[Bug 220374] audio/id3lib: stack corruption and stack overflow abort (3.8.3)

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220374

            Bug ID: 220374
           Summary: audio/id3lib: stack corruption and stack overflow
                    abort (3.8.3)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: bob at eager.cx
                CC: kaeru at inigo-tech.com
             Flags: maintainer-feedback?(kaeru at inigo-tech.com)
                CC: kaeru at inigo-tech.com

Created attachment 183926
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=183926&action=edit
Patch as described in PR

This bug is due to a mis-sized array, and is visible when running easytag,
although I suspect that it's intermittent.

Cause: a mis-sized array in mp3_parse.cpp at line 472. It should be 120, not
116 (see #define at line 468). The amount read into this array is set at line
497 onwards, and is dynamic; however, the maximum is 120, not 116! This
probably causes an intermittent stack corruption.

This is an upstream bug that was said to have been fixed years ago, but the
distfile on SourceForge (used by the port) does not include the fix.

Patch for the port attached (put in files/).

-- 
You are receiving this mail because:
You are the assignee for the bug.