m3u parsing crash on extended characters

Help
2010-11-19
2013-05-30
  • RampagingPenguin

    Synopsis

    Mediatomb 12.1 running on Fedora 14, i386 crashes parsing m3u files with extended characters
    Looks like a problem at jsbool.c:214
    I am using the version of mediatomb packaged with fedora 14, no modifications.

    Mediatomb Compile Info

    MediaTomb UPnP Server version 0.12.1 - http://mediatomb.cc/

    ===============================================================================
    Copyright 2005-2010 Gena Batsyan, Sergey Bostandzhyan, Leonhard Wimmer.
    MediaTomb is free software, covered by the GNU General Public License version 2

    Compile info:

    host: i386-redhat-linux-gnu
    sqlite3: yes
    mysql: yes
    libjs: yes
    libmagic: yes
    inotify: yes
    libexif: yes
    id3lib: disabled
    taglib: yes
    ffmpeg missing
    libmp4v2: yes
    external transcoding: yes
    curl: yes
    YouTube: yes
    libextractor disabled
    db-autocreate: yes
    debug log: yes
    protocol info extension:yes
    ffmpegthumbnailer: missing
    lastfmlib: missing
    data directory: /usr/share/mediatomb

    Linux OS version (uname -a)

    Linux fish 2.6.35.6-48.fc14.i686 #1 SMP Fri Oct 22 15:34:36 UTC 2010 i686 i686 i386 GNU/Linux

    Details of problem

    As per synopsis, the problem is that in my music collection there are a lot of playlists. Some of these
    playlists contain extended characters (one example is for Jose Gonzalez whose name has an accent over
    some of the "e"'s).

    Basically this causes mediatomb to crash. The problem is 100% repeatable.

    It is crashing in the javascript parsing at the same place every time. to show exactly what happens, I have run
    mediatomb under gdb, after installing the appropriate debuginfo packages to get symbol information. So, running gdb with the following options

    fish# gdb mediatomb
    <gdb startup messages snipped>
    r -u mediatomb -g mediatomb -P /var/run/mediatomb.pid -l /var/log/mediatomb -m /etc -f mediatomb -p 50500 -e eth0

    <Parsing messages snipped>

    Program received signal SIGSEGV, Segmentation fault.

