Your message dated Mon, 11 May 2015 12:19:44 +0000
with message-id <[email protected]>
and subject line Bug#689712: fixed in faad2 2.8.0~cvs20150510-1
has caused the Debian Bug report #689712,
regarding faad crashes when given ADTS AAC file with large ID3v2 tag
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
689712: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689712
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: faad
Version: 2.7-8
Severity: normal
Tags: upstream
I have an ADTS AAC file with an ID3v2 tag containing an image. Attempting to
skip this header by passing a value larger than the buffer size to
advance_buffer causes fill_buffer to misbehave. The problem is detected in
free() during a normal build but the problem is clearer when running under
valgrind:
==23880== Invalid write of size 8
==23880== at 0x50F81CB: __GI_memcpy (memcpy.S:267)
==23880== by 0x50E17D2: _IO_file_xsgetn (fileops.c:1414)
==23880== by 0x50D79B1: fread (iofread.c:44)
==23880== by 0x403930: ??? (in /usr/bin/faad)
==23880== by 0x401BAE: ??? (in /usr/bin/faad)
==23880== by 0x508EEAC: (below main) (libc-start.c:228)
==23880== Address 0x567a830 is 0 bytes after a block of size 4,608 alloc'd
==23880== at 0x4C28BED: malloc (in /usr/lib/valgrind/vgpreload_memcheck-
amd64-linux.so)
==23880== by 0x401AC2: ??? (in /usr/bin/faad)
==23880== by 0x508EEAC: (below main) (libc-start.c:228)
Here's a more useful log generated by a version of faad I compiled myself on
squeeze-i386:
==28965== Syscall param read(buf) points to unaddressable byte(s)
==28965== at 0x4A06073: __read_nocancel (syscall-template.S:82)
==28965== by 0x49B16F7: _IO_sgetn (genops.c:500)
==28965== by 0x49A52CD: fread (iofread.c:44)
==28965== by 0x8049150: fill_buffer (main.c:100)
==28965== by 0x8049544: decodeAACfile (main.c:478)
==28965== by 0x804A484: main (main.c:1249)
==28965== Address 0x6d20548 is 0 bytes after a block of size 4,608 alloc'd
==28965== at 0x48DEF50: malloc (vg_replace_malloc.c:236)
==28965== by 0x8049461: decodeAACfile (main.c:454)
==28965== by 0x804A484: main (main.c:1249)
==28965==
==28965== Invalid write of size 1
==28965== at 0x48E091F: memcpy (mc_replace_strmem.c:497)
==28965== by 0x49AF737: _IO_file_xsgetn (fileops.c:1414)
==28965== by 0x49B16F7: _IO_sgetn (genops.c:500)
==28965== by 0x49A52CD: fread (iofread.c:44)
==28965== by 0x8049150: fill_buffer (main.c:100)
==28965== by 0x8049544: decodeAACfile (main.c:478)
==28965== by 0x804A484: main (main.c:1249)
==28965== Address 0x6d24d95 is not stack'd, malloc'd or (recently) free'd
The attached patch fixes the problem for me. I've submitted it upstream at
https://sourceforge.net/tracker/?func=detail&aid=3574761&group_id=704&atid=100704
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages faad depends on:
ii libc6 2.13-35
ii libfaad2 2.7-8
faad recommends no packages.
faad suggests no packages.
