Bug 102151 - RIFF: infinite loop
Summary: RIFF: infinite loop
Status: RESOLVED FIXED
Alias: None
Product: exempi
Classification: Unclassified
Component: Problems (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Hubert Figuiere
QA Contact: Hubert Figuiere
URL:
Whiteboard: [release:2.4.4]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-11 14:35 UTC by Jakub Wilk
Modified: 2018-05-10 15:56 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Attachments
reproducer (4.57 KB, video/x-msvideo)
2017-08-11 14:35 UTC, Jakub Wilk
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Jakub Wilk 2017-08-11 14:35:10 UTC
Created attachment 133439 [details]
reproducer

Exempi seems to fall into infinite loop when extracting XMP from the attached file:

$ exempi -x inf-loop.avi
processing file inf-loop.avi
dump_xmp for file inf-loop.avi
[...nothing happens...]

Tested with git master (b1859382628b5ba961548980e3b0725d6f934b20).

Found using American Fuzzy Lop:
http://lcamtuf.coredump.cx/afl/
Comment 1 Hubert Figuiere 2017-08-15 04:14:35 UTC
Fixed in 2.4.x branch at 65a8492832b7335ffabd01f5f64d89dec757c260
Comment 2 kirotawa 2018-05-09 20:09:16 UTC
For some old versions it also seems an issue, but coding something like:

-       this->oldSize = LFA_ReadUns32_LE( file ) + 8;                                                                                                          +       this->oldSize = LFA_ReadUns32_LE( file );                                                                                                              +       this->oldSize += 8; 

not fix this. I suppose that part of the fix of the issue is in how XIO::ReadUns32_LE works, since it was replaced in new versions. So, is there any way to fix this for ol LFA read?
Comment 3 Hubert Figuiere 2018-05-10 01:43:35 UTC
(In reply to kirotawa from comment #2)
> For some old versions it also seems an issue, but coding something like:
> 
> -       this->oldSize = LFA_ReadUns32_LE( file ) + 8;                       
> +       this->oldSize = LFA_ReadUns32_LE( file );                           
> +       this->oldSize += 8; 
> 
> not fix this. I suppose that part of the fix of the issue is in how
> XIO::ReadUns32_LE works, since it was replaced in new versions. So, is there
> any way to fix this for ol LFA read?

Please define "some old version".
Comment 4 kirotawa 2018-05-10 12:29:34 UTC
I was referring to these version 2.2.1-1 and 2.2.2-2. Since they don't use XIO::ReadUns32_LE.
Comment 5 Hubert Figuiere 2018-05-10 13:55:00 UTC
These versions are no longer supported.

As indicated this bug was fixed in 2.4.4.
Comment 6 kirotawa 2018-05-10 15:56:47 UTC
Some distros still uses old versions I was looking for any clue or tip in how to fix this for those mentioned.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.