When libid3tag is disabled, the libmad decoder plugin is unable to
identify ID3 frames. If the file starts with an (unidentified) ID3
frame, it assumes that the file is not a valid MP3 song. This patch
solves this by adding minimal stubs for the ID3 functions.
The function tag_ape_load() retrieves a 32 bit unsigned integer from
the input file, and passes it to g_malloc(). This is dangerous, and
may be used for a denial of service attack on MPD.
The expression "tagLen - size > 0" may result in an integer underflow
and a buffer overflow, when "size" is larger than "tagLen". "size" is
read from the input file, and must not be trusted. This patch changes
the expression to "tagLen > size", which is a lot safer.
When the filesystem_charset is changed in mpd.conf, MPD should discard
the old database. In this error branch, MPD did not fill the GError
object properly, and logged a warning message instead, which caused a
segmentation fault.
- introduce a section explaining the mpd.conf format, as done in the man page:
is it better to re-explain it here or ointing the user to the man page,
avoiding information dupplication?
- reorganizze some sections of the manual to give them a linear aspect...
When MPD was paused, and the client sent the "stop" command (or
"clear"), a glitch caused MPD to continue playback for a split second.
This was because audio_output_all_cancel() calls
audio_output_all_update(), which reopens all output devices, and
re-ignites the playback loop.
When decoding a local file, the decoder thread tries to run all
matching decoders, until one succeeds. Both file_decode() and
stream_decode() can decode a stream, but MPD closes the stream before
calling file_decode(). Problem is: when this decoder fails, and the
next's stream_decode() method is invoked, the input_stream is still
closed. This patch reopens it.
Several users had problems with binding MPD to "localhost". The cause
was duplicate /etc/hosts entries: the resolver library returns
127.0.0.1 twice, and of course, MPD attempts to bind to "both" of
them. This patch makes failures non-fatal, given that at least one
address was bound successfully. This is a workaround; users should
rather fix their /etc/hosts file.
When client_defer_output() aborts the connection to the client,
client_write_output() called client_write_deferred() anyway. This
caused an assertion failure. Fix it by checking for the "expired"
flag again after client_defer_output() returns.
When the decoder is finished, break out of the player loop only after
another player.pipe check. We did check the pipe size a few lines
above, but that check was kind of racy.
When a music_chunk only contains a tag but no PCM data, play_chunk()
returns true without freeing the chunk. The caller now assumes that
the chunk is moved into some music_pipe and does not bother to free it
either.
To check for leaked music_chunk objects, free the music buffer on
CLOSE_AUDIO. This invokes an assertion check which ensures that all
chunks have been returned to the buffer.
Max Kellermann