flac dev - Sep 2004 - [don@donarmstrong.com: Bug#274301: libflac4 segfaults on corrupt flac files]

----- Forwarded message from Don Armstrong <don@donarmstrong.com> -----

Date: Thu, 30 Sep 2004 16:19:41 -0700
From: Don Armstrong <don@donarmstrong.com>
Resent-From: Don Armstrong <don@donarmstrong.com>
To: submit@bugs.debian.org
Subject: Bug#274301: libflac4 segfaults on corrupt flac files

Severity: normal
Package: libflac4
Version: 1.1.0-11

Running ogg123 on http://rzlab.ucr.edu/debian/libflac/crash.flac
results in a segfault in libFLAC:

(gdb) bt full
#0  0x40205422 in FLAC__bitbuffer_read_rice_signed_block (bb=0x80601b8,
vals=0x807dd80, nvals=4294967293, parameter=9,
    read_callback=0x40220080 <read_callback_>, client_data=0x805ba58) at
bitbuffer.c:2254
	available_bits = 134733184
	buffer = (
    const FLAC__blurb *) 0x8060228
"o?z\023\017\a???\216???c??????vc?\201q\030NE+\030\213?5*?k??R2?\035?\207iP!?\237??oQ??\207?\202\"?\235\220?\212Us??v??f??\231%\233??qJ??oLF\024???>?j%\237??"
	i = 44552
	j = 8
	val_i = 70816
	cbits = 1
	uval = 631
	msbs = 1
	lsbs_left = 1
	blurb = 158 '\236'
	save_blurb = 196 '?'
	state = 1
#1  0x4021f88d in read_residual_partitioned_rice_ (decoder=0x805ba58,
predictor_order=3, partition_order=14, partitioned_rice_contents=0x805f478,
    residual=0x807dd80) at stream_decoder.c:1975
	rice_parameter = 9
	i = 2
	partition = 0
	sample = 0
	u = 4294967293
	partitions = 16384
	partition_samples = 0
#2  0x4021f01f in read_subframe_fixed_ (decoder=0x805ba58, channel=1, bps=16,
order=3) at stream_decoder.c:1832
	subframe = (FLAC__Subframe_Fixed *) 0x805f988
	i32 = -31667
	u32 = 14
	u = 14
#3  0x4021ecd7 in read_subframe_ (decoder=0x805ba58, channel=1, bps=1) at
stream_decoder.c:1751
	x = 22
	wasted_bits = 0
#4  0x4021e190 in read_frame_ (decoder=0x805ba58, got_a_frame=0xbffff360) at
stream_decoder.c:1353
	bps = 4294966980
	channel = 1
	i = 4294966980
	mid = 1
	side = 4608
	left = 8
	frame_crc = 4608
	x = 248
#5  0x4021c6e0 in FLAC__stream_decoder_process_single (decoder=0x805ba58) at
stream_decoder.c:596
	got_a_frame = 0
#6  0x08053774 in EasyFLAC__process_single (decoder=0x805ba30) at
../../ogg123/easyflac.c:356
No locals.
#7  0x08052690 in flac_init (source=0x805aa60, ogg123_opts=0x8059d60,
audio_fmt=0xbffff3e0, callbacks=0xbffff408, callback_arg=0x407ed008)
    at ../../ogg123/flac_format.c:181
	decoder = (decoder_t *) 0x805b990
	private = (flac_private_t *) 0x805b9d0
	ret = -1073745000
#8  0x0804fec0 in play (source_string=0x805b8d0 "crash.flac") at
../../ogg123/ogg123.c:464
	transport = (transport_t *) 0x80586c0
	format = (format_t *) 0x8058820
	source = (data_source_t *) 0x805aa60
	decoder = (decoder_t *) 0x10000000
	decoder_callbacks = {printf_error = 0x804d0d8
<decoder_buffered_error_callback>,
  printf_metadata = 0x804d255 <decoder_buffered_metadata_callback>}
	decoder_callbacks_arg = (void *) 0x407ed008
	old_audio_fmt = {big_endian = 0, word_size = 0, signed_sample = 0, rate = 0,
channels = 0}
	new_audio_fmt = {big_endian = 0, word_size = 2, signed_sample = 1, rate = 0,
channels = 0}
	reopen_arg = (audio_reopen_arg_t *) 0x0
	eof = 0
	eos = 0
	ret = 0
	nthc = 0
	ntimesc = 0
	next_status = 0
	status_interval = 0
#9  0x0804fd23 in main (argc=2, argv=0xbffff584) at ../../ogg123/ogg123.c:393
	optind = 1
	playlist_array = (char **) 0x805b8c0
	items = 1
	stat_buf = {st_dev = 2073, __pad1 = 0, st_ino = 3041522, st_mode = 33188,
st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0,
  st_size = 110592, st_blksize = 4096, st_blocks = 224, st_atim = {tv_sec =
1096585478, tv_nsec = 271352832}, st_mtim = {tv_sec = 1096585268,
    tv_nsec = 0}, st_ctim = {tv_sec = 1096585340, tv_nsec = 284815843},
__unused4 = 0, __unused5 = 0}
	i = 0
(gdb) info threads
* 1 process 8083  0x40205422 in FLAC__bitbuffer_read_rice_signed_block
(bb=0x80601b8, vals=0x807dd80, nvals=4294967293, parameter=9,
    read_callback=0x40220080 <read_callback_>, client_data=0x805ba58) at
bitbuffer.c:2254
(gdb) 







See http://rzlab.ucr.edu/debian/libflac/core and
http://rzlab.ucr.edu/debian/libflac/ for debugging versions of the
packages used to create the corefile and backtrace.


Don Armstrong

-- 
More than any other time in history, mankind faces a crossroads.
One path leads to despair and utter hopelessness.
The other, to total extinction.
Let us pray we have the wisdom to choose correctly.
 -- Woody Allen

http://www.donarmstrong.com http://rzlab.ucr.edu



----- End forwarded message -----

-- 
 - mdz

fixed in CVS, thanks.

Josh



		
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com