[Vorbis] ogg123 crash

Paul de Weerd weerd at weirdnet.nl
Fri Jul 10 05:01:05 PDT 2009 

Hi,

I already mentioned this on #vorbis, but thought it good to create a
mailthread on it for easier tracking.

One of the OpenBSD developers (claudio at openbsd.org) found that ogg123
crashes on his machine with a SIGSEGV while playing tracks with
unknown comments in the tags. He's running with special malloc flags
that make the OpenBSD malloc(3) extra picky (manpage available online
at http://www.openbsd.org/cgi-bin/man.cgi?query=malloc.conf - Claudio
was using MALLOC_OPTIONS=FGJ) These options quite often uncover malloc
related bugs and are a useful asset when developing code on OpenBSD.

As it turns out, there is a bug in ogg123s use of strcspn(3) - it
should never return 0 unless the '='-sign is the first character
(quite unlikely). Claudio proposed a patch for our portstree to fix
this issue, can someone have a look at the patch to ogg123's
vorbis_comments.c (below) and add this fix to the vorbis-tools
codebase ?

I have sample OGG files giving this behaviour available upon request
(for debugging purposes only), if needed.

Thanks,

Paul 'WEiRD' de Weerd

----- Forwarded message from Claudio Jeker -----

So ogg123 crashes when unknown comments are in the tags.

Before:
Ogg Vorbis stream: 2 channel, 44100 Hz
Track is encoded with cdex vorbis dll: ##########################
Title: The Fantabulous Rap Extravaganza

After:
Ogg Vorbis stream: 2 channel, 44100 Hz
Comment: Track is encoded with CDex Vorbis DLL
Title: Virus

the vorbis tools don't understand how strcspn() works.
-- 
:wq Claudio

Index: Makefile
===================================================================
RCS file: /cvs/ports/audio/vorbis-tools/Makefile,v
retrieving revision 1.35
diff -u -p -r1.35 Makefile
--- Makefile	11 May 2008 22:17:28 -0000	1.35
+++ Makefile	8 Jul 2009 16:51:36 -0000
@@ -3,7 +3,7 @@
 COMMENT=	play, encode, and manage Ogg Vorbis files
 
 DISTNAME=	vorbis-tools-1.2.0
-PKGNAME=	${DISTNAME}p0
+PKGNAME=	${DISTNAME}p1
 CATEGORIES=    	audio
 HOMEPAGE=	http://www.vorbis.com/
 
Index: patches/patch-ogg123_vorbis_comments_c
===================================================================
RCS file: patches/patch-ogg123_vorbis_comments_c
diff -N patches/patch-ogg123_vorbis_comments_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-ogg123_vorbis_comments_c	8 Jul 2009 16:47:36 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- ogg123/vorbis_comments.c.orig	Wed Jul  8 18:44:47 2009
++++ ogg123/vorbis_comments.c	Wed Jul  8 18:45:13 2009
+@@ -72,7 +72,7 @@ char *lookup_comment_prettyprint (char *comment, int *
+ 
+   /* Use default formatting */
+   j = strcspn(comment, "=");
+-  if (j) {
++  if (j != strlen(comment)) {
+     *offset = j + 1;
+     s = malloc(j + 2);
+     if (s == NULL) {

----- End forwarded message -----

-- 
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/

More information about the Vorbis mailing list