ int sock_vfprintf(cddb_conn_t *c, const char *format, va_list ap) /* Time-out enabled work-alikes */ +/* Do not use SIGALRM in Debian as it is not safe if used in a program + with multiple threads. */ +#undef HAVE_ALARM + #ifdef HAVE_ALARM /* time-out jump buffer */ static jmp_buf timeout_expired; -- Thanks, Nick
