Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

check the return when constructing comment entries #12

Merged
merged 1 commit into from
Oct 11, 2022

Conversation

nagisa
Copy link
Contributor

@nagisa nagisa commented Oct 10, 2022

The FLAC__metadata_object_vorbiscomment_entry_from_name_value_pair
function call can fail which will lead to
FLAC__metadata_object_vorbiscomment_append_comment segfaulting or
producing invalid results. I have observed this to happen after 2 days
of normal playback. It is reproducible much more readily if I just skip
a lot.

With this fix in place, even with skipping I haven’t been able to
reproduce the crash again.

The `FLAC__metadata_object_vorbiscomment_entry_from_name_value_pair`
function call can fail which will lead to
`FLAC__metadata_object_vorbiscomment_append_comment` segfaulting or
producing invalid results. I have observed this to happen after 2 days
of normal playback. It is reproducible much more readily if I just skip
a lot.

With this fix in place, even with skipping I haven’t been able to
reproduce the crash again.
@toots
Copy link
Member

toots commented Oct 10, 2022

Thank you for this! I think I'd rather have the encoder raise an exception to let the user know that they are submitting invalid metadata. Otherwise, it might be surprising to think everything went fine while some metadata is missing.

Let me know if you're confortable doing that in the ocaml C code (declare new exception on the ML side, register it for C callback, call it in the C code). Otherwise, I'm happy to do it. The reference for OCaml bindings is here: https://v2.ocaml.org/manual/intfc.html

@nagisa
Copy link
Contributor Author

nagisa commented Oct 11, 2022

I think I'd rather have the encoder raise an exception to let the user know that they are submitting invalid metadata.

Hm, with this being a part of context creation, I wonder how would something like liquidsoap know that it might want to try discarding that metadata?

Let me know if you're confortable doing that in the ocaml C code (declare new exception on the ML side, register it for C callback, call it in the C code). Otherwise, I'm happy to do it. The reference for OCaml bindings is here: https://v2.ocaml.org/manual/intfc.html

Please take over. An unfortunate thing with FLAC__metadata_object_vorbiscomment_entry_from_name_value_pair is that it bundles three distinct failure modes internally, so you may want to figure out how to raise corresponding exceptions for each failure or something.

@toots
Copy link
Member

toots commented Oct 11, 2022

I think I'd rather have the encoder raise an exception to let the user know that they are submitting invalid metadata.

Hm, with this being a part of context creation, I wonder how would something like liquidsoap know that it might want to try discarding that metadata?

I'll think about it from the liquidsoap side. But this made me realize that FLAC__format_vorbiscomment_entry_name_is_legal and FLAC__format_vorbiscomment_entry_value_is_legal are exported too so I'll add them to the binding.

Let me know if you're confortable doing that in the ocaml C code (declare new exception on the ML side, register it for C callback, call it in the C code). Otherwise, I'm happy to do it. The reference for OCaml bindings is here: https://v2.ocaml.org/manual/intfc.html

Please take over. An unfortunate thing with FLAC__metadata_object_vorbiscomment_entry_from_name_value_pair is that it bundles three distinct failure modes internally, so you may want to figure out how to raise corresponding exceptions for each failure or something.

Sounds good. Looks like the errors are either one of the two above or a malloc failure. malloc failures are pretty radical so I think I'll just raise a Invalid_metadata generic error, export the two above functions for checking and expect malloc failure to show up in any other subsequent allocation.

@toots toots merged commit 4b19e76 into savonet:main Oct 11, 2022
@nagisa nagisa deleted the fix-sigsegv branch October 31, 2022 11:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants