From 8b5f47d3a327fb4fcc1fef6cb5c610a999aae82c Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 29 Jan 2015 08:20:14 +0100 Subject: [PATCH 1/5] decoder/DsdLib: raise ID3 tag limit to 1 MB A bug report was submitted with a 600 kB ID3 tag that could not be read by MPD. --- NEWS | 2 ++ src/decoder/plugins/DsdLib.cxx | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 097da9199..ed6f0912e 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,6 @@ ver 0.19.9 (not yet released) +* decoder + - dsdiff, dsf: raise ID3 tag limit to 1 MB * fix build failure with uClibc * fix build failure on non-POSIX operating systems diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 7321261f6..8ce1a94a3 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -125,7 +125,7 @@ dsdlib_tag_id3(InputStream &is, const id3_length_t count = size - offset; - if (count < 10 || count > 256*1024) + if (count < 10 || count > 1024 * 1024) return; id3_byte_t *const id3_buf = static_cast(xalloc(count)); From 56662a703c82252d9d5ff7002d74ea28527aaa1d Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 29 Jan 2015 08:23:01 +0100 Subject: [PATCH 2/5] decoder/DsdLib: free ID3 buffer right after id3_tag_parse() Merge two free() calls. --- src/decoder/plugins/DsdLib.cxx | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 8ce1a94a3..180981620 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -136,16 +136,13 @@ dsdlib_tag_id3(InputStream &is, } struct id3_tag *id3_tag = id3_tag_parse(id3_buf, count); - if (id3_tag == nullptr) { - free(id3_buf); + free(id3_buf); + if (id3_tag == nullptr) return; - } scan_id3_tag(id3_tag, handler, handler_ctx); id3_tag_delete(id3_tag); - - free(id3_buf); return; } #endif From 7bf638b0deedf02aea46e72f6f3c848e86f2ce0d Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 29 Jan 2015 08:21:51 +0100 Subject: [PATCH 3/5] decoder/DsdLib: use new[] to allocate the ID3 buffer Don't abort the process if there's not enough memory. This buffer is not important and can be large. --- src/decoder/plugins/DsdLib.cxx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 180981620..d826970f7 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -128,15 +128,17 @@ dsdlib_tag_id3(InputStream &is, if (count < 10 || count > 1024 * 1024) return; - id3_byte_t *const id3_buf = static_cast(xalloc(count)); + id3_byte_t *const id3_buf = new id3_byte_t[count]; + if (id3_buf == nullptr) + return; if (!decoder_read_full(nullptr, is, id3_buf, count)) { - free(id3_buf); + delete[] id3_buf; return; } struct id3_tag *id3_tag = id3_tag_parse(id3_buf, count); - free(id3_buf); + delete[] id3_buf; if (id3_tag == nullptr) return; From 39abd3ecb493c2a12dd08a31042dce07664642d2 Mon Sep 17 00:00:00 2001 From: PHO Date: Mon, 26 Jan 2015 14:54:16 +0900 Subject: [PATCH 4/5] Avoid integer overflow in MonotonicClock{S,MS,US} This is Darwin specific: the previous implementation was causing an integer overflow when base.numer is very large. On PPC Darwin, the timebase info is 1000000000/33330116 and this is too large for integer arithmetic. --- NEWS | 1 + src/system/Clock.cxx | 12 ++++++------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index ed6f0912e..ac9caacb1 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,7 @@ ver 0.19.9 (not yet released) * decoder - dsdiff, dsf: raise ID3 tag limit to 1 MB +* fix clock integer overflow on OS X * fix build failure with uClibc * fix build failure on non-POSIX operating systems diff --git a/src/system/Clock.cxx b/src/system/Clock.cxx index 9baa0c0ca..c2f5e5087 100644 --- a/src/system/Clock.cxx +++ b/src/system/Clock.cxx @@ -40,8 +40,8 @@ MonotonicClockS(void) if (base.denom == 0) (void)mach_timebase_info(&base); - return (unsigned)((mach_absolute_time() * base.numer / 1000) - / (1000000 * base.denom)); + return (unsigned)(((double)mach_absolute_time() * base.numer / 1000) + / base.denom / 1000000); #elif defined(CLOCK_MONOTONIC) struct timespec ts; clock_gettime(CLOCK_MONOTONIC, &ts); @@ -62,8 +62,8 @@ MonotonicClockMS(void) if (base.denom == 0) (void)mach_timebase_info(&base); - return (unsigned)((mach_absolute_time() * base.numer) - / (1000000 * base.denom)); + return (unsigned)(((double)mach_absolute_time() * base.numer) + / base.denom / 1000000); #elif defined(CLOCK_MONOTONIC) struct timespec ts; clock_gettime(CLOCK_MONOTONIC, &ts); @@ -104,8 +104,8 @@ MonotonicClockUS(void) if (base.denom == 0) (void)mach_timebase_info(&base); - return ((uint64_t)mach_absolute_time() * (uint64_t)base.numer) - / (1000 * (uint64_t)base.denom); + return (uint64_t)(((double)mach_absolute_time() * base.numer) + / base.denom / 1000); #elif defined(CLOCK_MONOTONIC) struct timespec ts; clock_gettime(CLOCK_MONOTONIC, &ts); From 3adca3c2fa21c4062aff62872b8f7f71d7cffe3e Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 29 Jan 2015 08:37:23 +0100 Subject: [PATCH 5/5] db/update/Walk: use std::unique_ptr instead of std::auto_ptr std::auto_ptr is deprecated, and std::unique_ptr is much better anyway. --- src/db/update/Walk.cxx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/db/update/Walk.cxx b/src/db/update/Walk.cxx index f71faa86d..9fdb5bbdf 100644 --- a/src/db/update/Walk.cxx +++ b/src/db/update/Walk.cxx @@ -334,7 +334,7 @@ UpdateWalk::UpdateDirectory(Directory &directory, const FileInfo &info) directory_set_stat(directory, info); Error error; - const std::auto_ptr reader(storage.OpenDirectory(directory.GetPath(), error)); + const std::unique_ptr reader(storage.OpenDirectory(directory.GetPath(), error)); if (reader.get() == nullptr) { LogError(error); return false;