[Flac-dev] [don@donarmstrong.com: Bug#274301: libflac4 segfaults on corrupt flac files]

Thu Sep 30 17:44:15 PDT 2004

----- Forwarded message from Don Armstrong <don at donarmstrong.com> -----

Date: Thu, 30 Sep 2004 16:19:41 -0700
From: Don Armstrong <don at donarmstrong.com>
Resent-From: Don Armstrong <don at donarmstrong.com>
To: submit at bugs.debian.org
Subject: Bug#274301: libflac4 segfaults on corrupt flac files

Severity: normal
Package: libflac4
Version: 1.1.0-11

Running ogg123 on http://rzlab.ucr.edu/debian/libflac/crash.flac
results in a segfault in libFLAC:

(gdb) bt full
#0  0x40205422 in FLAC__bitbuffer_read_rice_signed_block (bb=0x80601b8, vals=0x807dd80, nvals=4294967293, parameter=9, 
    read_callback=0x40220080 <read_callback_>, client_data=0x805ba58) at bitbuffer.c:2254
	available_bits = 134733184
	buffer = (
    const FLAC__blurb *) 0x8060228 "oÐz\023\017\a÷ã»\216ãìßcðþ®Éåívcµ\201q\030NE+\030\213¾5*Õk?°R2·\035Ù\207iP!Ó\237¼óoQ»Ù\207°\202\"¯\235\220º\212UsÏÉv¹çf¼Û\231%\233¨¯qJôÎoLF\024Ðªë>ôj%\237¿«"
	i = 44552
	j = 8
	val_i = 70816
	cbits = 1
	uval = 631
	msbs = 1
	lsbs_left = 1
	blurb = 158 '\236'
	save_blurb = 196 'Ä'
	state = 1
#1  0x4021f88d in read_residual_partitioned_rice_ (decoder=0x805ba58, predictor_order=3, partition_order=14, partitioned_rice_contents=0x805f478, 
    residual=0x807dd80) at stream_decoder.c:1975
	rice_parameter = 9
	i = 2
	partition = 0
	sample = 0
	u = 4294967293
	partitions = 16384
	partition_samples = 0
#2  0x4021f01f in read_subframe_fixed_ (decoder=0x805ba58, channel=1, bps=16, order=3) at stream_decoder.c:1832
	subframe = (FLAC__Subframe_Fixed *) 0x805f988
	i32 = -31667
	u32 = 14
	u = 14
#3  0x4021ecd7 in read_subframe_ (decoder=0x805ba58, channel=1, bps=1) at stream_decoder.c:1751
	x = 22
	wasted_bits = 0
#4  0x4021e190 in read_frame_ (decoder=0x805ba58, got_a_frame=0xbffff360) at stream_decoder.c:1353
	bps = 4294966980
	channel = 1
	i = 4294966980
	mid = 1
	side = 4608
	left = 8
	frame_crc = 4608
	x = 248
#5  0x4021c6e0 in FLAC__stream_decoder_process_single (decoder=0x805ba58) at stream_decoder.c:596
	got_a_frame = 0
#6  0x08053774 in EasyFLAC__process_single (decoder=0x805ba30) at ../../ogg123/easyflac.c:356
No locals.
#7  0x08052690 in flac_init (source=0x805aa60, ogg123_opts=0x8059d60, audio_fmt=0xbffff3e0, callbacks=0xbffff408, callback_arg=0x407ed008)
    at ../../ogg123/flac_format.c:181
	decoder = (decoder_t *) 0x805b990
	private = (flac_private_t *) 0x805b9d0
	ret = -1073745000
#8  0x0804fec0 in play (source_string=0x805b8d0 "crash.flac") at ../../ogg123/ogg123.c:464
	transport = (transport_t *) 0x80586c0
	format = (format_t *) 0x8058820
	source = (data_source_t *) 0x805aa60
	decoder = (decoder_t *) 0x10000000
	decoder_callbacks = {printf_error = 0x804d0d8 <decoder_buffered_error_callback>, 
  printf_metadata = 0x804d255 <decoder_buffered_metadata_callback>}
	decoder_callbacks_arg = (void *) 0x407ed008
	old_audio_fmt = {big_endian = 0, word_size = 0, signed_sample = 0, rate = 0, channels = 0}
	new_audio_fmt = {big_endian = 0, word_size = 2, signed_sample = 1, rate = 0, channels = 0}
	reopen_arg = (audio_reopen_arg_t *) 0x0
	eof = 0
	eos = 0
	ret = 0
	nthc = 0
	ntimesc = 0
	next_status = 0
	status_interval = 0
#9  0x0804fd23 in main (argc=2, argv=0xbffff584) at ../../ogg123/ogg123.c:393
	optind = 1
	playlist_array = (char **) 0x805b8c0
	items = 1
	stat_buf = {st_dev = 2073, __pad1 = 0, st_ino = 3041522, st_mode = 33188, st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 110592, st_blksize = 4096, st_blocks = 224, st_atim = {tv_sec = 1096585478, tv_nsec = 271352832}, st_mtim = {tv_sec = 1096585268, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1096585340, tv_nsec = 284815843}, __unused4 = 0, __unused5 = 0}
	i = 0
(gdb) info threads
* 1 process 8083  0x40205422 in FLAC__bitbuffer_read_rice_signed_block (bb=0x80601b8, vals=0x807dd80, nvals=4294967293, parameter=9, 
    read_callback=0x40220080 <read_callback_>, client_data=0x805ba58) at bitbuffer.c:2254
(gdb) 

See http://rzlab.ucr.edu/debian/libflac/core and
http://rzlab.ucr.edu/debian/libflac/ for debugging versions of the
packages used to create the corefile and backtrace.

Don Armstrong

-- 
More than any other time in history, mankind faces a crossroads.
One path leads to despair and utter hopelessness.
The other, to total extinction.
Let us pray we have the wisdom to choose correctly.
 -- Woody Allen

http://www.donarmstrong.com http://rzlab.ucr.edu

----- End forwarded message -----

-- 
 - mdz