Re: [Musicpd-dev-team] [PATCH] Add tag support to DSD decoders - v6

[Max Kellermann]

On 2012/08/16 18:18, Jurgen Kramer gtmkra...@xs4all.nl wrote:
 Lots of activity in git. Just a reminder for above commit.

Memory leak in dsdlib_tag_id3().

Can you use dsdlib_tag_id3() for a DoS attack?  This looks like it
could easily cause a stack overflow:

+   count = is-size - is-offset;
+   id3_byte_t dsdid3[count];

This looks suspicious, too:

+   uint64_t length = (uint64_t)GUINT32_FROM_BE(metatag.size);
+   char string[length];

Why is this 32 bit integer casted to 64 bit and then back to 32 bit,
anyway?

Remember: bad files must *never* cause MPD to crash!  If my theory is
true, this is a serious security vulnerability you're about to add to
MPD.

scan_id3_tag() has duplicate documentation.  API documentation belongs
to the header file.

Remove the version number from the commit message.  I will not merge
the old versions of your patch, these should be deleted.  Rebase on my
master branch, and submit *only* the patches you want me to merge, not
all the old versions.

Some API documentation for variables like diar_offset, diti_size could
be useful.  I don't understand what they mean.

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Musicpd-dev-team mailing list
Musicpd-dev-team@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team

Re: [Musicpd-dev-team] Microphone input

[Steffen Müller]

Hi.

On 01.08.2012 23:13 unai wrote:
 
 I saw ffmpeg input plugin in trunk. Is it possible through ffmpeg to
 read from the soundcard?
 


Not sure about ffmpeg support in mpd, but you could try something like this:

$ ffmpeg -f alsa -ac 2 -i hw:1,0

-i DEVICE
needs to be set according to to your alsa audio device.

Use arecord to show your alsa input devices:
$ arecord -l

A different approach would be to use darkice to capture audio from input
device, stream it to icecast2 and then grap the icecast2 output with mpd.

-- 
cheers,
Steffen

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Musicpd-dev-team mailing list
Musicpd-dev-team@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team