GNOME Bugzilla – Bug 172482
Segfault on malformed id3v2 tag
Last modified: 2006-10-01 00:27:36 UTC
Distribution/Version: Fedora Core 3 Muine segfaults when attempting to import a folder containing a series of files with malformed id3v2 tags. The id3 tags seem fine: $ id3info 01.mp3 *** Tag information for 01.mp3 === TPE1 (Lead performer(s)/Soloist(s)): Chobits OST === TIT2 (Title/songname/content description): 01 Morning, Morning === TYER (Year): 2002 === TALB (Album/Movie/Show title): Chobits === TRCK (Track number/Position in set): 1 === COMM (Comments): ()[ENU]: http://downcd.yeah.net === COMM (Comments): (ID3v1 Comment)[XXX]: http://downcd.yeah.net === TCON (Content type): (145) *** mp3 info MPEG1/layer III Bitrate: 320KBps Frequency: 44KHz but in xmms, when I don't have the "disable ID3V2 tags" option enabled for the mp3 audio I/O plugin, the tile/artist appear as funny p looking symbols. Disabling ID3V2 tags causes xmms to display the correct information above. This is the main reason I suspect malformed id3v2 tags. Stripping all id3 tags and copying the id3v1 tags only from a backup stops the segfault. For example song, after this is done: $ id3info 01.mp3 *** Tag information for 01.mp3 === TIT2 (Title/songname/content description): 01 Morning, Morning === TPE1 (Lead performer(s)/Soloist(s)): Chobits OST === TALB (Album/Movie/Show title): Chobits === TYER (Year): 2002 === TRCK (Track number/Position in set): 1 === COMM (Comments): (ID3v1 Comment)[XXX]: http://downcd.yeah.net === TCON (Content type): (145) *** mp3 info MPEG1/layer III Bitrate: 320KBps Frequency: 44KHz So it seems the data === COMM (Comments): ()[ENU]: http://downcd.yeah.net Is somehow causing muine to segfault. http://www.mail-archive.com/muine-list@gnome.org/msg00181.html may or may not be a related problem. The symptoms are the same: repeated segfault on muine startup until gconf-editor is used to remove the offending directory from watched_folders.
Created attachment 39616 [details] test file with id3v2 information If you want to reproduce the bug using this file, you'll need to copy the id3 tag to another mp3 file, as this one was made using: $ touch id3v2.mp3; id3cp -2 01.mp3 id3v2.mp3 And it doesn't cause muine to segfault until copied to an mp3 with content, when it does cause a segfault. Sorry, I didn't have any small open license mp3s on hand.
Created attachment 39617 [details] test file with id3v2 information I think I chose the mime-type incorrectly
Created attachment 64065 [details] [review] Patch (workaround?) that fixes the issue In a mp3 file with a performer field that has invalid utf-8 characters, Muine segfaults because of null references coming from this call: metadata_get_performer (raw, i) This is returning null when there are invalid utf-8 characters. I patched both Artists and Performers properties, since they seem to work the same way. The patch is similar to what's used in the album field: return (p == IntPtr.Zero) ? "" : Marshal.PtrToStringAnsi (p).Trim ();
This patch looks sane to me. Can someone commit it?
The current patch doesn't apply cleanly against current cvs HEAD. Also, I've been unable to reproduce this bug using id3 tags with non-ascii characters. I'm marking this bug as fixed for now. If you experience the same problem again, please reopen this bug, but make sure to attach the offending file if you do so. (Right now the issue is simply irreproducible.)
Created attachment 73726 [details] [review] patch that applies against current cvs Muine still crashes with the following file: http://rrr.vpsland.com/rafael/muine_crash.mp3 I'm attaching a new patch that applies against current cvs.
Confirming: muine still crashes.
Thanks for the patch. It fixes the problem. 2006-10-01 Wouter Bolsterlee <wbolster@gnome.org> * src/Metadata.cs: Don't segfault on malformed id3v2 tags. Fixes bug #172482.