The function flac_cue_track() first calls FLAC__metadata_object_new(),
then overwrites this pointer with FLAC__metadata_get_cuesheet(). This
allocate two FLAC__StreamMetadata objects, but the first pointer is
lost, and never freed.
When libid3tag is disabled, the libmad decoder plugin is unable to
identify ID3 frames. If the file starts with an (unidentified) ID3
frame, it assumes that the file is not a valid MP3 song. This patch
solves this by adding minimal stubs for the ID3 functions.
The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc(). This is dangerous, and
may be used for a denial of service attack on MPD.
The expression "tagLen - size > 0" may result in an integer underflow
and a buffer overflow, when "size" is larger than "tagLen". "size" is
read from the input file, and must not be trusted. This patch changes
the expression to "tagLen > size", which is a lot safer.
When the filesystem_charset is changed in mpd.conf, MPD should discard
the old database. In this error branch, MPD did not fill the GError
object properly, and logged a warning message instead, which caused a
segmentation fault.
- introduce a section explaining the mpd.conf format, as done in the man page:
is it better to re-explain it here or ointing the user to the man page,
avoiding information dupplication?
- reorganizze some sections of the manual to give them a linear aspect...
When MPD was paused, and the client sent the "stop" command (or
"clear"), a glitch caused MPD to continue playback for a split second.
This was because audio_output_all_cancel() calls
audio_output_all_update(), which reopens all output devices, and
re-ignites the playback loop.
When decoding a local file, the decoder thread tries to run all
matching decoders, until one succeeds. Both file_decode() and
stream_decode() can decode a stream, but MPD closes the stream before
calling file_decode(). Problem is: when this decoder fails, and the
next's stream_decode() method is invoked, the input_stream is still
closed. This patch reopens it.
Several users had problems with binding MPD to "localhost". The cause
was duplicate /etc/hosts entries: the resolver library returns
127.0.0.1 twice, and of course, MPD attempts to bind to "both" of
them. This patch makes failures non-fatal, given that at least one
address was bound successfully. This is a workaround; users should
rather fix their /etc/hosts file.
When client_defer_output() aborts the connection to the client,
client_write_output() called client_write_deferred() anyway. This
caused an assertion failure. Fix it by checking for the "expired"
flag again after client_defer_output() returns.