Bug#1009108: marked as done (xmms2: Curl plugin: intermediate buffer overrun)

To: Matthias Klose <doko@debian.org>
Subject: Bug#1009108: marked as done (xmms2: Curl plugin: intermediate buffer overrun)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sun, 26 Nov 2023 10:39:04 +0000
Message-id: <[🔎] handler.1009108.D1009108.17009950013887066.ackdone@bugs.debian.org>
Reply-to: 1009108@bugs.debian.org
References: <E1r7CVC-003TIO-4u@fasolo.debian.org> <164932842177.75488.6329080626723443668.reportbug@albert>

Your message dated Sun, 26 Nov 2023 10:36:38 +0000
with message-id <E1r7CVC-003TIO-4u@fasolo.debian.org>
and subject line Bug#1009108: fixed in xmms2 0.8+dfsg-24
has caused the Debian Bug report #1009108,
regarding xmms2: Curl plugin: intermediate buffer overrun
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1009108: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009108
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xmms2: Curl plugin: intermediate buffer overrun
From: Luc Verhaegen <libv@skynet.be>
Date: Thu, 07 Apr 2022 12:47:01 +0200
Message-id: <164932842177.75488.6329080626723443668.reportbug@albert>

Package: xmms2
Version: 0.8+dfsg-21
Severity: important
Tags: patch upstream

Dear Maintainer,

After finally doing a long procrastinated dist-upgrade, i am no longer able
to play streams.

I am running into the following:
21:23:55  INFO: ../src/xmms/xform.c:1363: Successfully setup chain for 'https://nightride.fm/stream/nightride.mp3' (39865) containing 
curl:magic:mad:converter:segment
21:23:56  FAIL: xmms_curl_callback_write: assertion '(data->bufferlen + len) <= CURL_MAX_WRITE_SIZE' failed
21:23:56 ERROR: ../src/plugins/curl/curl_http.c:378: Curl fill_buffer returned error: (23) Failed writing received data to disk/application

While this is caused by a discrepancy between the design of xmms2 and/or the
xmms2 curl plugin, and the design of libcurl, the attached patch bumps the
intermediate buffer size to a point where the issue should no longer occur.

-- System Information:
Debian Release: 11.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-13-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages xmms2 depends on:
ii  xmms2-client-cli                          0.8+dfsg-21
ii  xmms2-core                                0.8+dfsg-21
ii  xmms2-icon                                0.8+dfsg-21
ii  xmms2-plugin-alsa [xmms2-plugin-output]   0.8+dfsg-21
ii  xmms2-plugin-ao [xmms2-plugin-output]     0.8+dfsg-21
ii  xmms2-plugin-ices [xmms2-plugin-output]   0.8+dfsg-21
ii  xmms2-plugin-id3v2                        0.8+dfsg-21
ii  xmms2-plugin-jack [xmms2-plugin-output]   0.8+dfsg-21
ii  xmms2-plugin-mad                          0.8+dfsg-21
ii  xmms2-plugin-oss [xmms2-plugin-output]    0.8+dfsg-21
ii  xmms2-plugin-pulse [xmms2-plugin-output]  0.8+dfsg-21
ii  xmms2-plugin-vorbis                       0.8+dfsg-21

xmms2 recommends no packages.

xmms2 suggests no packages.

-- no debconf information

>From 7f7c64ac116e119851f13237d0c68d3ca0ce3343 Mon Sep 17 00:00:00 2001
From: Luc Verhaegen <libv@skynet.be>
Date: Thu, 7 Apr 2022 11:53:17 +0200
Subject: [PATCH 1/1] curl: set intermediate buffer to 128kB

This is pretty arbitrary, but larger than it used to be.

Curl expects us to immediately handle the data it sends over. We instead go
and copy the received data into an intermediate buffer, so our own
callback can then later copy it into the final buffer.

The intermediate buffer used to be set to CURL_MAX_WRITE_SIZE (16kB),
which is getting overrun.

Since we use an intermediate buffer, setting CURLOPT_BUFFERSIZE has no
effect for us.

There is no logic, no science to this, but at least 128kB should be large
enough to store a full second of a FLAC stream.

Signed-off-by: Luc Verhaegen <libv@skynet.be>
---
 src/plugins/curl/curl_http.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/plugins/curl/curl_http.c b/src/plugins/curl/curl_http.c
index f19b6d94..d0c9e1f1 100644
--- a/src/plugins/curl/curl_http.c
+++ b/src/plugins/curl/curl_http.c
@@ -31,6 +31,7 @@
 /*
  * Type definitions
  */
+#define XMMS2_CURL_BUFFER_SIZE 0x200000
 
 typedef struct {
 	CURL *curl_easy;
@@ -212,7 +213,7 @@ xmms_curl_init (xmms_xform_t *xform)
 	g_snprintf (proxyuserpass, sizeof (proxyuserpass), "%s:%s", proxyuser,
 	            proxypass);
 
-	data->buffer = g_malloc (CURL_MAX_WRITE_SIZE);
+	data->buffer = g_malloc (XMMS2_CURL_BUFFER_SIZE);
 	data->url = g_strdup (url);
 
