vorbiscomment truncates weird input files

Automatically imported from Debian bug report #287170 http://bugs.debian.org/287170

Message-Id: <E1Ci8Os-00028Q-00@darjeeling>
Date: Sat, 25 Dec 2004 01:39:50 -0800
From: Joshua Kwan <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: vorbiscomment truncates weird input files

Package: vorbis-tools
Version: 1.0.1-1.1
Severity: important

Erroneously, I did this, when I should have been using metaflac:

% for i in *.flac; do printf 'ARTIST=Carlos Santana and Mahavishnu John McLaughlin' | vorbiscomment -w $i; done
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.
Failed to open file as vorbis: Input is not an Ogg bitstream.

but after I did that, each file had been truncated to 0 bytes! I think
vorbiscomment should be a little more lenient...

Thanks,
Josh

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (499, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)

Versions of packages vorbis-tools depends on:
ii libao2 0.8.5-1 Cross Platform Audio Output Librar
ii libc6 2.3.2.ds1-19 GNU C Library: Shared libraries an
ii libcurl3 7.12.2-2 Multi-protocol file transfer libra
ii libflac4 1.1.0-11 Free Lossless Audio Codec - runtim
ii libidn11 0.5.2-3 GNU libidn library, implementation
ii libogg0 1.1.0-1 Ogg Bitstream Library
ii liboggflac1 1.1.0-11 Free Lossless Audio Codec - runtim
ii libspeex1 1.0.rel.4-1 The Speex Speech Codec
ii libssl0.9.7 0.9.7e-3 SSL shared libraries
ii libvorbis0a 1.0.1-1 The Vorbis General Audio Compressi
ii libvorbisenc2 1.0.1-1 The Vorbis General Audio Compressi
ii libvorbisfile3 1.0.1-1 The Vorbis General Audio Compressi
ii zlib1g 1:1.2.2-4 compression library - runtime

-- no debconf information

Message-ID: <email address hidden>
Date: Tue, 15 Nov 2005 09:29:09 +0100
From: mlang <email address hidden>
To: <email address hidden>
Subject: Data loss

Severity 287170 grave
thanks.

Justification: Causes data loss

--
CYa,
  Mario

Message-ID: <20051125184800.GA28862@treasure>
Date: Fri, 25 Nov 2005 19:48:00 +0100
From: Bastian Kleineidam <email address hidden>
To: <email address hidden>, <email address hidden>
Subject: Re: vorbiscomment truncates weird input files

--XOIedfhf+7KOe/yw
Content-Type: multipart/mixed; boundary="huq684BweRXVnRxX"
Content-Disposition: inline

--huq684BweRXVnRxX
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

the reason for the overwrite is the close_files() function in
vcomment.c. It always renames the temporary output file to the given
output file, regardless of previous failures.

I added an error flag and if set only remove the temporary filename.
This fixed the error for me.
Test was exactly like in the report (with a test.1 manpage file):
$ printf 'ARTIST=3DCarlos Santana and Mahavishnu John McLaughlin' | \
  vorbiscomment -w test.1

Regards,
  Bastian
--=20
  ,''`. Bastian Kleineidam
 : :' : GnuPG Schl=FCssel
 `. `' gpg --keyserver wwwkeys.pgp.net --recv-keys 32EC6F3E
   `-

--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="vorbiscomment_overwrite_fix.diff"
Content-Transfer-Encoding: quoted-printable

--- vorbis-tools-1.0.1/vorbiscomment/vcomment.c 2005-11-25 19:09:06.8789579=
29 +0100
+++ vorbis-tools-1.0.1_/vorbiscomment/vcomment.c 2005-11-25 19:08:42.298707=
644 +0100
@@ -58,7 +58,7 @@
 void free_param(param_t *param);
 void parse_options(int argc, char *argv[], param_t *param);
 void open_files(param_t *p);
-void close_files(param_t *p);
+void close_files(param_t *p, int err);
=20
=20
 /**********
@@ -102,7 +102,7 @@
   {
    fprintf(stderr, _("Failed to open file as vorbis: %s\n"),=20
      vcedit_error(state));
- close_files(param);
+ close_files(param, 1);
             free_param(param);
             vcedit_clear(state);
    return 1;
@@ -115,7 +115,7 @@
   /* done */
   vcedit_clear(state);
=20
- close_files(param);
+ close_files(param, 0);
         free_param(param);
   return 0; =09
  }
@@ -128,7 +128,7 @@
   {
    fprintf(stderr, _("Failed to open file as vorbis: %s\n"),=20
      vcedit_error(state));
- close_files(param);
+ close_files(param, 1);
             free_param(param);
             vcedit_clear(state);
    return 1;
@@ -169,7 +169,7 @@
   {
    fprintf(stderr, _("Failed to write comments to output file: %s\n"),=20
      vcedit_error(state));
- close_files(param);
+ close_files(param, 1);
             free_param(param);
             vcedit_clear(state);
    return 1;
@@ -178,7 +178,7 @@
   /* done */
   vcedit_clear(state);
  =09
- close_files(param);
+ close_files(param, 0);
         free_param(param);
   return 0;
  }
@@ -453,7 +453,6 @@
 void open_files(param_t *p)
 {
  /* for all modes, open the input file */
-
  if (strncmp(p->infilename,"-",2) =3D=3D 0) {
   p->in =3D stdin;
  } else {
@@ -529,7 +528,7 @@
=20
 ***********/
=20
-void close_files(param_t *p)
+void close_files(param_t *p, int err)
 {
  if (p->in !=3D NULL && p->in !=3D stdin) fclose(p->in);
  if (p->out...

Message-Id: <email address hidden>
Date: Tue, 06 Dec 2005 21:47:06 -0800
From: =?utf-8?q?Adeodato_Sim=C3=B3?= <email address hidden>
To: <email address hidden>
Subject: Bug#287170: fixed in vorbis-tools 1.1.1-1

Source: vorbis-tools
Source-Version: 1.1.1-1

We believe that the bug you reported is fixed in the latest version of
vorbis-tools, which is due to be installed in the Debian FTP archive:

vorbis-tools_1.1.1-1.diff.gz
  to pool/main/v/vorbis-tools/vorbis-tools_1.1.1-1.diff.gz
vorbis-tools_1.1.1-1.dsc
  to pool/main/v/vorbis-tools/vorbis-tools_1.1.1-1.dsc
vorbis-tools_1.1.1-1_i386.deb
  to pool/main/v/vorbis-tools/vorbis-tools_1.1.1-1_i386.deb
vorbis-tools_1.1.1.orig.tar.gz
  to pool/main/v/vorbis-tools/vorbis-tools_1.1.1.orig.tar.gz

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Adeodato Simó <email address hidden> (supplier of updated vorbis-tools package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 07 Dec 2005 06:21:02 +0100
Source: vorbis-tools
Binary: vorbis-tools
Architecture: i386 source
Version: 1.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Christopher L Cheney <email address hidden>
Changed-By: Adeodato Simó <email address hidden>
Description:
 vorbis-tools - several Ogg Vorbis tools
Closes: 287170 339846
Changes:
 vorbis-tools (1.1.1-1) unstable; urgency=low
 .
   * New upstream release packaged (closes: #339846).
 .
   * Pull patch from upstream to prevent vorbiscomment from clobbering files
     when an error happens. (Closes: #287170)
     [File: upstream_r9935-dont_clobber_file_on_error.diff]
 .
   * Add myself as an uploader, as agreed with Christopher in the past;
     note it in debian/copyright.
 .
   * Update debian/control:
 .
     + drop unnecessary build-dependencies on bison and devscripts.
     + build-depend on libcurl3-gnutls-dev instead of libcurl3-dev | libcurl-dev
       (vorbis-tools is GPL'ed, no SSL exception).
     + drop version restriction on all build-dependencies, since they'd be all
       satisfied with stable.
 .
   * Overhaul debian/rules.
 .
   * Make use of debian/patches, putting in separate files the patches applied
     in previous NMUs (deactivated some of them because they no longer apply
     and/or are incomplete, until I figure out what to do with them; reopens:
     #272037, #264365).
 .
   * Update download URL in debian/copyright.
 .
   * Bumped Standards-Version to 3.6.2 (no changes required).
Files:
 5095069b187e04f7b22be42b69d7b90b 177040 sound optional vorbis-tools_1.1.1-1_i386.deb
 6b4c7fea98b2cd12bef440d42fdfb2f1 950614 sound optional vorbis-tools_1.1.1.orig.tar.gz
 8b57fe3b77602f8910db7f94c81f6f38 28505 sound optional vorbis-tools_1.1.1-1.diff.gz
 c6b7c4703a14300daf...

Fixed in 1.1.1-1 and later:

vorbis-tools | 1.1.1-3 | http://us.archive.ubuntu.com dapper/main Packages