Bug 220374 - audio/id3lib: stack corruption and stack overflow abort (3.8.3)
Summary: audio/id3lib: stack corruption and stack overflow abort (3.8.3)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Roman Bogorodskiy
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-29 22:49 UTC by Bob Eager
Modified: 2017-07-15 06:36 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (kaeru)

Attachments
Patch as described in PR (506 bytes, text/x-c++src)
2017-06-29 22:49 UTC, Bob Eager 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bob Eager 2017-06-29 22:49:22 UTC 
Created attachment 183926 [details]
Patch as described in PR

This bug is due to a mis-sized array, and is visible when running easytag, although I suspect that it's intermittent.

Cause: a mis-sized array in mp3_parse.cpp at line 472. It should be 120, not 116 (see #define at line 468). The amount read into this array is set at line 497 onwards, and is dynamic; however, the maximum is 120, not 116! This probably causes an intermittent stack corruption.

This is an upstream bug that was said to have been fixed years ago, but the distfile on SourceForge (used by the port) does not include the fix.

Patch for the port attached (put in files/).
Comment 1 Roman Bogorodskiy freebsd_committer freebsd_triage 2017-07-01 05:06:13 UTC 
> This is an upstream bug that was said to have been fixed years ago, but the distfile on SourceForge (used by the port) does not include the fix.

Did the project move away from sourceforge?
Comment 2 Bob Eager 2017-07-01 08:54:29 UTC 
I did look, and can't find any evidence that the project moved. I suspect the fix just didn't make it into SourceForge, but was applied downstream on Linux systems.

I assume that the maintainer would be more au fait with this.

However, this bug does impact applications; certainly I found that Easytag would break randomly.
Comment 3 Roman Bogorodskiy freebsd_committer freebsd_triage 2017-07-01 09:47:34 UTC 
Ah, I see.

Anyway, the upstream bug tracker also has this fix:

https://sourceforge.net/p/id3lib/bugs/189/

I'll commit the patch when maintainer approves it or after 2 weeks.
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-07-13 14:34:23 UTC 
A commit references this bug:

Author: novel
Date: Thu Jul 13 14:34:02 UTC 2017
New revision: 445652
URL: https://svnweb.freebsd.org/changeset/ports/445652

Log:
  audio/id3lib: fix stack corruption bug

  Add a patch to fix stack corruption bug when reading IDv3 tags
  and VBR header information.

  PR:		220374
  Submitted by:	bob@eager.cx
  Obtained from:	https://sourceforge.net/p/id3lib/bugs/189/
  MFH:		2017Q3
  Approved by:	maintainer timeout

Changes:
  head/audio/id3lib/Makefile
  head/audio/id3lib/files/patch-src_mp3__parse.cpp
Comment 5 Roman Bogorodskiy freebsd_committer freebsd_triage 2017-07-13 14:36:53 UTC 
I've committed the patch, thanks!
Also, I plan to mfh that to the stable branch if approved, so not closing this for now.
Comment 6 commit-hook freebsd_committer freebsd_triage 2017-07-15 06:27:09 UTC 
A commit references this bug:

Author: novel
Date: Sat Jul 15 06:26:48 UTC 2017
New revision: 445849
URL: https://svnweb.freebsd.org/changeset/ports/445849

Log:
  MFH: r445652

  audio/id3lib: fix stack corruption bug

  Add a patch to fix stack corruption bug when reading IDv3 tags
  and VBR header information.

  PR:		220374
  Submitted by:	bob@eager.cx
  Obtained from:	https://sourceforge.net/p/id3lib/bugs/189/
  Approved by:	maintainer timeout

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/audio/id3lib/Makefile
  branches/2017Q3/audio/id3lib/files/patch-src_mp3__parse.cpp
Comment 7 Roman Bogorodskiy freebsd_committer freebsd_triage 2017-07-15 06:36:39 UTC 
MFH complete.