[PD-dev] [ pure-data-Patches-3536805 ] [tabread4~] crashes with illegal tablesizes

SourceForge.net noreply at sourceforge.net
Thu Jun 21 09:22:57 CEST 2012


Patches item #3536805, was opened at 2012-06-21 00:10
Message generated for change (Comment added) made by zmoelnig
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=3536805&group_id=55736

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: puredata
Group: None
Status: Open
>Resolution: Fixed
Priority: 7
Private: No
Submitted By: IOhannes m zmölnig (zmoelnig)
>Assigned to: Miller Puckette (millerpuckette)
Summary: [tabread4~] crashes with illegal tablesizes

Initial Comment:
as reported for the debian-package of Pd [1], pd can crash when using [tabread4~] and loading an invalid (raw) file into the table using [soundfiler].

"invalid" file means, that a (raw) file is read with a "headersize" (to skip) that is actually larger than the entire file.

[soundfiler] will attempt to resize the table to something negative (since filelength-headersize<0) which will fail safely, and leave the table at a size=1.

however, a [tabread4~] that accesses this table might segfault, since it needs more than 1 sample to interpolate.

for a patch that triggers the problem, see [1].

it seems that the problem only appears on x86_64, and not on i386.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=678306

----------------------------------------------------------------------

>Comment By: IOhannes m zmölnig (zmoelnig)
Date: 2012-06-21 00:22

Message:
attached is a patch that fixes the problem.

the patch does:
- make [soundfiler] fail if lseek(CUR)>lseek(EOF) (which is the case if the
specified header is larger than the soundfile); this is not strictly
necessary, since the array-resize will not resize to negative lengths.
- make [tabread4~] fallback to zeroes, if the table is smaller than 4
samples.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=478072&aid=3536805&group_id=55736



More information about the Pd-dev mailing list