 	/* check for broken version of curl here */
@@ -463,7 +464,7 @@ xmms_curl_callback_write (void *ptr, size_t size, size_t nmemb, void *stream)
 
 	len = size * nmemb;
 
-	g_return_val_if_fail ((data->bufferlen + len) <= CURL_MAX_WRITE_SIZE, 0);
+	g_return_val_if_fail ((data->bufferlen + len) <= XMMS2_CURL_BUFFER_SIZE, 0);
 
 	memcpy (data->buffer + data->bufferlen, ptr, len);
 	data->bufferlen = data->bufferlen + len;
-- 
2.30.2

--- End Message ---

--- Begin Message ---

To: 1009108-close@bugs.debian.org
Subject: Bug#1009108: fixed in xmms2 0.8+dfsg-24
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 26 Nov 2023 10:36:38 +0000
Message-id: <E1r7CVC-003TIO-4u@fasolo.debian.org>
Reply-to: Matthias Klose <doko@debian.org>

Source: xmms2
Source-Version: 0.8+dfsg-24
Done: Matthias Klose <doko@debian.org>

We believe that the bug you reported is fixed in the latest version of
xmms2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1009108@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated xmms2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Nov 2023 11:19:39 +0100
Source: xmms2
Architecture: source
Version: 0.8+dfsg-24
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Closes: 1009108 1056894
Changes:
 xmms2 (0.8+dfsg-24) unstable; urgency=medium
 .
   * QA upload.
   * Build-depend on cython3-legacy instead of cython3. Closes: #1056894.
   * xmms2: Curl plugin: intermediate buffer overrun (patch provided by
     Luc Verhaegen). Closes: #1009108.
Checksums-Sha1:
 7498e312373a9f22116f41a3a15a01155862ec7b 6898 xmms2_0.8+dfsg-24.dsc
 3e107bcc820ed57fd2ce0e55d0e2c843b665b060 173244 xmms2_0.8+dfsg-24.debian.tar.xz
 4399a5f6527fd204ff21bbec484a93ff3514bec2 7312 xmms2_0.8+dfsg-24_source.buildinfo
Checksums-Sha256:
 5d8445eb3655651be7cdfafc2269345bc05b31e31363217215a5140de62c6664 6898 xmms2_0.8+dfsg-24.dsc
 bb26246ed599c34d84fefb00266345d272cfd61d621296c2e6f8c9c020831039 173244 xmms2_0.8+dfsg-24.debian.tar.xz
 eb4c38387aaafec8809f6b0d62dc0af82a4d2e60a1d6e1548a5200f5069fea84 7312 xmms2_0.8+dfsg-24_source.buildinfo
Files:
 c4ca952ac9a276dbea42efff48e46512 6898 sound optional xmms2_0.8+dfsg-24.dsc
 5198954bb7c012fcc8884f5a4c8a0deb 173244 sound optional xmms2_0.8+dfsg-24.debian.tar.xz
 8ce09075ba22f1ee1bc16c0101c78b51 7312 sound optional xmms2_0.8+dfsg-24_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJEBAEBCgAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAmVjHOMQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9ejMD/9F+M5soHXAfhrEjv7PuMLBXtcSkTYrozEO
EK1CRblBLq4b37iM/DiW9VA3U4iD3zxJGHlJ8Sfb4/d4IN7NS7bkn51NaH8K5rMc
NXhMTy26bwp6MYtPkqMk/dobl3uDNGT/5yD9cUstr6tc3uXrTcJ+cxA1zlXL/UOJ
kzhSsKTzvaEkOg3IabSBDQp/n3NqDtwGzHBcOdPmtC1+hUNkDGe6w9d2uA0iCsWE
N2DXfVzWeqT/y9dUke2upgZeiTMXF33pMOCaluhOP4s24AukVfDC3h05ZfhrZUUy
kwQQogUzIRcr+ygyHJHbsn92PQqHZTUFkgdJF3+czJQxDgi4h5oRo6uoDv9fIkGi
67ac1NzNqfJ+DwxVW12MgIYJ1z+fGMMIfsNF2+MrMTZ++4CxIFeW6X8pr8p6AmXO
3/bEbpJgbwJtYnpf/iBv/jLI9LOcvkUhBN8k98b1IZQnbhvcE1RsGr0c34h/m39v
Ab4XUCDE0bXAqQV8Ens+9Fh2zEIWTTnbdjH3oTcFOImpiQM9ztSneoq9oXmKxnWy
7fzcPui/Vg7uSlBXrxvB/r0ePOXOSlMSu2OX7tKw5xo7p+Kq6K99GrqUXiXXJWm6
0dbCN6LveithyeHVW4CDe1qk7cmo7iHEA0cQqjMZSvnXhXpmWiWjQJenB2d45qQu
2QnDHYpUog==
=tTln
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#1056894: xmms2: ftbfs with cython 3.0.x
Next by Date: Bug#1056894: marked as done (xmms2: ftbfs with cython 3.0.x)
Previous by thread: Bug#1056894: marked as done (xmms2: ftbfs with cython 3.0.x)
Next by thread: Processing of xmms2_0.8+dfsg-24_source.changes
Index(es):
- Date
- Thread