When libid3tag is disabled, the libmad decoder plugin is unable to
identify ID3 frames. If the file starts with an (unidentified) ID3
frame, it assumes that the file is not a valid MP3 song. This patch
solves this by adding minimal stubs for the ID3 functions.
The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc(). This is dangerous, and
may be used for a denial of service attack on MPD.
The expression "tagLen - size > 0" may result in an integer underflow
and a buffer overflow, when "size" is larger than "tagLen". "size" is
read from the input file, and must not be trusted. This patch changes
the expression to "tagLen > size", which is a lot safer.
When the filesystem_charset is changed in mpd.conf, MPD should discard
the old database. In this error branch, MPD did not fill the GError
object properly, and logged a warning message instead, which caused a
segmentation fault.
- introduce a section explaining the mpd.conf format, as done in the man page:
is it better to re-explain it here or ointing the user to the man page,
avoiding information dupplication?
- reorganizze some sections of the manual to give them a linear aspect...
When MPD was paused, and the client sent the "stop" command (or
"clear"), a glitch caused MPD to continue playback for a split second.
This was because audio_output_all_cancel() calls
audio_output_all_update(), which reopens all output devices, and
re-ignites the playback loop.
When decoding a local file, the decoder thread tries to run all
matching decoders, until one succeeds. Both file_decode() and
stream_decode() can decode a stream, but MPD closes the stream before
calling file_decode(). Problem is: when this decoder fails, and the
next's stream_decode() method is invoked, the input_stream is still
closed. This patch reopens it.
Several users had problems with binding MPD to "localhost". The cause
was duplicate /etc/hosts entries: the resolver library returns
127.0.0.1 twice, and of course, MPD attempts to bind to "both" of
them. This patch makes failures non-fatal, given that at least one
address was bound successfully. This is a workaround; users should
rather fix their /etc/hosts file.
When client_defer_output() aborts the connection to the client,
client_write_output() called client_write_deferred() anyway. This
caused an assertion failure. Fix it by checking for the "expired"
flag again after client_defer_output() returns.
When the decoder is finished, break out of the player loop only after
another player.pipe check. We did check the pipe size a few lines
above, but that check was kind of racy.
When a music_chunk only contains a tag but no PCM data, play_chunk()
returns true without freeing the chunk. The caller now assumes that
the chunk is moved into some music_pipe and does not bother to free it
either.
To check for leaked music_chunk objects, free the music buffer on
CLOSE_AUDIO. This invokes an assertion check which ensures that all
chunks have been returned to the buffer.
Instead of returning the local variable "ret" which is always true at
this point, hard-code the "true" return value, because that might be
more readable.