Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 512432 - media-libs/flac - Known heap corruption issue in metaflac
Summary: media-libs/flac - Known heap corruption issue in metaflac
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Sound Team
URL: https://git.xiph.org/?p=flac.git;a=co...
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2014-06-04 16:42 UTC by Jason Miller
Modified: 2014-09-27 22:16 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Miller 2014-06-04 16:42:30 UTC 
metaflac from media-libs/flac-1.3.0 has a known heap corruption issue.  There is no newer release currently.

The commit that fixes this problem is from just 2 weeks after the 1.3.0 release.


Reproducible: Always

Steps to Reproduce:
1. emerge media-libs/flac
2. metaflac --import-cuesheet-from=<any nontrivial cue sheet>

Actual Results:  
Depending on version of glibc and architecture, you will get errors (as heap layouts vary); if you run under valgrind, the errors should always be flagged.

If desired, I have a cuesheet that will trigger this every time on my stable amd64 system.

Expected Results:  
The cuesheet should have been added to the flac

Here's the commit to fix the problem: 

https://git.xiph.org/?p=flac.git;a=commitdiff;h=606fdfcaece19d3e05434bde57c289102a369069

It's a trivial patch that was made shortly after the release, so IMO we should apply that as part of the build process.  If not, we should mask 1.3.0

Either way it would be nice to have a live ebuild since releases are coming so slowly.
Comment 1 Samuli Suominen (RETIRED) gentoo-dev 2014-09-27 22:16:19 UTC 
in portage, as 1.3.0-r1