Red Hat Bugzilla – Bug 216571
audacious creates bad CDDB query strings
Last modified: 2008-08-02 19:40:33 EDT
Description of problem:
Audacious creates bad CDDB query strings to the server due to an interaction
between sprintf and FORTIFY_SOURCE in gcc/glibc.
CDDB query command string includes an offsets string that looks like
150+22924+36379+186648 (depending on the number of tracks)
Audacious is truncating this to +186648 (i.e. only the last offset)
This due to the use of the construct
...sprintf(buffer, "%s+%d", buffer, ....) in Plugins/Input/cdaudio/cddb.c
and gcc -D_FORTIFY_SOURCE=2. In-place reuse of buffer doesn't work in
this case., i.e. suppose buffer is "150" and the intention is to
extend it to "150+22924" - with the use of FORTIFY_SOURCE it becomes
Version-Release number of selected component (if applicable):
Steps to Reproduce:
2.Enable CDDB lookup
3. Enable Network Window
Server will reply with 500: Invalid command syntax
Server will reply with CD information
I've learnt from the gcc maintainer that it is undefined behaviour for sprintf to
reuse the same buffer. This is a bug in upstream.
The bug is still valid, since audacious does produce invalid strings.
I'll incorporate your patch in the upcoming 1.2.x release.
The reference for the gcc bug is 215690 where the maintainer explains
the undefined use of sprintf.
This should be fixed in 1.2.2, released for FC-6