Bug#786718: libmpg123: incorrect check/decoding for utf-16 surrogates in id3 parser

Sun, 24 May 2015 13:13:14 -0700 

Package: libmpg123-0
Version: 1.20.1-2
Severity: normal

Dear Maintainer,
utf-16 decoder in id3 parser improperly identifies surrogate pairs, resulting in improper identification of characters in 0xf800-0xfffe range as leading surrogate and decoding failure. 

E.g. attempt to decode title "「x」~y~" results in:
[id3.c:1065] error: Invalid UTF16 surrogate pair at 0 (0xff62).
and empty parsed title.
Attempt to decode title "xy&zte" results in:
[id3.c:1065] error: Invalid UTF16 surrogate pair at 4 (0xff06).
and "xy" in parsed title.

Patch attached, verified to work.
This bug still present in the latest upstream version (1.22.2).

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libmpg123-0 depends on:
ii  libc6              2.19-18
ii  multiarch-support  2.19-18

libmpg123-0 recommends no packages.

libmpg123-0 suggests no packages.

-- no debconf information

Description: libmpg123/id3.c: fix utf-16 decode
Author: Yuriy M. Kaminskiy <yumkam+deb...@gmail.com>

Index: mpg123-1.20.1/src/libmpg123/id3.c
===================================================================
--- mpg123-1.20.1.orig/src/libmpg123/id3.c
+++ mpg123-1.20.1/src/libmpg123/id3.c
@@ -1051,10 +1051,10 @@ static void convert_utf16bom(mpg123_stri
 	for(i=0; i < n; i+=2)
 	{
 		unsigned long point = ((unsigned long) s[i+high]<<8) + s[i+low];
-		if((point & 0xd800) == 0xd800) /* lead surrogate */
+		if((point & 0xf800) == 0xd800) /* lead surrogate */
 		{
 			unsigned short second = (i+3 < l) ? (s[i+2+high]<<8) + s[i+2+low] : 0;
-			if((second & 0xdc00) == 0xdc00) /* good... */
+			if((second & 0xfc00) == 0xdc00) /* good... */
 			{
 				point = FULLPOINT(point,second);
 				length += UTF8LEN(point); /* possibly 4 bytes */
@@ -1077,7 +1077,7 @@ static void convert_utf16bom(mpg123_stri
 	for(i=0; i < n; i+=2)
 	{
 		unsigned long codepoint = ((unsigned long) s[i+high]<<8) + s[i+low];
-		if((codepoint & 0xd800) == 0xd800) /* lead surrogate */
+		if((codepoint & 0xf800) == 0xd800) /* lead surrogate */
 		{
 			unsigned short second = (s[i+2+high]<<8) + s[i+2+low];
 			codepoint = FULLPOINT(codepoint,second);

_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to