Opened 10 years ago

Closed 10 years ago

#2167 closed defect (wontfix)

crash mp3lib/layer2.c:178 (SIGSEGV)

Reported by: kdevel@… Owned by: reimar
Priority: normal Component: core
Version: unspecified Severity: normal
Keywords: Cc:
Blocked By: Blocking:
Reproduced by developer: no Analyzed by developer: no

Description (last modified by reimar)

gdb --args mplayer -ac mp3 crash-ausschnitt.mp3

GNU gdb (GDB) 7.5
...
MPlayer 1.1-4.3 (C) 2000-2012 MPlayer Team

Playing crash-ausschnitt.mp3.
libavformat version 54.6.101 (internal)
Audio only file format detected.
Load subtitles in ./
==========================================================================
Forced audio codec: mp3
Opening audio decoder: [mp3lib] MPEG layer-2, layer-3
AUDIO: 32000 Hz, 2 ch, s16le, 128.0 kbit/12.50% (ratio: 16000->128000)
Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
==========================================================================
...
mpg123: Can't rewind stream by 134 bits!

Program received signal SIGSEGV, Segmentation fault.
0x00000000006671e1 in II_step_two (x1=<optimized out>, fr=<optimized out>,

scale=0x7fffffffb684, fraction=<optimized out>, bit_alloc=<optimized out>)
at mp3lib/layer2.c:178

178 fraction[j][0][i] = muls[*tab++][m];
(gdb) p m
$1 = 4294967295

Attachments (1)

crash-ausschnitt.mp3 (306.0 KB ) - added by kdevel@… 10 years ago.
Testcase

Download all attachments as: .zip

Change History (4)

by kdevel@…, 10 years ago

Attachment: crash-ausschnitt.mp3 added

Testcase

comment:1 by kdevel@…, 10 years ago

comment:2 by kdevel@…, 10 years ago

comment

comment:3 by reimar, 10 years ago

Analyzed by developer: unset
Description: modified (diff)
Reproduced by developer: unset
Resolution: wontfix
Status: newclosed

mp3lib has been disabled and since some time even removed because of issues like this.
The suggestion is to use either FFmpeg's decoder or an external one like libmpg123 (which is basically the mp3lib code with lots of fixes).
If recompiling with mp3lib disabled is undesireable this can be achieved by e.g. installing a /etc/codecs.conf that does not contain the "mp3lib" entry.
If the concern is only about playback but not security, adding "ac=ffmp3," to the MPlayer config should avoid it as well.
Since the affected code no longer exists in SVN, we will not fix it.

Note: See TracTickets for help on using tickets.