libid3 crashes on non-ascii characters in tags

Bug #419068 reported by Stilor on 2009-08-26
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
id3lib3.8.3 (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: libid3-3.8.3c2a

avn@etoile:~$ lsb_release -rd
Description: Ubuntu karmic (development branch)
Release: 9.10
avn@etoile:~$ apt-cache policy libid3-3.8.3c2a kid3 libid3-3.8.3-dev
libid3-3.8.3c2a:
  Installed: 3.8.3-7.2ubuntu1
  Candidate: 3.8.3-7.2ubuntu1
  Version table:
 *** 3.8.3-7.2ubuntu1 0
        500 http://us.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status
kid3:
  Installed: 1.2-1ubuntu2
  Candidate: 1.2-1ubuntu2
  Version table:
 *** 1.2-1ubuntu2 0
        500 http://us.archive.ubuntu.com karmic/multiverse Packages
        100 /var/lib/dpkg/status
libid3-3.8.3-dev:
  Installed: 3.8.3-7.2ubuntu1
  Candidate: 3.8.3-7.2ubuntu1
  Version table:
 *** 3.8.3-7.2ubuntu1 0
        500 http://us.archive.ubuntu.com karmic/main Packages
        100 /var/lib/dpkg/status

When opening a file that contains non-ascii characters, libid3 crashes. Tried on files with Russian tags encoded as either UTF8, or CP1251. Stacktrace from id3info:

*** stack smashing detected ***: id3info terminated
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x48)[0x3ece68]
/lib/tls/i686/cmov/libc.so.6(__fortify_fail+0x0)[0x3ece20]
/usr/lib/libid3-3.8.so.3[0x54ad54]
/usr/lib/libid3-3.8.so.3(_ZN7Mp3Info5ParseER10ID3_Readerj+0x8f5)[0x53ea05]
/usr/lib/libid3-3.8.so.3(_ZN11ID3_TagImpl11ParseReaderER10ID3_Reader+0x42b)[0x5440fb]
/usr/lib/libid3-3.8.so.3(_ZN11ID3_TagImpl9ParseFileEv+0x195)[0x5447e5]
/usr/lib/libid3-3.8.so.3(_ZN11ID3_TagImpl4LinkEPKct+0x54)[0x5400d4]
/usr/lib/libid3-3.8.so.3(_ZN7ID3_Tag4LinkEPKct+0x2f)[0x53f26f]
id3info[0x804aeb6]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x322b56]
id3info[0x8049601]
======= Memory map: ========
0030c000-0045d000 r-xp 00000000 08:07 133484 /lib/tls/i686/cmov/libc-2.10.1.so
0045d000-0045e000 ---p 00151000 08:07 133484 /lib/tls/i686/cmov/libc-2.10.1.so
0045e000-00460000 r--p 00151000 08:07 133484 /lib/tls/i686/cmov/libc-2.10.1.so
00460000-00461000 rw-p 00153000 08:07 133484 /lib/tls/i686/cmov/libc-2.10.1.so
00461000-00464000 rw-p 00000000 00:00 0
00520000-00554000 r-xp 00000000 08:07 19 /usr/lib/libid3-3.8.so.3.0.0
00554000-00555000 r--p 00034000 08:07 19 /usr/lib/libid3-3.8.so.3.0.0
00555000-00557000 rw-p 00035000 08:07 19 /usr/lib/libid3-3.8.so.3.0.0
005fe000-0061b000 r-xp 00000000 08:07 2424 /lib/ld-2.10.1.so
0061b000-0061c000 r--p 0001c000 08:07 2424 /lib/ld-2.10.1.so
0061c000-0061d000 rw-p 0001d000 08:07 2424 /lib/ld-2.10.1.so
006bf000-007a4000 r-xp 00000000 08:07 4156 /usr/lib/libstdc++.so.6.0.12
007a4000-007a8000 r--p 000e4000 08:07 4156 /usr/lib/libstdc++.so.6.0.12
007a8000-007a9000 rw-p 000e8000 08:07 4156 /usr/lib/libstdc++.so.6.0.12
007a9000-007b0000 rw-p 00000000 00:00 0
008d1000-008e5000 r-xp 00000000 08:07 554 /lib/libz.so.1.2.3.3
008e5000-008e6000 r--p 00013000 08:07 554 /lib/libz.so.1.2.3.3
008e6000-008e7000 rw-p 00014000 08:07 554 /lib/libz.so.1.2.3.3
009dd000-009de000 r-xp 00000000 00:00 0 [vdso]
00a5c000-00a82000 r-xp 00000000 08:07 133490 /lib/tls/i686/cmov/libm-2.10.1.so
00a82000-00a83000 r--p 00025000 08:07 133490 /lib/tls/i686/cmov/libm-2.10.1.so
00a83000-00a84000 rw-p 00026000 08:07 133490 /lib/tls/i686/cmov/libm-2.10.1.so
00d79000-00da3000 r-xp 00000000 08:07 456 /lib/libgcc_s.so.1
00da3000-00da4000 r--p 00029000 08:07 456 /lib/libgcc_s.so.1
00da4000-00da5000 rw-p 0002a000 08:07 456 /lib/libgcc_s.so.1
08048000-0804d000 r-xp 00000000 08:07 5708 /usr/bin/id3info
0804d000-0804e000 r--p 00004000 08:07 5708 /usr/bin/id3info
0804e000-0804f000 rw-p 00005000 08:07 5708 /usr/bin/id3info
0838f000-083b0000 rw-p 00000000 00:00 0 [heap]
b8045000-b8048000 rw-p 00000000 00:00 0
b805b000-b805d000 rw-p 00000000 00:00 0
bfda5000-bfdba000 rw-p 00000000 00:00 0 [stack]
Aborted (core dumped)

kid3 exits with similar stacktrace if it is configured to use id3lib (v2.3.0). kid3 works okay with TagLib (v2.4.0).

Urs Fleisch (ufleisch) wrote :

I could not reproduce this bug with Umlauts or Russian tags. I get this crash when reading MP3 files with variable bitrate (VBR), see https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466. Maybe you mean the same bug.

Maybe; I am not sure if that file was CBR or VBR. I'll re-check once the VBR fix
is picked up.

Regards,
Alexey.

On Tuesday 06 October 2009 04:58:29 am Urs Fleisch wrote:
> I could not reproduce this bug with Umlauts or Russian tags. I get this
> crash when reading MP3 files with variable bitrate (VBR), see
> https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466. Maybe
> you mean the same bug.
>

Any news on this one?

I'm willing to get some of the issues fixed so that I can (again) have easytag working in the short term (in the long term, perhaps another id3 library should be used).

Regards, Rogério Theodoro de Brito.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers