[Debburn-devel] icedax cddb crash, patch

Joshua Reuben Roys roysjosh at msu.edu
Mon Aug 13 16:13:13 UTC 2007 

Hello, 

icedax was crashing when ripping a CD when it tried to parse the received 
titles from CDDB.. 

Type: ROM, Vendor 'SONY    ' Model 'CD-RW  CRX216E  ' Revision 'PD03' 
MMC+CDDA
569344 bytes buffer memory requested, 4 buffers, 55 sectors
#icedax version 1.1.6, real time sched., soundcard, libparanoia support
*** glibc detected *** malloc(): memory corruption: 0x08094c40 *** 

valgrind: 

==9349== Memcheck, a memory error detector.
==9349== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==9349== Using LibVEX rev 1774, a library for dynamic binary translation.
==9349== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==9349== Using valgrind-3.3.0.SVN, a dynamic binary instrumentation 
framework.
==9349== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==9349==
 --9349-- Command line
 --9349--    /usr/local/bin/icedax
 --9349--    dev=/dev/cdrom
 --9349--    -vall
 --9349--    cddb=0
 --9349--    -B
 --9349--    -Owav
 --9349-- Startup, with flags:
 --9349--    -v
 --9349--    --leak-check=no
 --9349--    --error-limit=no
 --9349-- Contents of /proc/version:
 --9349--   Linux version 2.6.11.4-21.17-default (geeko at buildhost) (gcc 
version 3.3.5 20050117 (prerelease) (SUSE Linux)) #1 Fri Apr 6 08:42:34 UTC 
2007 

... 

#icedax version 1.1.6, real time sched., soundcard, libparanoia support 

... 

==9349== Invalid write of size 1
==9349==    at 0x401E2FB: strcat (mc_replace_strmem.c:186)
==9349==    by 0x80601D0: process_cddb_titles (toc.c:941)
==9349==    by 0x80616A7: request_titles (toc.c:1458)
==9349==    by 0x805F449: FixupTOC (toc.c:507)
==9349==    by 0x80536B3: main (icedax.c:2610)
==9349==  Address 0x424d954 is 0 bytes after a block of size 28 alloc'd
==9349==    at 0x401DCBA: realloc (vg_replace_malloc.c:420)
==9349==    by 0x80601AC: process_cddb_titles (toc.c:938)
==9349==    by 0x80616A7: request_titles (toc.c:1458)
==9349==    by 0x805F449: FixupTOC (toc.c:507)
==9349==    by 0x80536B3: main (icedax.c:2610) 

It didn't make it much farther than this. 

(gdb) run dev=/dev/cdrom -vall cddb=0 -B -Owav
Starting program: /usr/local/bin/icedax dev=/dev/cdrom -vall cddb=0 -B -Owav
Type: ROM, Vendor 'SONY    ' Model 'CD-RW  CRX216E  ' Revision 'PD03' 
MMC+CDDA
569344 bytes buffer memory requested, 4 buffers, 55 sectors
#icedax version 1.1.6, real time sched., soundcard, libparanoia support
*** glibc detected *** malloc(): memory corruption: 0x08094c40 *** 

Program received signal SIGABRT, Aborted.
0xffffe410 in ?? ()
(gdb) bt
#0  0xffffe410 in ?? ()
#1  0xbfffd810 in ?? ()
#2  0x00000006 in ?? ()
#3  0x00002496 in ?? ()
#4  0x4005c2c1 in raise () from /lib/tls/libc.so.6
#5  0x4005db75 in abort () from /lib/tls/libc.so.6
#6  0x400907aa in __libc_message () from /lib/tls/libc.so.6
#7  0x40096007 in malloc_printerr () from /lib/tls/libc.so.6
#8  0x40097d18 in _int_malloc () from /lib/tls/libc.so.6
#9  0x400995b4 in malloc () from /lib/tls/libc.so.6
#10 0x080602db in process_cddb_titles (sock_fd=7, inbuff=0xbfffe3e0 "210 
classical 760ff209 CD database entry follows (until terminating `.')", 
readbytes=473)
   at /root/sources/cdrkit-1.1.6/icedax/toc.c:969
#11 0x080616a8 in request_titles () at 
/root/sources/cdrkit-1.1.6/icedax/toc.c:1458
#12 0x0805f44a in FixupTOC (no_tracks=10) at 
/root/sources/cdrkit-1.1.6/icedax/toc.c:507
#13 0x080536b4 in main (argc=6, argv=0xbfffee34) at 
/root/sources/cdrkit-1.1.6/icedax/icedax.c:2610
(gdb) 

The attached patch let me successfully rip the CD. 

Please CC me, I'm not on the list. 

Thanks, 

Joshua 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: icedax.patch
Type: text/x-patch
Size: 455 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/debburn-devel/attachments/20070813/46da1920/attachment.bin

More information about the Debburn-devel mailing list