Only in faad2-2.7/common: Makefile
Only in faad2-2.7/common/mp4ff: .deps
Only in faad2-2.7/common/mp4ff: libmp4ff.a
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4atom.o
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4ff.o
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4meta.o
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4sample.o
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4tagupdate.o
Only in faad2-2.7/common/mp4ff: libmp4ff_a-mp4util.o
Only in faad2-2.7/common/mp4ff: Makefile
Only in faad2-2.7: config.h
Only in faad2-2.7: config.log
Only in faad2-2.7: config.status
Only in faad2-2.7: faad2.spec
Only in faad2-2.7/frontend: audio.o
Only in faad2-2.7/frontend: .deps
Only in faad2-2.7/frontend: faad
Only in faad2-2.7/frontend: getopt.o
Only in faad2-2.7/frontend: .libs
diff -rup faad2-2.7.stock/frontend/main.c faad2-2.7/frontend/main.c
--- faad2-2.7.stock/frontend/main.c 2008-09-22 18:55:09.000000000 +0100
+++ faad2-2.7/frontend/main.c 2012-10-04 21:46:31.175490401 +0100
@@ -130,11 +130,22 @@ static int fill_buffer(aac_buffer *b)
static void advance_buffer(aac_buffer *b, int bytes)
{
- b->file_offset += bytes;
- b->bytes_consumed = bytes;
- b->bytes_into_buffer -= bytes;
- if (b->bytes_into_buffer < 0)
- b->bytes_into_buffer = 0;
+ while ((b->bytes_into_buffer > 0) && (bytes > 0))
+ {
+ assert(b->bytes_into_buffer > 0);
+ int chunk = min(bytes, b->bytes_into_buffer);
+
+ bytes -= chunk;
+ b->file_offset += chunk;
+ b->bytes_consumed = chunk;
+ b->bytes_into_buffer -= chunk;
+ assert(b->bytes_into_buffer >= 0);
+
+ if (b->bytes_into_buffer == 0)
+ fill_buffer(b);
+ }
+
+ assert(b->bytes_into_buffer >= 0);
}
static int adts_sample_rates[] = {96000,88200,64000,48000,44100,32000,24000,22050,16000,12000,11025,8000,7350,0,0,0};
Only in faad2-2.7/frontend: main.c~
Only in faad2-2.7/frontend: main-debug.c
Only in faad2-2.7/frontend: main.o
Only in faad2-2.7/frontend: Makefile
Only in faad2-2.7/libfaad: bits.lo
Only in faad2-2.7/libfaad: bits.o
Only in faad2-2.7/libfaad: cfft.lo
Only in faad2-2.7/libfaad: cfft.o
Only in faad2-2.7/libfaad: common.lo
Only in faad2-2.7/libfaad: common.o
Only in faad2-2.7/libfaad: decoder.lo
Only in faad2-2.7/libfaad: decoder.o
Only in faad2-2.7/libfaad: .deps
Only in faad2-2.7/libfaad: drc.lo
Only in faad2-2.7/libfaad: drc.o
Only in faad2-2.7/libfaad: drm_dec.lo
Only in faad2-2.7/libfaad: drm_dec.o
Only in faad2-2.7/libfaad: error.lo
Only in faad2-2.7/libfaad: error.o
Only in faad2-2.7/libfaad: filtbank.lo
Only in faad2-2.7/libfaad: filtbank.o
Only in faad2-2.7/libfaad: hcr.lo
Only in faad2-2.7/libfaad: hcr.o
Only in faad2-2.7/libfaad: huffman.lo
Only in faad2-2.7/libfaad: huffman.o
Only in faad2-2.7/libfaad: ic_predict.lo
Only in faad2-2.7/libfaad: ic_predict.o
Only in faad2-2.7/libfaad: is.lo
Only in faad2-2.7/libfaad: is.o
Only in faad2-2.7/libfaad: libfaad.la
Only in faad2-2.7/libfaad: .libs
Only in faad2-2.7/libfaad: lt_predict.lo
Only in faad2-2.7/libfaad: lt_predict.o
Only in faad2-2.7/libfaad: Makefile
Only in faad2-2.7/libfaad: mdct.lo
Only in faad2-2.7/libfaad: mdct.o
Only in faad2-2.7/libfaad: mp4.lo
Only in faad2-2.7/libfaad: mp4.o
Only in faad2-2.7/libfaad: ms.lo
Only in faad2-2.7/libfaad: ms.o
Only in faad2-2.7/libfaad: output.lo
Only in faad2-2.7/libfaad: output.o
Only in faad2-2.7/libfaad: pns.lo
Only in faad2-2.7/libfaad: pns.o
Only in faad2-2.7/libfaad: ps_dec.lo
Only in faad2-2.7/libfaad: ps_dec.o
Only in faad2-2.7/libfaad: ps_syntax.lo
Only in faad2-2.7/libfaad: ps_syntax.o
Only in faad2-2.7/libfaad: pulse.lo
Only in faad2-2.7/libfaad: pulse.o
