12208 – segfault in cdcd due to bug in libcdaudio 0.99.6

Bug 12208 - segfault in cdcd due to bug in libcdaudio 0.99.6

Summary: segfault in cdcd due to bug in libcdaudio 0.99.6

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	x86 Linux

Importance:	High normal (vote)
Assignee:	SpanKY

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	12210
	Show dependency tree

Reported:	2002-12-15 12:25 UTC by Sam Yates
Modified:	2003-02-04 19:42 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Fixes wrong fprintf() call, plus some error checks. (libcdaudio-0.99.6-fprintf+errorret.patch,987 bytes, patch) 2002-12-16 16:33 UTC, Sam Yates	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam Yates 2002-12-15 12:25:00 UTC

In libcdaudio-0.99.6, cddb.c there is the line

fprintf(stdout, "%*s\n", index, index, inbuffer);

which is just wrong, and can (and has) caused segfaults.
Fixed in patch to libcdaudio below, along with a couple of
error checks - one of which did cause cdcd to display garbage
instead of an error message.

--- libcdaudio-0.99.6/source/cddb.c     2001-08-18 16:26:19.000000000 +0200
+++ libcdaudio-0.99.6-patched/source/cddb.c     2002-12-15 18:29:26.000000000 +0100
@@ -840,7 +840,7 @@
     inbuffer[index] = inchar;
   }
   
-  fprintf(stdout, "%*s\n", index, index, inbuffer); 
+  fprintf(stdout, "%*s\n", index, inbuffer); 
   return index;
 }
 
@@ -916,7 +916,7 @@
   free(outbuffer);
    
   if(mode == CDDB_MODE_HTTP)
-    cddb_skip_http_header(sock);
+    if (cddb_skip_http_header(sock)<0) return -1;
 
   if((inbuffer = malloc(256)) == NULL)
     return -1;
@@ -1160,11 +1160,13 @@
             cddb_genre(entry->entry_genre),
             entry->entry_id);
        
-  send(sock, outbuffer, strlen(outbuffer), 0);
+  if (send(sock, outbuffer, strlen(outbuffer), 0)<0)
+    return -1;
+
   free(outbuffer);
    
   if(mode == CDDB_MODE_HTTP)
-    cddb_skip_http_header(sock);
+    if (cddb_skip_http_header(sock)<0) return -1;
 
   if(cddb_read_token(sock, token) < 0)
     return -1;

Comment 1 SpanKY gentoo-dev

2002-12-15 12:27:59 UTC

-  send(sock, outbuffer, strlen(outbuffer), 0); 
+  if (send(sock, outbuffer, strlen(outbuffer), 0)<0) 
+    return -1; 
+ 
   free(outbuffer); 
 
wouldnt it be better to save the return value, free the buffer, then check the return 
value ?  as it is it looks like you just generated a memleak

Comment 2 Sam Yates 2002-12-15 15:26:43 UTC

Yes, you're perfectly correct!

Could you pretend I got it right the first time? :)

Comment 3 SpanKY gentoo-dev

2002-12-16 13:02:14 UTC

could you please post said patch as an attachement ?

when you post it as a comment the whitespace gets all screwed up making the
patch invalid ...

Comment 4 Sam Yates 2002-12-16 16:33:51 UTC

Created attachment 6549 [details, diff]
Fixes wrong fprintf() call, plus some error checks.

Patch attached - hopefully without memleaks this time!

Comment 5 SpanKY gentoo-dev

2002-12-16 18:41:15 UTC

all set now, thx for the patch

http://cvs.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-x86/media-libs/libcdaudio/files/libcdaudio-0.99.6-sanity-checks.patch?rev=1.1&content-type=text/vnd.viewcvs-markup
http://cvs.gentoo.org/cgi-bin/viewcvs.cgi/gentoo-x86/media-libs/libcdaudio/libcdaudio-0.99.6-r1.ebuild?rev=1.1&content-type=text/vnd.viewcvs-markup