Bug#724268: alsaplayer-common: Flac plugin crashes with SIGSEGV

Sun, 22 Sep 2013 22:54:38 -0700 

Package: alsaplayer-common

Version: 0.99.80-5.1

Dear Maintainer,

Looks like FLAC plugin from alsaplayer-common package has an issue
that leads to crash. Take a look
at the following piece of code from
alsaplayer-0.99.80/input/flac/FlacPlugin.cpp line 125:


static int
flac_open (input_object * obj, const char * name)
{
    .........
    obj->flags = 0;
    Flac::FlacStream * f = 0;
    try
    {
    if (Flac::FlacStream::isFlacStream (name))
    {
        if (reader_seekable (rdr))
        {
        f = new Flac::FlacSeekableStream (name, rdr);
        obj->flags |= P_SEEK | P_PERFECTSEEK;
        }
        else
        f = new Flac::FlacStream (name, rdr);
    }
#ifdef HAVE_LIBOGGFLC
    else
    {
        f = new Flac::OggFlacStream (name, rdr);
    }
#endif
    }
    catch (...)
    {
    alsaplayer_error ("flac_open: unable to allocate memory for plugin.");
    delete f;
    reader_close (rdr);
    return 0;
    }

->  if (f->open ())
    {
    .........
}

If package is built with HAVE_LIBOGGFLC macro undefined and
Flac::FlacStream::isFlacStream(name)
returns false, variable f remains NULL. It is not checked for NULL when
referenced and so player crashes.

I can observe this crash on release 7.1 on some (valid?) flac files course
looks like package is built with
undefined HAVE_LIBOGGFLC macro.

We need to check for f != NULL before it's referenced or take some other
workaround about it. Anyway IMHO
SIGSEGV isn't the best way to handle broken flac files :)

Best regards

-- System Information:
Debian Release: 7.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages alsaplayer-common depends on:
ii  alsaplayer-alsa [alsaplayer-output]    0.99.80-5.1
ii  alsaplayer-gtk [alsaplayer-interface]  0.99.80-5.1
ii  libc6                                  2.13-38
ii  libflac8                               1.2.1-6
ii  libgcc1                                1:4.7.2-5
ii  libglib2.0-0                           2.33.12+really2.32.4-5
ii  libid3tag0                             0.15.1b-10
ii  libmad0                                0.15.1b-7
ii  libmikmod2                             3.1.12-5
ii  libogg0                                1.3.0-4
ii  libsndfile1                            1.0.25-5
ii  libstdc++6                             4.7.2-5
ii  libvorbis0a                            1.3.2-1.3
ii  libvorbisfile3                         1.3.2-1.3
ii  zlib1g                                 1:1.2.7.dfsg-13

alsaplayer-common recommends no packages.

alsaplayer-common suggests no packages.

-- no debconf information

Reply via email to