Only in faad2-2.7/libfaad: rvlc.lo
Only in faad2-2.7/libfaad: rvlc.o
Only in faad2-2.7/libfaad: sbr_dct.lo
Only in faad2-2.7/libfaad: sbr_dct.o
Only in faad2-2.7/libfaad: sbr_dec.lo
Only in faad2-2.7/libfaad: sbr_dec.o
Only in faad2-2.7/libfaad: sbr_e_nf.lo
Only in faad2-2.7/libfaad: sbr_e_nf.o
Only in faad2-2.7/libfaad: sbr_fbt.lo
Only in faad2-2.7/libfaad: sbr_fbt.o
Only in faad2-2.7/libfaad: sbr_hfadj.lo
Only in faad2-2.7/libfaad: sbr_hfadj.o
Only in faad2-2.7/libfaad: sbr_hfgen.lo
Only in faad2-2.7/libfaad: sbr_hfgen.o
Only in faad2-2.7/libfaad: sbr_huff.lo
Only in faad2-2.7/libfaad: sbr_huff.o
Only in faad2-2.7/libfaad: sbr_qmf.lo
Only in faad2-2.7/libfaad: sbr_qmf.o
Only in faad2-2.7/libfaad: sbr_syntax.lo
Only in faad2-2.7/libfaad: sbr_syntax.o
Only in faad2-2.7/libfaad: sbr_tf_grid.lo
Only in faad2-2.7/libfaad: sbr_tf_grid.o
Only in faad2-2.7/libfaad: specrec.lo
Only in faad2-2.7/libfaad: specrec.o
Only in faad2-2.7/libfaad: ssr_fb.lo
Only in faad2-2.7/libfaad: ssr_fb.o
Only in faad2-2.7/libfaad: ssr_ipqf.lo
Only in faad2-2.7/libfaad: ssr_ipqf.o
Only in faad2-2.7/libfaad: ssr.lo
Only in faad2-2.7/libfaad: ssr.o
Only in faad2-2.7/libfaad: syntax.lo
Only in faad2-2.7/libfaad: syntax.o
Only in faad2-2.7/libfaad: tns.lo
Only in faad2-2.7/libfaad: tns.o
Only in faad2-2.7: libtool
Only in faad2-2.7: Makefile
Only in faad2-2.7/plugins: Makefile
Only in faad2-2.7/plugins/mpeg4ip: .deps
Only in faad2-2.7/plugins/mpeg4ip: Makefile
Only in faad2-2.7/plugins/xmms: Makefile
Only in faad2-2.7/plugins/xmms/src: .deps
Only in faad2-2.7/plugins/xmms/src: Makefile
Only in faad2-2.7: stamp-h1
--- End Message ---
--- Begin Message ---
Source: faad2
Source-Version: 2.8.0~cvs20150510-1
We believe that the bug you reported is fixed in the latest version of
faad2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Greffrath <[email protected]> (supplier of updated faad2
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 11 May 2015 13:59:49 +0200
Source: faad2
Binary: faad faad2-dbg libfaad-dev libfaad2
Architecture: source amd64
Version: 2.8.0~cvs20150510-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers
<[email protected]>
Changed-By: Fabian Greffrath <[email protected]>
Description:
faad - freeware Advanced Audio Decoder player
faad2-dbg - freeware Advanced Audio Decoder - debugging symbols
libfaad-dev - freeware Advanced Audio Decoder - development files
libfaad2 - freeware Advanced Audio Decoder - runtime files
Closes: 689712 715882
Changes:
faad2 (2.8.0~cvs20150510-1) unstable; urgency=medium
.
* New upstream CVS snapshot.
+ Does not crash when given ADTS AAC file with large ID3v2 tag anymore,
thanks Mike Crowe for the bug report and patch (Closes: #689712).
+ Does not crash with the Mayhem testcase anymore, thanks Alexandre Rebert
for the bug report (Closes: #715882).
* Add debian/README.source to document how the Debian source tarball was
created and force xz compression in debian/gbp.conf.
* Remove all patches that were either applied, solved differently or
disapproved upstream:
+ autotools-compat.patch: Disapproved upstream.
+ noinst-mp4ff.patch: Applied upstream.
+ manpage.patch: Applied upstream.
+ incorrect_pointer_size.patch: Does not apply anymore.
+ bpa-stdin.patch: Applied upstream.
+ path_max.patch: Applied upstream.
+ fix_ftbfs_with_gcc4.5.patch: Disapproved upstream.
+ symbol-visibility.patch: Does not apply anymore.
+ libfaad-drm.patch: Applied upstream.
* Ship upstream's own frontend and API documentation manpages.
* Update Debian packaging copyright years.
* Remove '__DATE__' CPP macro for reproducible builds.
