On Wed, Jan 26, 2005 at 07:33:45PM -0500, Anthony DeRobertis wrote:
> Package: xmms-scrobbler
> Followup-For: Bug #290128
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> The broken macros in endian.h create absurd results when dealing with
> numbers > 127 due to assuming char is unsigned.
>
> Basically, it returns a really large number (e.g., several gigs), which
> is then passed to malloc. malloc (naturally) returns NULL on 32-bit
> archs. The result of malloc is not tested (ugh...), and then a memcpy to
> NULL is attempted. [The results would be different, possibly worse, on a
> 64-bit arch where the malloc could succeed.]
Thanks for the info, I'll try to work on it shortly, I'm currently still
waiting for xmms-scrobbler to come back out of NEW (it's moving to
main), but I'll work on it as soon as I've got some time.
> If you change debian/rules to do:
> CFLAGS="$(CFLAGS)" configure ...
> (you should probably do this anyway)
>
> and then
> export DEB_BUILD_OPTS='noopt,nostrip'
> dpkg-buildpackage -rfakeroot -b -uc
>
> install the resulting package, and you can easily watch the crash by
> running xmms (or I assume bmp) under ddd. The backtrace the reporter
> provided is wrong due to compiling with optimizations (ok, not wrong,
> but misleading).
>
> See my post on the AudioScrobbler forums:
> http://www.audioscrobbler.com/forum/4/_/18676
>
> I've patched it locally as shown in that post; that's the only reason
> most of my music doesn't crash xmms.
>
> PS: glib provides, I believe, endian conversion functions; any reason
> not to use those?
I'll have to think about this one.
> PS(2): ALWAYS check the result of malloc. malloc hates you. malloc will
>fail when you least expect it.
Agreed, I'm still going through the code and trying to make sure that
there are checks in place, it seems insane to kill xmms when we could
just discard the tag in a neat manner.
> PS(3): Doesn't libvorbis or libvorbisfile already have things for
> reading Vorbis tags? Any reason not to use it?
It appears that the upstream guys use as few external libraries as is
humanly possible for the plugin, which is probably why that's not linked
in. I'll take a look when I get some time.
--
Brett Parker
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
