638044 – media-libs/id3lib-3.8.3-r8 crashes (stack smashing) when reading VBR MP3 file

Bug 638044 - media-libs/id3lib-3.8.3-r8 crashes (stack smashing) when reading VBR MP3 file

Summary: media-libs/id3lib-3.8.3-r8 crashes (stack smashing) when reading VBR MP3 file

Status:	RESOLVED DUPLICATE of bug 398571

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Sound Team

URL:
Whiteboard:
Keywords:	PATCH

Depends on:
Blocks:

Reported:	2017-11-18 19:27 UTC by Walther
Modified:	2022-05-28 07:56 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/9621
Package list:
Runtime testing required:	---

Attachments
Fix patch, corrects VBR_HEADER_MAX_SIZE (id3lib-3.8.3-vbr-header.patch,615 bytes, patch) 2017-11-18 19:27 UTC, Walther	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Walther 2017-11-18 19:27:47 UTC

Created attachment 504664 [details, diff]
Fix patch, corrects VBR_HEADER_MAX_SIZE

Full bug with fix explained on this thread:

https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466

As it stands, the stable id3lib version crashes when used on VBR files, and this causes segmentation faults on any program that relies on this lib on said files (like easytag).

Comment 1 Michael Palimaka (kensington) gentoo-dev

2017-11-19 07:02:38 UTC

Where does this package come from? I don't see it in the main tree.

Comment 2 Walther 2017-11-20 01:33:08 UTC

Argh, my bad. The package name is media-libs/id3lib/id3lib-3.8.3-r8.ebuild, I wrote it backwards :S

Comment 3 Andreas Sturmlechner gentoo-dev

2018-08-18 09:14:25 UTC

Fix from upstream tracker: https://sourceforge.net/p/id3lib/patches/61/

Comment 4 Thomas 2018-09-01 19:02:02 UTC

This is a duplicate of bug 398571 from 2012 (which somehow was never confirmed or fixed in the portage tree).

Comment 5 Sam James archtester

2022-05-28 07:56:19 UTC


*** This bug has been marked as a duplicate of bug 398571 ***