Package: xmms-scrobbler
Version: 0.3.8.1-4
Severity: important
Tags: patch
While reading id3v2 tags there is a situation with BOM parsing where
memsize is set negative in function tags/unicode.s:utf16bom_to_utf8 and a
trial to call strlen for null pointer in tags/id3v2.c:parseFrame.
This patch fixes those problems at least somehow and makes wchar_to_utf8
function more robust.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages xmms-scrobbler depends on:
ii libc6 2.3.6.ds1-8 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-1 common error description library
ii libcurl3 7.15.5-1 Multi-protocol file transfer libra
ii libidn11 0.6.5-1 GNU libidn library, implementation
ii libkrb53 1.4.4-5 MIT Kerberos runtime libraries
ii libmusic 2.1.4-1 Second generation incarnation of t
ii libssl0. 0.9.8c-4 SSL shared libraries
ii libstdc+ 4.1.1-19 The GNU Standard C++ Library v3
ii xmms 1:1.2.10+20061101-1 Versatile X audio player
ii zlib1g 1:1.2.3-13 compression library - runtime
xmms-scrobbler recommends no packages.
-- no debconf information
diff -Naur xmms-scrobbler-0.3.8.1/tags/id3v2.c xmms-scrobbler-0.3.8.1-patched/tags/id3v2.c
--- xmms-scrobbler-0.3.8.1/tags/id3v2.c 2005-02-20 21:11:22.000000000 +0200
+++ xmms-scrobbler-0.3.8.1-patched/tags/id3v2.c 2007-01-13 02:23:42.667399062 +0200
@@ -433,11 +433,20 @@
utf = realloc(utf, framedata->len);
strcpy(utf, data);
}
- framedata->len = strlen(utf) + 1;
- framedata->data = realloc(framedata->data, framedata->len);
- strcpy(framedata->data, utf);
+
+ if (utf != NULL)
+ {
+ framedata->len = strlen(utf) + 1;
+ framedata->data = realloc(framedata->data, framedata->len);
+ strcpy(framedata->data, utf);
+ free(utf);
+ }
+ else
+ {
+ framedata->len = 1;
+ framedata->data = realloc(framedata->data, framedata->len);
+ }
framedata->data[framedata->len - 1] = '\0';
- free(utf);
free(data);
}
/* Or unsync. */
diff -Naur xmms-scrobbler-0.3.8.1/tags/unicode.c xmms-scrobbler-0.3.8.1-patched/tags/unicode.c
--- xmms-scrobbler-0.3.8.1/tags/unicode.c 2004-03-28 21:15:37.000000000 +0300
+++ xmms-scrobbler-0.3.8.1-patched/tags/unicode.c 2007-01-13 02:27:43.034319439 +0200
@@ -86,6 +86,11 @@
{
int i;
unsigned char *mem, *ptr;
+
+ if (memsize < 0)
+ {
+ return 0;
+ }
mem = calloc(memsize * 6 + 1, 1);
ptr = mem;
@@ -157,6 +162,11 @@
unsigned char utf16char[2];
int endian = 0, i;
+ if (memsize < 2)
+ {
+ return;
+ }
+
wchar = calloc(sizeof(wchar_t) * memsize / 2 - 1, 1);
for(i = 0; i < memsize; i += 2)
{
