[pkg-mad-maintainers] [daper@daper.net: libid3tag0: Some mp3 files can cause a segfault.]

Damian Pietras daper at daper.net
Fri Jan 6 20:36:33 UTC 2006 

I've reported this bug using bugreport in December, but I received no
answer, so I'm mailing it directly to the maintainer's address.

----- Forwarded message from Damian Pietras <daper at daper.net> -----

From: Damian Pietras <daper at daper.net>
To: Ubuntu Bug Tracking System <ubuntu-users at lists.ubuntu.com>
Subject: libid3tag0: Some mp3 files can cause a segfault.

Package: libid3tag0
Version: 0.15.1b-7
Severity: normal
Tags: patch


Patch 12_endless_loop included in Debian win libid3tag sauses a segfault
on some mp3 files. Example file is:

http://users.lin.one.pl/~daper/pub/libid3tag-debian-bug.mp3

(File was cut off to 16KB, but still shhows the bug). Tags are read
properly by libid3tag without any patches and by XMMS.

To see the bug, download the file and use
madplay -v libid3tag-debian-bug.mp3

This patch can be used to fix it:


--- libid3tag-0.15.1b/compat.c	2004-02-17 03:34:39.000000000 +0100
+++ libid3tag-0.15.1b-fixed/compat.c	2005-12-25 12:46:17.000000000 +0100
@@ -443,6 +443,9 @@
     encoding = id3_parse_uint(&data, 1);
     string   = id3_parse_string(&data, end - data, encoding, 0);
 
+    if (!string)
+	    continue;
+
     if (id3_ucs4_length(string) < 4) {
       free(string);
       continue;


-- System Information:
Debian Release: testing/unstable
  APT prefers breezy-security
  APT policy: (500, 'breezy-security'), (500, 'breezy-backports'), (500, 'breezy')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-rc4
Locale: LANG=en_US.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)

Versions of packages libid3tag0 depends on:
ii  libc6                   2.3.5-1ubuntu12  GNU C Library: Shared libraries an
ii  zlib1g                  1:1.2.3-3ubuntu4 compression library - runtime

libid3tag0 recommends no packages.

-- no debconf information

--- libid3tag-0.15.1b/compat.c	2004-02-17 03:34:39.000000000 +0100
+++ libid3tag-0.15.1b-fixed/compat.c	2005-12-25 12:46:17.000000000 +0100
@@ -443,6 +443,9 @@
     encoding = id3_parse_uint(&data, 1);
     string   = id3_parse_string(&data, end - data, encoding, 0);
 
+    if (!string)
+	    continue;
+
     if (id3_ucs4_length(string) < 4) {
       free(string);
       continue;


----- End forwarded message -----


-- 
Damian Pietras

More information about the pkg-mad-maintainers mailing list