[Bug 2018449] Re: [SRU] `xmms2 add --playlist ... ` causes a core dump
Dave Jones
2018449 at bugs.launchpad.net
Mon Mar 25 15:03:46 UTC 2024
The patches look fine and certainly fix the issue described. One thing
that does concern me slightly is that this only patches one instance of
XMMS_PATH_MAX and there's several more scattered throughout the code
that look like they could potentially be hit by long pathnames. Wouldn't
it be preferable to simply #define XMMS_PATH_MAX PATH_MAX in
xmmsc_util.h
Anyway, I'll sponsor this as is but I've added a note to the upstream
PR.
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2018449
Title:
[SRU] `xmms2 add --playlist ... ` causes a core dump
Status in xmms2 package in Ubuntu:
Confirmed
Status in xmms2 source package in Jammy:
Confirmed
Status in xmms2 source package in Mantic:
Confirmed
Bug description:
[ Impact ]
xmms2 client cli will crash with a buffer overflow if the real path of the files is longer than 255 bytes.
The user will see:
*** buffer overflow detected ***: terminated
Aborted (core dumped)
[ Test Plan ]
* copy few mp3 files to a folder, I will use a folder named "testmp3"
* Use the following command to create a playlist
xmms2 playlist create testlist
* Try adding the mp3 files to the list:
xmms2 add --playlist testlist testmp3/*
If the package is not fixed it will crash, with the fixed package it
will not crash and add it to the playlist.
[ Where problems could occur ]
* This patch has been accepted upstream and is only modifying the
size of the local buffer where the path is stored. There is minimum
chance of regression just for this patch.
[ Other Info ]
* There might be other parts of the code which are still using the old
buffer size and might cause some other problem.
[ Original Bug Description ]
1) The release of Ubuntu you are using, via?
$ lsb_release -rd
No LSB modules are available.
Description: Ubuntu 23.04
Release: 23.04
2) The version of the package you are using, via?
$ apt-cache policy xmms2
xmms2:
Installed: 0.8+dfsg-22ubuntu6
Candidate: 0.8+dfsg-22ubuntu6
Version table:
*** 0.8+dfsg-22ubuntu6 500
500 http://au.archive.ubuntu.com/ubuntu lunar/universe amd64 Packages
100 /var/lib/dpkg/status
3). I ran $ xmms2 add --playlist These+Same+Skies "/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/"*
I expected it to populate the playlist `These+Same+Skies` that I had already created withthe files in thee directory `/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/` it always worked before.
4) it core dumped like so
$ xmms2 add --playlist These+Same+Skies "/home/grizzlysmit/Music/Hillsong Live/These+Same+Skies/"*
*** buffer overflow detected ***: terminated
Aborted (core dumped)
ProblemType: Bug
DistroRelease: Ubuntu 23.04
Package: xmms2 0.8+dfsg-22ubuntu6
ProcVersionSignature: Ubuntu 6.2.0-20.20-generic 6.2.6
Uname: Linux 6.2.0-20-generic x86_64
ApportVersion: 2.26.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: pass
CurrentDesktop: ubuntu:GNOME
Date: Thu May 4 16:11:01 2023
InstallationDate: Installed on 2023-04-21 (12 days ago)
InstallationMedia: Ubuntu 22.10 "Kinetic Kudu" - Release amd64 (20221020)
SourcePackage: xmms2
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmms2/+bug/2018449/+subscriptions
More information about the Ubuntu-sponsors
mailing list