Package: libtunepimp3
Version: 0.4.2-3
Severity: normal
Tags: patch
Note: I run Debian stable, but built libtunepimp3 on a Ubuntu dapper
system as
this comes closer to Debian testing than Debian stable. libtunepimp3 is not
part of dapper (it still uses libtunepimp2), I needed it to port my project
"Kid3" to the new libtunepimp.
Bug reproduction:
Start tp_tagger (from packet libtunepimp-bin), add some MP3 or Ogg files
and
notice that the lookup process is stuck at "TRM Lookup". If you start
tp_tagger from gdb, the lookup thread is reported to crash with a
segmentation
fault in LookupTRM::lookup(), the location can be found out using a
libtunepimp.so.3.0.0 with debugging information not stripped, it is line
170.
Analysis:
lib/lookuptools.cpp:
At line 163, buffer temp is used as a buffer with 256 bytes. However,
there is
no buffer temp with 256 bytes in the innermost scope. The buffer temp used
is
defined in line 56 and has only 100 bytes. Thus when more than 100 bytes
result data are read, temp is overflown and the thread can crash (if it
does
may depend on compiler optimization, linkage, ..., in my system it does).
Patch:
The following patch provides a sufficiently sized temp buffer. It also
fixes
some other buffer length violations (one byte more is used than available).
** begin of patch **
diff -ru libtunepimp-0.4.2.orig/lib/lookuptools.cpp
libtunepimp-0.4.2/lib/lookuptools.cpp
--- libtunepimp-0.4.2.orig/lib/lookuptools.cpp 2006-01-28
21:35:42.000000000 +0100
+++ libtunepimp-0.4.2/lib/lookuptools.cpp 2006-06-04 20:09:51.000000000
+0200
@@ -51,7 +51,7 @@
musicbrainz_t o;
char *args[7];
int ret, trackNum;
- char error[255], data[255], trackURI[256],
+ char error[256], data[256], trackURI[256],
artistURI[256], albumURI[256];
char temp[100], duration[100], status[100];
@@ -159,6 +159,7 @@
// Select the first release date
if (mb_Select1(o, MBS_SelectReleaseDate, j))
{
+ char temp[256];
// Pull back the release date and release country
if (mb_GetResultData(o, MBE_ReleaseGetDate, temp, 256))
{
@@ -211,7 +212,7 @@
musicbrainz_t o;
char *args[3];
int ret;
- char error[255], data[255];
+ char error[256], data[256];
//
-----------------------------------------------------------------------------------------
// NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE
NOTE NOTE NOTE NOTE NOTE
@@ -299,7 +300,7 @@
{
musicbrainz_t o;
int ret;
- char error[255];
+ char error[256];
if (user.empty() || passwd.empty())
{
** end of patch **
And now for something completely different:
It would be better to check for taglib 1.4 than 1.4.0 in configure, or
taglib
with version "1.4" will not be used. The following patch should solve this:
** begin of patch **
diff -ru libtunepimp-0.4.2.orig/configure libtunepimp-0.4.2/configure
--- libtunepimp-0.4.2.orig/configure 2006-06-04 23:47:52.000000000 +0200
+++ libtunepimp-0.4.2/configure 2006-06-02 19:30:24.000000000 +0200
@@ -19556,9 +19556,9 @@
echo "*** Or see http://developer.kde.org/~wheeler/taglib.html"
else
TAGLIB_VERSION=`$TAGLIB_CONFIG --version`
- echo "$as_me:$LINENO: checking for taglib >= 1.4.0" >&5
-echo $ECHO_N "checking for taglib >= 1.4.0... $ECHO_C" >&6
- VERSION_CHECK=`expr $TAGLIB_VERSION \>\= 1.4.0`
+ echo "$as_me:$LINENO: checking for taglib >= 1.4" >&5
+echo $ECHO_N "checking for taglib >= 1.4... $ECHO_C" >&6
+ VERSION_CHECK=`expr $TAGLIB_VERSION \>\= 1.4`
if test "$VERSION_CHECK" = "1" ; then
echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6
diff -ru libtunepimp-0.4.2.orig/configure.in libtunepimp-0.4.2/configure.in
--- libtunepimp-0.4.2.orig/configure.in 2006-06-04 23:47:52.000000000 +0200
+++ libtunepimp-0.4.2/configure.in 2006-06-04 23:45:25.000000000 +0200
@@ -77,7 +77,7 @@
AC_CHECK_HEADERS(iconv.h)
dnl Check for TagLib 1.4
-AC_CHECK_TAGLIB(1.4.0,
+AC_CHECK_TAGLIB(1.4,
[TP_PLUGINS="$TP_PLUGINS mpc wma"
AC_DEFINE(HAVE_TAGLIB,1,[TagLib Support])],
[AC_MSG_RESULT([no])
** end of patch **
-- System Information:
Debian Release: testing/unstable
APT prefers dapper-updates
APT policy: (500, 'dapper-updates'), (500, 'dapper-security'), (500,
'dapper')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-23-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libtunepimp3 depends on:
ii libc6 2.3.6-0ubuntu20 GNU C Library: Shared
libraries an
ii libgcc1 1:4.0.3-1ubuntu5 GCC support library
ii libmusicbrainz4c2a 2.1.2-2ubuntu3 Second generation incarnation
of t
ii libstdc++6 4.0.3-1ubuntu5 The GNU Standard C++ Library
v3
ii zlib1g 1:1.2.3-6ubuntu4 compression library - runtime
libtunepimp3 recommends no packages.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]