When libid3tag is disabled, the libmad decoder plugin is unable to
identify ID3 frames. If the file starts with an (unidentified) ID3
frame, it assumes that the file is not a valid MP3 song. This patch
solves this by adding minimal stubs for the ID3 functions.
The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc(). This is dangerous, and
may be used for a denial of service attack on MPD.
On Windows only daemonize_close_stdin() function does
something. Other functions are either empty or generate an
error. Those have been moved to header file and declared
static inline so compiler can remove the call all together.
The functions were not "const" (they examined values pointed
by arguments passed to them, quoting gcc's doc: "Note that
a function that has pointer arguments and examines the data
pointed to must _not_ be declared 'const'.") but rather
"pure" and still not all of them.
Note also, that even some of the functions declared "pure"
are not pure, however, due to reasons stated in source code
the attribute has been kept.
The "group" configuration option is similar to "user" as it
sets user set what group MPD shall run as. With "user"
option, MPD changed GID to the GID of the user, however,
more control could be desired.
Moreover, the patch changes the way of checking whether no
setuid(2)/setgid(2) is required -- previously user names
were compered, now UID and GIDs are compered (ie. the one we
already have (getuid(2)/getgid(2)) with the one we want to
change to).
The expression "tagLen - size > 0" may result in an integer underflow
and a buffer overflow, when "size" is larger than "tagLen". "size" is
read from the input file, and must not be trusted. This patch changes
the expression to "tagLen > size", which is a lot safer.
The glue_*() functions act as a glue between MPD's main() function and
its libraries. They handle disabled features, and pass validated
configuration options.
Since version 0.14, MPD has been logging to standard error instead of
standard output. The option name should reflect that. The old option
continues to work, we will remove it in a future MPD release.
This encoder plugin is a replacement for the LAME encoder plugin for
those who prefer a "free" (non-patent encumbered) encoder library.
Most of the plugin source code is copied from the LAME encoder plugin,
since the LAME and TwoLAME APIs are nearly the same.