I've been getting a segfault in libkarma when I transfer certain MP3s using Amarok or riocp.
The problem occurs when header_bitrate() in mp3.c gets passed a header where the bitrate index is 0. It then uses bitrate-1 as an array index and everything goes wrong and Amarok crashes!
This happens when header_bitrate is called from get_first_header - the function appears to scan the file looking for four consecutive valid frame headers. My guess is that it's interpreting part of the file as a frame header when it isn't really.
The patch below should fix the problem. The other values (version and layer) are limited to acceptable ranges in get_header, so bitrate is the only one we need to check.
Olly
--- orig/libkarma-0.0.5-hg118 /src/mp3.c 2006-09-10 19:58:50.000000000 +0100
+++ mine/libkarma-0.0.5-hg118/src/mp3.c 2006-10-18 19:51:20.000000000 +0100
@@ -174,7 +174,7 @@ static int frame_length(mp3header *heade
int header_layer(mp3header *h) {return layer_tab[h->layer];}
int header_bitrate(mp3header *h) {
- return bitrate[h->version & 1][3-h->layer][h->bitrate-1];
+ return bitrate[h->version & 1][3-h->layer][h->bitrate>0 ? h->bitrate-1 : 0];
}
int header_frequency(mp3header *h) {
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ linux-karma-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-karma-devel
