Bug 220374

Summary:

audio/id3lib: stack corruption and stack overflow abort (3.8.3)

Product:

Ports & Packages

Reporter:

Bob Eager <bob>

Component:

Individual Port(s)

Assignee:

Roman Bogorodskiy <novel>

Status:

Closed FIXED

Severity:

Affects Some People

CC:

kaeru, novel

Priority:

---

Flags:

bugzilla: maintainer-feedback? (kaeru)

Version:

Latest

Hardware:

Any

OS:

Any

Attachments:

Description	Flags
Patch as described in PR	none

Description Bob Eager 2017-06-29 22:49:22 UTC

Created attachment 183926 [details]
Patch as described in PR

This bug is due to a mis-sized array, and is visible when running easytag, although I suspect that it's intermittent.

Cause: a mis-sized array in mp3_parse.cpp at line 472. It should be 120, not 116 (see #define at line 468). The amount read into this array is set at line 497 onwards, and is dynamic; however, the maximum is 120, not 116! This probably causes an intermittent stack corruption.

This is an upstream bug that was said to have been fixed years ago, but the distfile on SourceForge (used by the port) does not include the fix.

Patch for the port attached (put in files/).

Comment 1 Roman Bogorodskiy freebsd_committer

2017-07-01 05:06:13 UTC

> This is an upstream bug that was said to have been fixed years ago, but the distfile on SourceForge (used by the port) does not include the fix.

Did the project move away from sourceforge?

Comment 2 Bob Eager 2017-07-01 08:54:29 UTC

I did look, and can't find any evidence that the project moved. I suspect the fix just didn't make it into SourceForge, but was applied downstream on Linux systems.

I assume that the maintainer would be more au fait with this.

However, this bug does impact applications; certainly I found that Easytag would break randomly.

Comment 3 Roman Bogorodskiy freebsd_committer

2017-07-01 09:47:34 UTC

Ah, I see.

Anyway, the upstream bug tracker also has this fix:

https://sourceforge.net/p/id3lib/bugs/189/

I'll commit the patch when maintainer approves it or after 2 weeks.

Comment 4 commit-hook freebsd_committer

2017-07-13 14:34:23 UTC

A commit references this bug:

Author: novel
Date: Thu Jul 13 14:34:02 UTC 2017
New revision: 445652
URL: https://svnweb.freebsd.org/changeset/ports/445652

Log:
  audio/id3lib: fix stack corruption bug

  Add a patch to fix stack corruption bug when reading IDv3 tags
  and VBR header information.

  PR:		220374
  Submitted by:	bob@eager.cx
  Obtained from:	https://sourceforge.net/p/id3lib/bugs/189/
  MFH:		2017Q3
  Approved by:	maintainer timeout

Changes:
  head/audio/id3lib/Makefile
  head/audio/id3lib/files/patch-src_mp3__parse.cpp

Comment 5 Roman Bogorodskiy freebsd_committer

2017-07-13 14:36:53 UTC

I've committed the patch, thanks!
Also, I plan to mfh that to the stable branch if approved, so not closing this for now.

Comment 6 commit-hook freebsd_committer

2017-07-15 06:27:09 UTC

A commit references this bug:

Author: novel
Date: Sat Jul 15 06:26:48 UTC 2017
New revision: 445849
URL: https://svnweb.freebsd.org/changeset/ports/445849

Log:
  MFH: r445652

  audio/id3lib: fix stack corruption bug

  Add a patch to fix stack corruption bug when reading IDv3 tags
  and VBR header information.

  PR:		220374
  Submitted by:	bob@eager.cx
  Obtained from:	https://sourceforge.net/p/id3lib/bugs/189/
  Approved by:	maintainer timeout

  Approved by:	ports-secteam (junovitch)

Changes:
_U  branches/2017Q3/
  branches/2017Q3/audio/id3lib/Makefile
  branches/2017Q3/audio/id3lib/files/patch-src_mp3__parse.cpp

Comment 7 Roman Bogorodskiy freebsd_committer

2017-07-15 06:36:39 UTC

MFH complete.