This recursive function is very dangerous because it allocates a large
buffer on the stack in every iteration. That may be misused to
generate a stack overflow.
When a directory failed to update, it was removed from the database,
without freeing all children and songs (memory leak), and without
locking (race condition). Introduce the functions clear_directory()
and delete_directory(), which do both.
Don't use db_get_directory() and traverse the full path with every
directory being loaded. Just see if the current parent contains the
entry. Everything else would be invalid anyway..
A manipulated database could trigger an assertion failure, because the
parent didn't match. Do a proper check if the new directory is within
the parent's. This uses FATAL() to bail out, so MPD still dies, but
it doesn't crash.
Remove clutter from directory.c. Everything which saves or loads
to/from the hard disk goes to directory_save.c, and code which sends
directory information to the client is moved into directory_print.c.
Having an array with disabled entries sucks. Removed that
DISABLED_SHOUT_ENCODER_PLUGIN macro, and fill the plugin list only
with plugins which are actually enabled. This should be done for all
plugin types.
"volume" was passed as an unsigned integer, which is correct. It's
just that when it was multiplied with the sample value, the whole
operation was changed to unsigned, breaking the algorithm (and Qball's
ears). Internally change "volume" to signed.
With commit 6dcd7fea (if I am not mistaken) the error returned when
you try to save to an existing playlist is wrong. Instead of
MPD_ACK_ERROR_EXIST, MPD_ACK_ERROR_NO_EXIST is returned. This is
obviously wrong and breaks gmpc.
Commit 0bfe7802 broke update for new files in the root directory,
because music_root->path was an empty string and not NULL. There were
some NULL tests missing. Change them to !isRootDirectory(path)
instead of path!=NULL.
Taming the directory.c monster, part II: move the database management
stuff to database. directory.c should only contain code which works
on directory objects.
Instead of returning 0 or -1, return true on success and false on
failure. This seems more natural, and when the C library was
designed, there was no "bool" data type.
Provide separate constructors for creating a remote song, a local
song, and one for loading data from a song file. This way, we can add
more assertions.
exploreDirectory() duplicates some code in updateDirectory(). Merge
both functions, and use directory_is_empty() to determine whether
update or explore mode should be used.
The source directory.c mixes several libraries: directory object
management, database management and database update, resulting in a
1000+ line monster. Move the whole database update code to update.c.
Having all functions as static (non-inline) functions generates GCC
warnings, and duplicates binary code across several object files.
Most of dirvec's methods are too complex for becoming inline
functions. Move them all to dirvec.c and publish the prototypes in
dirvec.h.
pthread_cond_wait() may wake up spuriously. To prevent superfluous
state checks, loop until the "pending" flag becomes true. Removed the
dangerous assertion.
This makes the update code thread-safe and doesn't penalize
the playlist code by complicating it with complicated and
error-prone locks (and the associated overhead, not everybody
has a thread-implementation as good as NPTL).
The update task blocks during the delete; but the update task is
a slow task anyways so we can block w/o people caring too much.
This was also our only freeSong call site, so remove that
function.
Note that deleting entire directories is not fully thread-safe,
yet; as their traversals are not yet locked.
Max Kellermann