* Chris Waters <[EMAIL PROTECTED]> [2007-11-08 12:00]: > Package: mtp-tools > Version: 0.2.2-2 > Tags: patch > > The example code which comes with libmtp and which is used to create > the command-line tools in the mtp-tools package uses atoi(3) for some > of its command-line parsing, which has problems if the file ids on the > mtp device are greater than INT_MAX. I managed to crash my mp3 player > by making a playlist with bad data because of this bug.
Thanks for finding and fixing this bug. Could you please also check whether version 0.2.3-1 (in experimental) is also affected by this bug? > I've patched the utils to use strtoul instead, and the rebuilt package > is working great here, so I'm sending you the patch. You may want to > forward this to upstream as well. Sure, I will forward it to upstream. As regards applying the patch to the package currently in unstable, I think I will wait until the libmtp6/amarok/gnomad2 transition into testing is completed. > My patch also fixes a few (though not all) minor memory leaks. > Apparently someone didn't realize that strdup(3) calls malloc(3). > These leaks are probably mostly harmless, since the programs exit > after doing their work, which frees all the leaked memory, but as a > matter of general principle, I tried to fix the most obvious ones I > spotted. If you'd prefer, I can send you a trimmed-down patch which > only fixes the signed/unsigned problems. Yes, it would be great if you could provide two separate patches, one for each problem. Cheers, -- Rafael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]