[gstreamer-bugs] [Bug 300791] gstreamer grows until the linux OOM killer steps in with one mp3
bugzilla-daemon at bugzilla.gnome.org
bugzilla-daemon at bugzilla.gnome.org
Sat Apr 16 04:15:57 PDT 2005
Please DO NOT reply to this by email. All additional comments should be made in
the comments box of this bug report.
http://bugzilla.gnome.org/show_bug.cgi?id=300791
GStreamer | gst-plugins | Ver: 0.8.9
Tim-Philipp Müller changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |t.i.m at zen.co.uk
------- Additional Comments From Tim-Philipp Müller 2005-04-16 07:15 -------
Looks like a broken tag and/or a bug in libid3tag.
The problem seems to be the TDRC tag at the beginning, which is a string list in
UTF-16 encoding. The data to parse is 3 bytes:
ff fe 30
The first two are a little endian byte-order marker (BOM), which libid3tag
interprets correctly. That leaves one byte, which is not a valid UTF-16
character. This is where libid3tag goes into an endless loop. It basically does:
while (end - *ptr > 0) {
ucs4 = id3_parse_string (ptr, end - *ptr, *encoding, 0);
if (ucs4)
append_string_to_list (ucs4);
}
and id3_parse_string() will return an empty string without advancing the
pointer, so that while (end - *ptr) is always 1 => endless loop => endless
memory allocation.
Cheers
-Tim
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are the QA contact for the bug.
More information about the Gstreamer-bugs
mailing list