Checksums-Sha1:
3a76a9d6108628a11ab6b4e99581f2f35b78616a 2231 faad2_2.8.0~cvs20150510-1.dsc
638cd1b8591720f80e438fd6c34b77679cf3c06f 513760
faad2_2.8.0~cvs20150510.orig.tar.xz
b4dd7bf2069d8d32bcd1904ca734b7bd040400c3 14980
faad2_2.8.0~cvs20150510-1.debian.tar.xz
56c6ea975a08bdbeef68e6032789d93d8f26419b 37284
faad_2.8.0~cvs20150510-1_amd64.deb
5a5524ba9d7ff24307e7fc84ca3bc76789937549 477474
faad2-dbg_2.8.0~cvs20150510-1_amd64.deb
fafa82b8f4e3b3541f73d5d81127facd84d4fa98 181092
libfaad-dev_2.8.0~cvs20150510-1_amd64.deb
28fb757c2a15a6c137cb7d0276a4df4c3e5dbfe9 166808
libfaad2_2.8.0~cvs20150510-1_amd64.deb
Checksums-Sha256:
84fdf3077b35937564f5242f7758fe45c0a3c75bc4c6006f5afef29d55a2057e 2231
faad2_2.8.0~cvs20150510-1.dsc
630de66d2e919d3547b095557d90478e4c9cf114cebe532adb45a6d81df0807a 513760
faad2_2.8.0~cvs20150510.orig.tar.xz
0c7df8d8e9b2f35fa04242ed78c0143f568659f7213ba1a5b6bc49c40637a4ca 14980
faad2_2.8.0~cvs20150510-1.debian.tar.xz
97c1bedcdb6faed0a5f4db90cdd3eb3e42364f97eb42a50dc50f5755029cf26c 37284
faad_2.8.0~cvs20150510-1_amd64.deb
368a2eb44d54d7995d25f0fc33d37549002fc3271911d24c0bf6284b16976496 477474
faad2-dbg_2.8.0~cvs20150510-1_amd64.deb
f140f0e10dfe07c64e80d5fa82bcebc1a26a27a02b6e135d7f0588cf6d5de054 181092
libfaad-dev_2.8.0~cvs20150510-1_amd64.deb
e59f5f060cdd7a1615e905ab2262f41722af1e78e472e8a614c60ba50b1a895b 166808
libfaad2_2.8.0~cvs20150510-1_amd64.deb
Files:
b74ee88e432b2744fc4782e8aa4f900d 2231 libs optional
faad2_2.8.0~cvs20150510-1.dsc
f4d65fe07fba8b3609b4d56eebfcc92a 513760 libs optional
faad2_2.8.0~cvs20150510.orig.tar.xz
763c4b2c15614ccd85c6933cbca3cf35 14980 libs optional
faad2_2.8.0~cvs20150510-1.debian.tar.xz
1ca73d9ef0e266d3c3a3aad442051445 37284 sound optional
faad_2.8.0~cvs20150510-1_amd64.deb
486eee546ed4755867b3d07cede912da 477474 debug extra
faad2-dbg_2.8.0~cvs20150510-1_amd64.deb
ca4acc5e3dd9cc752de59891feffb096 181092 libdevel optional
libfaad-dev_2.8.0~cvs20150510-1_amd64.deb
d298160a682dacde49220a36b4e1b209 166808 libs optional
libfaad2_2.8.0~cvs20150510-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVUJq2AAoJEMvqjpcMzVnfnUQQAM733VPAEI8vKqHD7SYlmneF
DDqv4YUcLp5lcDXsejZj8azYNnHoonwExWV1htrmrLytDCfrYwsML0Y5PS0QmD2i
H5vstunPNUYftrNnh6O3EmEc7Al5C0LFHBUCfx4tNN3Vn7dax9i+k4R5aR+m/LqQ
+iPsBnE0N6bSDnYy8GtKfobVyY1+TTi/xdEk/cin+K7G3jWpmbAosRG153fk4xm9
+9o96Jmwv9kESQIibowIPTM36wZNPJ5uZaS425jK79sjrNAssMiR/ghvchK5t5BF
fJFBecl+c4IcD9ms0hY3JObbCDRvPtyeaVuJn/kpGb6xVWky9c4KDvBYx+qykkCK
3TrHik/nlYUQM7UZ6AOgHY2WZfpAKcnfRspzkaivKhZNsPXAH0gNczDwQftmST+i
nWiJKVPhhypY9WBOKLxdD8iP0cBMzFaBnNEMin4lw/LQ7JJlqhkOOv1bhh+VGuFa
NDISvK/bJma6hmvnk9wdO8BR9V/5ZRMjgg2gGmqa6OoDXNZGB+06STsWC439/uHL
UjZCPbkeEPTwFn/xNWyPoUGA4Npp9zk7SxrEj1UqDYxMROrs4DsPMtX18zMATaSb
Ezr2MdiKO8/+SuG6wtUtWOqEXzJtJ+fJ/e8SFKRo3diQ6tfTHx1SjU2ZvDT957V0
pErlr61/styKBMqwCa05
=5z4D
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
