reassign 405801 libid3tag0
tags 405801 + patch
thanks
libid3tag doesn't gracefully handle unexpected values in the
files id3 encoding. Below is one such occation when id3_parse_uint
apparently returns 50 (which I have no idea how it can be stored in an
enum which doesn't contain a definition for 50).
The "id3_parse_string" function doesn't have a default case in it's
switch to catch this but (by accident?) happens to return NULL for this
case. No error checking seems to be done in this particular caller to
see if id3_parse_string returns NULL.
Breakpoint 1, id3_parse_string (ptr=0x7fff9f1ca748, length=3, encoding=50,
full=0) at parse.c:151
151 id3_ucs4_t *ucs4 = 0;
(gdb)
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x00002ba50c26e201 in id3_ucs4_length (ucs4=0x0) at ucs4.c:46
46 while (*ptr)
(gdb) bt
#0 0x00002b0327337201 in id3_ucs4_length (ucs4=0x0) at ucs4.c:46
#1 0x00002b032733c07e in id3_compat_fixup (tag=0x57d400) at compat.gperf:240
#2 0x00002b032733f5a5 in v2_parse (ptr=0x57da8d "") at tag.c:612
#3 0x00002b032733f6f1 in id3_tag_parse (data=0x57d6c0 "ID3\003", length=2008)
at tag.c:665
#4 0x000000000042f399 in getId3Tag (stream=0x57d480, offset=0, whence=0)
at /tmp/rc/mpd-0.12.1/./src/tag.c:255
#5 0x000000000042f3d3 in findId3TagFromBeginning (stream=0x57d480)
at /tmp/rc/mpd-0.12.1/./src/tag.c:271
#6 0x000000000042f5c1 in id3Dup (
file=0x544940 "/var/lib/mpd/music/09-ТаÑ\200Ñ\202ак, ТÐ\235Ð\234Ð\232
_ Ð\235о паÑ\201аÑ\200ан!.mp3") at /tmp/rc/mpd-0.12.1/./src/tag.c:342
#7 0x0000000000410a94 in mp3_tagDup (
file=0x544940 "/var/lib/mpd/music/09-ТаÑ\200Ñ\202ак, ТÐ\235Ð\234Ð\232
_ Ð\235о паÑ\201аÑ\200ан!.mp3")
at /tmp/rc/mpd-0.12.1/./src/inputPlugins/mp3_plugin.c:1060
#8 0x000000000042de18 in newSong (
url=0x57d1a0 "09-Ã\220¢Ã\220°Ã\221Â\200Ã\221Â\202Ã\220°Ã\220º,
Ã\220¢Ã\220Â\235Ã\220Â\234Ã\220Â\232 _ Ã\220Â\235Ã\220¾
Ã\220¿Ã\220°Ã\221Â\201Ã\220°Ã\221Â\200Ã\220°Ã\220½!.mp3", type=1,
parentDir=0x57c010)
at /tmp/rc/mpd-0.12.1/./src/song.c:76
#9 0x000000000042df67 in addSongToList (list=0x57c080,
url=0x57d1a0 "09-Ã\220¢Ã\220°Ã\221Â\200Ã\221Â\202Ã\220°Ã\220º, Ã\220¢Ã\
---Type <return> to continue, or q <return> to quit---
The attached patch should fix the problem.
Please verify for correctness! (The problem might be deeper, are we
looking at the wrong byte in the file for the encoding? Am I just
papering over a symptom of another bug?)
--
Regards,
Andreas Henriksson
diff -urip libid3tag-0.15.1b/compat.c libid3tag-0.15.1b.fixed/compat.c
--- libid3tag-0.15.1b/compat.c 2004-02-17 03:34:39.000000000 +0100
+++ libid3tag-0.15.1b.fixed/compat.c 2007-01-13 18:32:52.000000000 +0100
@@ -442,6 +442,8 @@ int id3_compat_fixup(struct id3_tag *tag
encoding = id3_parse_uint(&data, 1);
string = id3_parse_string(&data, end - data, encoding, 0);
+ if (string == NULL)
+ goto fail;
if (id3_ucs4_length(string) < 4) {
free(string);
diff -urip libid3tag-0.15.1b/compat.gperf libid3tag-0.15.1b.fixed/compat.gperf
--- libid3tag-0.15.1b/compat.gperf 2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b.fixed/compat.gperf 2007-01-13 18:33:20.000000000 +0100
@@ -236,6 +236,8 @@ int id3_compat_fixup(struct id3_tag *tag
encoding = id3_parse_uint(&data, 1);
string = id3_parse_string(&data, end - data, encoding, 0);
+ if (string == NULL)
+ goto fail;
if (id3_ucs4_length(string) < 4) {
free(string);
diff -urip libid3tag-0.15.1b/parse.c libid3tag-0.15.1b.fixed/parse.c
--- libid3tag-0.15.1b/parse.c 2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b.fixed/parse.c 2007-01-13 18:35:42.000000000 +0100
@@ -165,6 +165,9 @@ id3_ucs4_t *id3_parse_string(id3_byte_t
case ID3_FIELD_TEXTENCODING_UTF_8:
ucs4 = id3_utf8_deserialize(ptr, length);
break;
+ default:
+ /* FIXME: Unknown encoding! Print warning? */
+ return NULL;
}
if (ucs4 && !full) {
