Bug#786718: marked as done (libmpg123: incorrect check/decoding for utf-16 surrogates in id3 parser)

Sun, 13 Sep 2015 22:07:01 -0700 

Your message dated Mon, 14 Sep 2015 05:03:49 +0000
with message-id <e1zblvh-0006ce...@franck.debian.org>
and subject line Bug#786718: fixed in mpg123 1.22.3-1
has caused the Debian Bug report #786718,
regarding libmpg123: incorrect check/decoding for utf-16 surrogates in id3 
parser
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
786718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786718
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: libmpg123-0
Version: 1.20.1-2
Severity: normal

Dear Maintainer,
utf-16 decoder in id3 parser improperly identifies surrogate pairs, resulting in improper identification of characters in 0xf800-0xfffe range as leading surrogate and decoding failure. 

E.g. attempt to decode title "「x」~y~" results in:
[id3.c:1065] error: Invalid UTF16 surrogate pair at 0 (0xff62).
and empty parsed title.
Attempt to decode title "xy&zte" results in:
[id3.c:1065] error: Invalid UTF16 surrogate pair at 4 (0xff06).
and "xy" in parsed title.

Patch attached, verified to work.
This bug still present in the latest upstream version (1.22.2).

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libmpg123-0 depends on:
ii  libc6              2.19-18
ii  multiarch-support  2.19-18

libmpg123-0 recommends no packages.

libmpg123-0 suggests no packages.

-- no debconf information

Description: libmpg123/id3.c: fix utf-16 decode
Author: Yuriy M. Kaminskiy <yumkam+deb...@gmail.com>

Index: mpg123-1.20.1/src/libmpg123/id3.c
===================================================================
--- mpg123-1.20.1.orig/src/libmpg123/id3.c
+++ mpg123-1.20.1/src/libmpg123/id3.c
@@ -1051,10 +1051,10 @@ static void convert_utf16bom(mpg123_stri
 	for(i=0; i < n; i+=2)
 	{
 		unsigned long point = ((unsigned long) s[i+high]<<8) + s[i+low];
-		if((point & 0xd800) == 0xd800) /* lead surrogate */
+		if((point & 0xf800) == 0xd800) /* lead surrogate */
 		{
 			unsigned short second = (i+3 < l) ? (s[i+2+high]<<8) + s[i+2+low] : 0;
-			if((second & 0xdc00) == 0xdc00) /* good... */
+			if((second & 0xfc00) == 0xdc00) /* good... */
 			{
 				point = FULLPOINT(point,second);
 				length += UTF8LEN(point); /* possibly 4 bytes */
@@ -1077,7 +1077,7 @@ static void convert_utf16bom(mpg123_stri
 	for(i=0; i < n; i+=2)
 	{
 		unsigned long codepoint = ((unsigned long) s[i+high]<<8) + s[i+low];
-		if((codepoint & 0xd800) == 0xd800) /* lead surrogate */
+		if((codepoint & 0xf800) == 0xd800) /* lead surrogate */
 		{
 			unsigned short second = (s[i+2+high]<<8) + s[i+2+low];
 			codepoint = FULLPOINT(codepoint,second);

--- End Message ---
--- Begin Message --- 
Source: mpg123
Source-Version: 1.22.3-1

We believe that the bug you reported is fixed in the latest version of
mpg123, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Miguel A. Colón Vélez <debian.mic...@gmail.com> (supplier of updated mpg123 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 06 Aug 2015 19:13:48 -0400
Source: mpg123
Binary: mpg123 libmpg123-0 libmpg123-dev
Architecture: source
Version: 1.22.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers 
<pkg-multimedia-maintainers@lists.alioth.debian.org>
Changed-By: Miguel A. Colón Vélez <debian.mic...@gmail.com>
Description:
 libmpg123-0 - MPEG layer 1/2/3 audio decoder (shared library)
 libmpg123-dev - MPEG layer 1/2/3 audio decoder (development files)
 mpg123     - MPEG layer 1/2/3 audio player
Closes: 786718
Changes:
 mpg123 (1.22.3-1) unstable; urgency=medium
 .
   * New upstream release.
     - Fix UTF-16 surrogate detection because that used to falsely detect
       characters above 0xDFFF as surrogates. (Closes: 786718)
   * Update the Suggests so that they can be satisfied in all architectures.
   * Introduce a wrapper for the pulse plugin.
   * Simplify the rules file by removing the dh_shlibdeps and dh_makeshlibs
     overrides.
Checksums-Sha1:
 fd9f93c77de62684a2f82845d669612d52b8e923 2242 mpg123_1.22.3-1.dsc
 1410ab076f17636e0927021c8d5764bc3919e7bd 870218 mpg123_1.22.3.orig.tar.bz2
 1ec0abd74ea249ed2f42ae648201dd172646ffe3 22888 mpg123_1.22.3-1.debian.tar.xz
Checksums-Sha256:
 2fa2915145020e154660e3b024f81a3655fa90222082d9dedea5090b52adf2f1 2242 
mpg123_1.22.3-1.dsc
 23d2a843c3efc746a326eb4e56d5488b4c67fa6c3c7c71f4d26d98ee4c1f5c2d 870218 
mpg123_1.22.3.orig.tar.bz2
 ddf13dd80ec3a3886d2dd60453ed97d340cdf659f9e32b52fc572ceac7c87e66 22888 
mpg123_1.22.3-1.debian.tar.xz
Files:
 5881a9659e86772aa0956f8d5a19e7f7 2242 sound optional mpg123_1.22.3-1.dsc
 fca857bc5ad0d2070cd38bd5f0f85f1c 870218 sound optional 
mpg123_1.22.3.orig.tar.bz2
 e289db112e64fe8cbd6d75466426a38b 22888 sound optional 
mpg123_1.22.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJV9lMWAAoJEAamIUI/8faTBEIP+wb+lUgH+NGETrJrGDABdbBk
89j2gFHVETUUcLLxbaJhkSxi6gIBbxFN9G5Hn2CNgTH+X1q5JTqekszJGn2THYeR
YcxCzx5hHICed1rqavXRyaw9iJetMSvkE96wWAmP0CrPk7WSO+8ZEp8I2TLRYMJ+
0YcYPcxsaiXJsiAFioJuz/ivKVzLxkCkd8FKSUk4iwATOQ/2pyjEOBLtKtB84yic
nthgwt+W8YazSVHrolia/tU+E6yDo0VkGGPl81FZeH7y1DPv9hFLDzisg6zXxYsB
vq66JMSgM31oeJrq5FT2N/2R3F9erJdkhIH0gLJ4fm3YTQH/bI/lYTUfiNXVoMUm
huU2JOJ+nq1nciTq7juU9C/j2VX3Wrp+55sMkkdXAc+uv0Fyb4OxzUoqiDN9aokQ
X5WTsocXzSPZQL9p0UQUbOfW9eFeRZUDaVA2KyC0GgzCPqcZozmdYbKvm67Ip1la
XZyrWxX7zLr4KaoAGGjNJgqCel3AUNAI5f/ZLKMZS5h3gmjQuoGxrPcce5i6EVTX
SaNDUGbh2Waqtm/4lkrG+BB8//3wzXT7gJvfD9TBXlTDupan7wIxAUDJCO+lZRf1
7esX5FiB6/pxGVZBm8WrDkNbSqT89ZQN9x6jPc367Onfkiw8BsP55ghnmWvC+Pls
PJN/0GTH5N6QeTcEIFK+
=s83E
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Reply via email to