Bug#690201: xine-ui: xine --enqueue can't cope with filename with comma "," in it

Sat, 27 Oct 2012 04:42:18 -0700 

tags 690201 patch
thanks.

On Thu, 11 Oct 2012, Tim Connors wrote:

> Package: xine-ui
> Version: 0.99.6-1
> Severity: normal
>
> xine --enqueue splits any filename provided on the commandline if they
> have a comma in the filename.
>
> It does this because --enqueue gets transformed in main.c:main() to
> allocate a session_argv array with mrl=%s and passes that off to the
> session code to interpret in session.c:session_handle_subopt, which
> just stupidly blindly splits every string at every "," via getsubopt()
> right at the top of session_handle_subopt().  There is no way around
> this - you can't even escape commas in the filename with "\" or the
> like.  Seems someone forgot that mrls get passed through getsubopt and
> can of course be arbitrary strings so no character should be entitled
> to act as delimeter.  The mrl case should be handled via some other
> means - probably via a separate array since ideally you should be able
> to even handle a filename that looks like "token=value".  It should be
> easy - only interpret tokens provided via
> S=token1,token2,token3,token4=value,token5 etc, and all other options
> parsed through getopt(), but any other argument should be interpreted
> as a filename.
>
> Continue to support "xine -S mrl=..." for backwards compatibility by
> all means, but xine -S ... --enqueue ... ... should be the preferred
> method.

And it turns out the use of atoa() was pretty poor form too, in that it
nulled out a whole class of valid-in-filename characters.  Other uses of
that function seem sane enough, but in handling filenames?  Um, no...

Pretty easy fix, attached patch tests out fine here...

Please forward upstream.

-- 
Tim Connors
diff -ru /root/apt-source/xine-ui-0.99.7.orig/src/xitk/event.c /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/event.c
--- /root/apt-source/xine-ui-0.99.7.orig/src/xitk/event.c	2012-01-19 22:04:00.000000000 +1100
+++ /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/event.c	2012-10-25 17:11:27.585912576 +1100
@@ -1952,7 +1952,7 @@
     int dummy_session;
     
     while(startup->session_opts[i])
-      (void) session_handle_subopt(startup->session_opts[i++], &dummy_session);
+      (void) session_handle_subopt(startup->session_opts[i++], NULL, &dummy_session);
     
   }
   
diff -ru /root/apt-source/xine-ui-0.99.7.orig/src/xitk/main.c /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/main.c
--- /root/apt-source/xine-ui-0.99.7.orig/src/xitk/main.c	2012-01-19 22:04:00.000000000 +1100
+++ /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/main.c	2012-10-25 17:11:25.097996921 +1100
@@ -1781,7 +1781,7 @@
       
     case 'S':
       if(is_remote_running(((session >= 0) ? session : 0)))
-	retval = session_handle_subopt(optarg, &session);
+        retval = session_handle_subopt(optarg, NULL, &session);
       else {
 	
 	session_argv = (char **) realloc(session_argv, sizeof(char *) * (session_argv_num + 2));
@@ -1933,9 +1933,9 @@
       if(_argv[optind]) {
 	for(i = optind; i < _argc; i++) {
 	  char enqueue_mrl[strlen(_argv[i]) + 256];
-
-	  snprintf(enqueue_mrl, sizeof(enqueue_mrl), "session=%d,mrl=%s", session, atoa(_argv[i]));
-	  (void) session_handle_subopt(enqueue_mrl, &session);
+          char *filename = NULL;
+	  snprintf(enqueue_mrl, sizeof(enqueue_mrl), "session=%d", session);
+	  (void) session_handle_subopt(enqueue_mrl, _argv[i], &session);
 	}
       }
       else
diff -ru /root/apt-source/xine-ui-0.99.7.orig/src/xitk/session.c /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/session.c
--- /root/apt-source/xine-ui-0.99.7.orig/src/xitk/session.c	2012-01-19 22:04:00.000000000 +1100
+++ /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/session.c	2012-10-25 17:11:24.370021603 +1100
@@ -499,7 +499,7 @@
   return 1;
 } 
 
-int session_handle_subopt(char *suboptarg, int *session) {
+int session_handle_subopt(char *suboptarg, char* enqueue_mrl, int *session) {
   int          playlist_first, playlist_last, playlist_clear, playlist_next, playlist_prev, playlist_stop_cont;
   int          audio_next, audio_prev, spu_next, spu_prev;
   int          volume, amp, loop, speed_status, time_status;
@@ -634,6 +634,13 @@
 
     }
   }
+
+  if (enqueue_mrl != NULL) {
+    mrls = (char **) realloc(mrls, sizeof(char *) * (num_mrls + 2));
+      
+    mrls[num_mrls++] = strdup(enqueue_mrl);
+    mrls[num_mrls]   = NULL;
+  }
   
   *session = (optsess >= 0) ? optsess : 0;
   
diff -ru /root/apt-source/xine-ui-0.99.7.orig/src/xitk/session.h /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/session.h
--- /root/apt-source/xine-ui-0.99.7.orig/src/xitk/session.h	2009-12-19 11:34:22.000000000 +1100
+++ /root/apt-source/xine-ui-0.99.7.patched,unbuilt/src/xitk/session.h	2012-10-25 17:11:25.905969537 +1100
@@ -69,6 +69,6 @@
 int init_session(void);
 void deinit_session(void);
 
-int session_handle_subopt(char *optarg, int *session);
+int session_handle_subopt(char *optarg, char* enqueue_mrl, int *session);
 
 #endif

Reply via email to