[Debburn-devel] wodim crashes with many audio tracks
Christoph Pesch
christoph.pesch at web.de
Fri Jan 7 13:18:30 UTC 2011
Hi,
when burning an audio cd with many (more than 90) audio
tracks, wodim crashes. I debuged the application (cdrkit-1.1.11)
and found the problem in lines 305 and 432 of cdtext.c.
The array sbuf allocated in line 305 (function packtext) is not large
enough and the pointer fp in function fillpacks gets out of range in
line 432:
void packtext(int tracks, track_t *trackp)
{
int type;
int i;
struct textpack *tp;
struct textsizes tsize;
txtarg_t targ;
char sbuf[256*18]; /* 256 is not enough, see line 432 */
...
}
static void fillpacks(register txtarg_t *ap, register char *from, int len,
int track_no, int pack_type)
{
...
if (p >= &tp->text[12]) {
fillcrc((Uchar *)tp, sizeof (*tp));
p = 0;
tp++; /* may get out of range, see line 305 */
}
...
}
I could workaround the problem by increasing the size of sbuf.
But I think the correct solution is to compute the required size for
sbuf and allocate it dynamically. Unfortunately I do not know how
to compute the correct size. Otherwise I would have provided a patch.
Best regards,
Christoph
More information about the Debburn-devel
mailing list