Bug 216571

Summary: audacious creates bad CDDB query strings
Product: [Fedora] Fedora Reporter: Richard Chan <rc556677>
Component: audaciousAssignee: Ralf Ertzinger <redhat-bugzilla>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: extras-qa
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-02-18 17:18:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard Chan 2006-11-21 05:23:17 UTC 
Description of problem:

Audacious creates bad CDDB query strings to the server due to an interaction
between sprintf and FORTIFY_SOURCE in gcc/glibc.

CDDB query command string includes an offsets string that looks like
150+22924+36379+186648 (depending on the number of tracks)

Audacious is truncating this to +186648 (i.e. only the last offset)

This due to the use of the construct
...sprintf(buffer, "%s+%d", buffer, ....) in Plugins/Input/cdaudio/cddb.c
and gcc -D_FORTIFY_SOURCE=2. In-place reuse of buffer doesn't work in
this case., i.e. suppose buffer is "150" and the intention is to
extend it to "150+22924" - with the use of FORTIFY_SOURCE it becomes
"+22924" only.


Version-Release number of selected component (if applicable):
1.1.2-4.fc6.src,rpm

How reproducible:
Always

Steps to Reproduce:
1.Insert CD-Audio
2.Enable CDDB lookup
3. Enable Network Window
  
Actual results:
Server will reply with 500: Invalid command syntax


Expected results:
Server will reply with CD information


Additional info:
Comment 1 Richard Chan 2006-11-21 08:02:35 UTC 
I've learnt from the gcc maintainer that it is undefined behaviour for sprintf to 
reuse the same buffer. This is a bug in upstream.
Comment 2 Ralf Ertzinger 2006-11-21 09:26:29 UTC 
The bug is still valid, since audacious does produce invalid strings.
I'll incorporate your patch in the upcoming 1.2.x release.
Comment 3 Richard Chan 2006-11-22 01:58:37 UTC 
The reference for the gcc bug is 215690 where the maintainer explains
the undefined use of sprintf.
Comment 4 Ralf Ertzinger 2006-12-04 11:15:09 UTC 
This should be fixed in 1.2.2, released for FC-6