function cddb_connect_server didn't call va_end() in
two cases, which seems to have caused a memory over run.
This was discovered when re-compiling libcdaudio with
gcc-3.4.4
I have not checked it but there are certainly lots of things to do in the
libcdaudio (library) code; I personally think that it requires a complete
rewrite or redesigning to make it reasonably okay, and that patching
activity will not reach that anywhere soon, but apart from that, why not.
I trust that you have good intentions, I am going to give you write access
to the project so that you can do it yourself, could you please indicate
your SourceForge login?
I'm sergiomb, we may apply 3 downstream patches https://pkgs.fedoraproject.org/cgit/rpms/libcdaudio.git/tree/, libdir patch maybe is a custom patch for linux and may break other systems ...
libcdaudio is one of oldest libs that I maintain , btw looking if we have a replacement and we have libcdio-paranoia from http://www.gnu.org/software/libcdio/ , maybe the correct is retire it from distribution, but if we can build it from sources and work with it , I can maintain it, it depends on the utility of the library nowadays. What do you think ?
Best regards
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This patch looks good to me , should be applied on git source ? like others for example: https://sourceforge.net/p/libcdaudio/bugs/_discuss/thread/31ea14cc/74ac/attachment/libcdaudio.diff
Thanks.
Hello,
I have not checked it but there are certainly lots of things to do in the
libcdaudio (library) code; I personally think that it requires a complete
rewrite or redesigning to make it reasonably okay, and that patching
activity will not reach that anywhere soon, but apart from that, why not.
I trust that you have good intentions, I am going to give you write access
to the project so that you can do it yourself, could you please indicate
your SourceForge login?
Thanks!
Best regards
Fabrice
I'm sergiomb, we may apply 3 downstream patches
https://pkgs.fedoraproject.org/cgit/rpms/libcdaudio.git/tree/, libdir patch maybe is a custom patch for linux and may break other systems ...
libcdaudio is one of oldest libs that I maintain , btw looking if we have a replacement and we have libcdio-paranoia from http://www.gnu.org/software/libcdio/ , maybe the correct is retire it from distribution, but if we can build it from sources and work with it , I can maintain it, it depends on the utility of the library nowadays. What do you think ?
Best regards