On 11/9/07, Rafael Laboissiere <[EMAIL PROTECTED]> wrote: > package mtp-tools > tags 450651 upstream > thanks > > You will find below a bug report filed against the mtp-tools package in > Debian. Please, note that two separate issues are reported: one more > serious regarding crashes due to the use of atoi and a second one about > memory leaks. > > Please respect the Reply-To header, such that this discussion is recorded > in > the Debian BTS [1]. > > [1] http://bugs.debian.org/450651 > > Thanks for considering these issues in the next release of libmtp. > > Cheers, > > Rafael Laboissiere > > ----- Forwarded message from Chris Waters <[EMAIL PROTECTED]> ----- > > From: Chris Waters <[EMAIL PROTECTED]> > Subject: Bug#450651: libmtp: signed/unsigned int problems in examples/utils > Date: Thu, 8 Nov 2007 12:00:48 -0800 > To: [EMAIL PROTECTED] > Reply-To: Chris Waters <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > > Package: mtp-tools > Version: 0.2.2-2 > Tags: patch > > The example code which comes with libmtp and which is used to create > the command-line tools in the mtp-tools package uses atoi(3) for some > of its command-line parsing, which has problems if the file ids on the > mtp device are greater than INT_MAX. I managed to crash my mp3 player > by making a playlist with bad data because of this bug. > > I've patched the utils to use strtoul instead, and the rebuilt package > is working great here, so I'm sending you the patch. You may want to > forward this to upstream as well. > > My patch also fixes a few (though not all) minor memory leaks. > Apparently someone didn't realize that strdup(3) calls malloc(3). > These leaks are probably mostly harmless, since the programs exit > after doing their work, which frees all the leaked memory, but as a > matter of general principle, I tried to fix the most obvious ones I > spotted. If you'd prefer, I can send you a trimmed-down patch which > only fixes the signed/unsigned problems. > > cheers > -- > Chris Waters | Pneumonoultra- osis is too long > [EMAIL PROTECTED] | microscopicsilico- to fit into a single > or [EMAIL PROTECTED] | volcaniconi- standalone haiku > > diff -ur libmtp-0.2.2.old/examples/albumart.c > libmtp-0.2.2/examples/albumart.c > --- libmtp-0.2.2.old/examples/albumart.c 2007-03-28 23:00:40.000000000 > -0700 > +++ libmtp-0.2.2/examples/albumart.c 2007-11-07 22:48:24.000000000 -0800 > @@ -43,6 +43,7 @@ > char *imagedata = NULL; > char *albumname = NULL; > char *path = NULL; > + char *rest; > struct stat statbuff; > > fprintf(stdout, "libmtp version: " LIBMTP_VERSION_STRING "\n\n"); > @@ -58,7 +59,7 @@ > return 1; > } > ids = tmp; > - ids[(idcount-1)] = atoi(strdup(optarg)); > + ids[(idcount-1)] = strtoul(optarg, &rest, 0); > break; > case 'n': > albumname = strdup(optarg); > diff -ur libmtp-0.2.2.old/examples/newplaylist.c > libmtp-0.2.2/examples/newplaylist.c > --- libmtp-0.2.2.old/examples/newplaylist.c 2007-03-28 23:00:41.000000000 > -0700 > +++ libmtp-0.2.2/examples/newplaylist.c 2007-11-07 22:46:39.000000000 > -0800 > @@ -39,6 +39,7 @@ > uint32_t *ids = NULL; > uint32_t *tmp = NULL; > char *playlistname = NULL; > + char *rest; > > fprintf(stdout, "libmtp version: " LIBMTP_VERSION_STRING "\n\n"); > > @@ -53,7 +54,7 @@ > return 1; > } > ids = tmp; > - ids[(idcount-1)] = atoi(strdup(optarg)); > + ids[(idcount-1)] = strtoul(optarg, &rest, 0); > break; > case 'n': > playlistname = strdup(optarg); > diff -ur libmtp-0.2.2.old/examples/pathutils.c > libmtp-0.2.2/examples/pathutils.c > --- libmtp-0.2.2.old/examples/pathutils.c 2007-03-16 08:19:44.000000000 > -0700 > +++ libmtp-0.2.2/examples/pathutils.c 2007-11-07 22:58:01.000000000 -0800 > @@ -56,9 +56,11 @@ > int > parse_path (char * path, LIBMTP_file_t * files, LIBMTP_folder_t * folders) > { > + char *rest; > // Check if path is an item_id > if (*path != '/') { > - int item_id = atoi(path); > + int item_id = strtoul(path, &rest, 0); > + // really should check contents of "rest" here... > return item_id; > } > // Check if path is a folder > @@ -83,11 +85,13 @@ > if (file->parent_id == parent_id) { > if (strcasecmp (file->filename, filename) == 0) { > int item_id = file->item_id; > + free(dirc); free(basec); > return item_id; > } > } > file = file->next; > } > + free(dirc); free(basec); > } else { > return item_id; > } > diff -ur libmtp-0.2.2.old/examples/thumb.c libmtp-0.2.2/examples/thumb.c > --- libmtp-0.2.2.old/examples/thumb.c 2007-03-28 23:00:41.000000000 -0700 > +++ libmtp-0.2.2/examples/thumb.c 2007-11-07 23:02:36.000000000 -0800 > @@ -41,6 +41,7 @@ > uint64_t filesize; > uint8_t *imagedata = NULL; > char *path = NULL; > + char *rest; > struct stat statbuff; > int ret; > > @@ -51,7 +52,7 @@ > case 'h': > usage(); > case 'i': > - id = atoi(strdup(optarg)); > + id = strtoul(optarg, &rest, 0); > break; > default: > usage(); > > > ----- End forwarded message ----- > > -- > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Libmtp-discuss mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/libmtp-discuss >
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
