Bug#304913: marked as done (libid3tag0: endless loop until OOM while parsing ID3v2 tag)

To: Matej Vela <vela@debian.org>
Cc: Debian QA Group <packages@qa.debian.org>
Subject: Bug#304913: marked as done (libid3tag0: endless loop until OOM while parsing ID3v2 tag)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 26 Apr 2005 10:33:14 -0700
Message-id: <[🔎] handler.304913.D304913.111453600717651.ackdone@bugs.debian.org>
In-reply-to: <E1DQTRq-0006I4-00@newraff.debian.org>
References: <E1DQTRq-0006I4-00@newraff.debian.org> <[🔎] Zen-1DMn00-0006fS-Aw@pythagoras.zen.co.uk>

Your message dated Tue, 26 Apr 2005 13:02:10 -0400
with message-id <E1DQTRq-0006I4-00@newraff.debian.org>
and subject line Bug#304913: fixed in libid3tag 0.15.1b-5
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Apr 2005 13:06:14 +0000
>From t.i.m@zen.co.uk Sat Apr 16 06:06:14 2005
Return-path: <t.i.m@zen.co.uk>
Received: from pythagoras.zen.co.uk [212.23.3.140] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DMn01-00014R-00; Sat, 16 Apr 2005 06:06:14 -0700
Received: from [217.155.195.89] (helo=sceptic.centricular.net)
	by pythagoras.zen.co.uk with esmtp (Exim 4.30)
	id 1DMn00-0006fS-Aw; Sat, 16 Apr 2005 13:06:12 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Tim Mueller <t.i.m@zen.co.uk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libid3tag0: endless loop until OOM while parsing ID3v2 tag
X-Mailer: reportbug 3.9
Date: Sat, 16 Apr 2005 14:06:11 +0100
Message-ID: <[🔎] Zen-1DMn00-0006fS-Aw@pythagoras.zen.co.uk>
X-Originating-Pythagoras-IP: [217.155.195.89]
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: libid3tag0
Version: 0.15.1b-4.1
Severity: normal
Tags: patch


libid3tag has problems with some ID3v2 tags. If the ID3v2 tag contains
string list fields with an UTF16 string whose length is an odd number
of bytes (which is effectively a broken string, but should still be
parsed correctly), libid3tag ends up in an endless loop allocating
memory until it can't allocate more memory or the process is killed.

This bug affects a number of applications depending on libid3tag0 for
tag parsing, including many GStreamer-based audio players like rhythmbox
or muine.

A two-line patch is available here:

  http://bugzilla.gnome.org/show_bug.cgi?id=162647

The patch has been sent upstream months ago, but it doesn't look like
there is going to be a new release any time soon.

Would be great if it could be applied to the package until a new
upstream version is released.

Cheers
 -Tim


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages libid3tag0 depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an
ii  zlib1g                      1:1.2.2-4    compression library - runtime

-- no debconf information

---------------------------------------
Received: (at 304913-close) by bugs.debian.org; 26 Apr 2005 17:20:07 +0000
>From katie@ftp-master.debian.org Tue Apr 26 10:20:07 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DQTjD-0004Yn-00; Tue, 26 Apr 2005 10:20:07 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1DQTRq-0006I4-00; Tue, 26 Apr 2005 13:02:10 -0400
From: Matej Vela <vela@debian.org>
To: 304913-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#304913: fixed in libid3tag 0.15.1b-5
Message-Id: <E1DQTRq-0006I4-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Tue, 26 Apr 2005 13:02:10 -0400
Delivered-To: 304913-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: libid3tag
Source-Version: 0.15.1b-5

We believe that the bug you reported is fixed in the latest version of
libid3tag, which is due to be installed in the Debian FTP archive:

libid3tag0-dev_0.15.1b-5_i386.deb
  to pool/main/libi/libid3tag/libid3tag0-dev_0.15.1b-5_i386.deb
libid3tag0_0.15.1b-5_i386.deb
  to pool/main/libi/libid3tag/libid3tag0_0.15.1b-5_i386.deb
libid3tag_0.15.1b-5.diff.gz
  to pool/main/libi/libid3tag/libid3tag_0.15.1b-5.diff.gz
libid3tag_0.15.1b-5.dsc
  to pool/main/libi/libid3tag/libid3tag_0.15.1b-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 304913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matej Vela <vela@debian.org> (supplier of updated libid3tag package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 26 Apr 2005 18:26:14 +0200
Source: libid3tag
Binary: libid3tag0-dev libid3tag0
Architecture: source i386
Version: 0.15.1b-5
Distribution: unstable
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matej Vela <vela@debian.org>
Description: 
 libid3tag0 - ID3 tag reading library from the MAD project
 libid3tag0-dev - ID3 tag reading library from the MAD project
Closes: 304913
Changes: 
 libid3tag (0.15.1b-5) unstable; urgency=low
 .
   * QA upload.
   * 12_endless_loop: Fix endless loop in utf16.c (patch by Ronald Bultje).
     Closes: #304913.
   * Switch to debhelper 4.
   * debian/rules:
     - Remove support for DEB_BUILD_OPTIONS=debug.
     - Add support for DEB_BUILD_OPTIONS=noopt.
Files: 
 d9c3ce35df68f28453015297fae889a5 631 sound optional libid3tag_0.15.1b-5.dsc
 5b141b4caa1a55478b2a96ef4f7f29da 5037 sound optional libid3tag_0.15.1b-5.diff.gz
 dd04d1eeae8910afea26445139cb8dc8 34598 libs optional libid3tag0_0.15.1b-5_i386.deb
 2bac94313d40f6c3ce0f5b4cd14626b2 34556 libdevel optional libid3tag0-dev_0.15.1b-5_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCbmvYxBYivKllgY8RApXzAJ45dahfQLTtUEkV5gRBulJbH5UdfQCfR4Wt
I7d5+KLokX2pYxHhdMdF9TU=
=Y7iU
-----END PGP SIGNATURE-----

Reply to:

References:
- Bug#304913: libid3tag0: endless loop until OOM while parsing ID3v2 tag
  - From: Tim Mueller <t.i.m@zen.co.uk>

Prev by Date: libid3tag_0.15.1b-5_i386.changes ACCEPTED
Next by Date: Processing of luxman_0.41-21_i386.changes
Previous by thread: Bug#304913: libid3tag0: endless loop until OOM while parsing ID3v2 tag
Next by thread: Processed: changed my e-mail address from miernik@ctnet.pl to miernik@ffii.org
Index(es):
- Date
- Thread