Description of problem: Audacious creates bad CDDB query strings to the server due to an interaction between sprintf and FORTIFY_SOURCE in gcc/glibc. CDDB query command string includes an offsets string that looks like 150+22924+36379+186648 (depending on the number of tracks) Audacious is truncating this to +186648 (i.e. only the last offset) This due to the use of the construct ...sprintf(buffer, "%s+%d", buffer, ....) in Plugins/Input/cdaudio/cddb.c and gcc -D_FORTIFY_SOURCE=2. In-place reuse of buffer doesn't work in this case., i.e. suppose buffer is "150" and the intention is to extend it to "150+22924" - with the use of FORTIFY_SOURCE it becomes "+22924" only. Version-Release number of selected component (if applicable): 1.1.2-4.fc6.src,rpm How reproducible: Always Steps to Reproduce: 1.Insert CD-Audio 2.Enable CDDB lookup 3. Enable Network Window Actual results: Server will reply with 500: Invalid command syntax Expected results: Server will reply with CD information Additional info:
I've learnt from the gcc maintainer that it is undefined behaviour for sprintf to reuse the same buffer. This is a bug in upstream.
The bug is still valid, since audacious does produce invalid strings. I'll incorporate your patch in the upcoming 1.2.x release.
The reference for the gcc bug is 215690 where the maintainer explains the undefined use of sprintf.
This should be fixed in 1.2.2, released for FC-6