    0x006bf2eb in js_ValueToBoolean (cx=0x8245b98, v=4, bp=0xb3848c60) at jsbool.c:214
    214         b = JSSTRING_LENGTH(JSVAL_TO_STRING(v)) ? JS_TRUE : JS_FALSE;
    (gdb)
    (gdb) bt
    #0  0x006bf2eb in js_ValueToBoolean (cx=0x8245b98, v=4, bp=0xb3848c60) at jsbool.c:214
    #1  0x006f3c1d in js_Interpret (cx=0x8245b98, pc=0x82add6c "\b\377\227\006\001ޚ",
        result=0xb3848d1c) at jsinterp.c:2511
    #2  0x006f757b in js_Execute (cx=0x8245b98, chain=0x825f6c0, script=0x82adb60, down=0x0, flags=0,
        result=0xb3848dfc) at jsinterp.c:1633
    #3  0x006b24cb in JS_ExecuteScript (cx=0x8245b98, obj=0x825f6c0, script=0x82adb60, rval=0xb3848dfc)
        at jsapi.c:4188
    #4  0x080df3ee in Script::_execute (this=0x825aa00, scr=0x82adb60) at ../src/scripting/script.cc:585
    #5  0x080df4d5 in Script::execute (this=0x825aa00) at ../src/scripting/script.cc:591
    #6  0x080de1fc in PlaylistParserScript::processPlaylistObject (this=0x825aa00, obj=…, task=…)
        at ../src/scripting/playlist_parser_script.cc:195
    #7  0x080bed90 in ContentManager::addRecursive (this=0x82418f8, path=…, hidden=false, task=…)
        at ../src/content_manager.cc:1081
    #8  0x080bee53 in ContentManager::addRecursive (this=0x82418f8, path=…, hidden=false, task=…)
        at ../src/content_manager.cc:1102
    #9  0x080c1489 in ContentManager::_addFile (this=0x82418f8, path=…, rootpath=…, recursive=true,
        hidden=false, task=…) at ../src/content_manager.cc:705
    #10 0x080c1c74 in CMAddFileTask::run (this=0x83463a8) at ../src/content_manager.cc:2411
    #11 0x080b6f98 in ContentManager::threadProc (this=0x82418f8) at ../src/content_manager.cc:1564
    #12 0x080b72be in ContentManager::staticThreadProc (arg=0x82418f8) at ../src/content_manager.cc:1586
    #13 0x004b9f19 in start_thread (arg=0xb3849b70) at pthread_create.c:301
    #14 0x003fba2e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:133
    (gdb) info locals
    b = <value optimized out>
    d = <value optimized out>
    (gdb) info args
    cx = 0x8245b98
    v = 4
    bp = 0xb3848c60
    (gdb) info threads
      11 Thread 0xb3048b70 (LWP 13053)  0x00110416 in __kernel_vsyscall ()
    * 10 Thread 0xb3849b70 (LWP 13052)  0x006bf2eb in js_ValueToBoolean (cx=0x8245b98, v=4,
        bp=0xb3848c60) at jsbool.c:214
      9 Thread 0xb41ffb70 (LWP 13051)  0x00110416 in __kernel_vsyscall ()
      7 Thread 0xb53fbb70 (LWP 13049)  0x00110416 in __kernel_vsyscall ()
      6 Thread 0xb5bfcb70 (LWP 13048)  0x00110416 in __kernel_vsyscall ()
      5 Thread 0xb63fdb70 (LWP 13047)  0x00110416 in __kernel_vsyscall ()
      4 Thread 0xb6bfeb70 (LWP 13046)  0x00110416 in __kernel_vsyscall ()
      2 Thread 0xb7d60b70 (LWP 13044)  0x00110416 in __kernel_vsyscall ()
      1 Thread 0xb7fd8960 (LWP 13043)  0x00110416 in __kernel_vsyscall ()
    (gdb) list -
    204         if (!JS_VERSION_IS_ECMA(cx)) {
    205             if (!OBJ_DEFAULT_VALUE(cx, JSVAL_TO_OBJECT(v), JSTYPE_BOOLEAN, &v))
    206                 return JS_FALSE;
    207             if (!JSVAL_IS_BOOLEAN(v))
    208                 v = JSVAL_TRUE;         /* non-null object is true */
    209             b = JSVAL_TO_BOOLEAN(v);
    210         } else {
    211             b = JS_TRUE;
    212         }
    213     } else if (JSVAL_IS_STRING(v)) {
    (gdb) lis
    214         b = JSSTRING_LENGTH(JSVAL_TO_STRING(v)) ? JS_TRUE : JS_FALSE;
    215     } else if (JSVAL_IS_INT(v)) {
    216         b = JSVAL_TO_INT(v) ? JS_TRUE : JS_FALSE;
    217     } else if (JSVAL_IS_DOUBLE(v)) {
    218         d = *JSVAL_TO_DOUBLE(v);
    219         b = (!JSDOUBLE_IS_NaN(d) && d != 0) ? JS_TRUE : JS_FALSE;
    220     } else {
    221         JS_ASSERT(JSVAL_IS_BOOLEAN(v));
    222         b = JSVAL_TO_BOOLEAN(v);
    223     }

     
  • Jin

    Jin - 2010-11-21

    Hmm, question is if we need to do something differently in our code of if it is a bug in libjs. Could you please email me your m3u playlist file? Thanks.

     
  • RampagingPenguin

    Not sure that the extra characters will make it through the sourceforge email form.

    So I've included a (reversible) hexdump below generated with xxd.
    just run xxd -r over the text below to recreate the playlist.(xxd was installed on my Fedora box)

    0000000: 2345 5854 4d33 550d 0a23 4558 5449 4e46  #EXTM3U..#EXTINF
    0000010: 3a31 3630 2c4a 6f73 e920 476f 6e7a e16c  :160,Jos. Gonz.l
    0000020: 657a 202d 2030 3120 486f 7720 4c6f 770d  ez - 01 How Low.
    0000030: 0a30 3120 486f 7720 4c6f 772e 6d70 330d  .01 How Low.mp3.
    0000040: 0a23 4558 5449 4e46 3a31 3930 2c4a 6f73  .#EXTINF:190,Jos
    0000050: e920 476f 6e7a e16c 657a 202d 2030 3220  . Gonz.lez - 02
    0000060: 446f 776e 2054 6865 204c 696e 650d 0a30  Down The Line..0
    0000070: 3220 446f 776e 2054 6865 204c 696e 652e  2 Down The Line.
    0000080: 6d70 330d 0a23 4558 5449 4e46 3a31 3832  mp3..#EXTINF:182
    0000090: 2c4a 6f73 e920 476f 6e7a e16c 657a 202d  ,Jos. Gonz.lez -
    00000a0: 2030 3320 4b69 6c6c 696e 6720 466f 7220   03 Killing For
    00000b0: 4c6f 7665 0d0a 3033 204b 696c 6c69 6e67  Love..03 Killing
    00000c0: 2046 6f72 204c 6f76 652e 6d70 330d 0a23   For Love.mp3..#
    00000d0: 4558 5449 4e46 3a31 3632 2c4a 6f73 e920  EXTINF:162,Jos.
    00000e0: 476f 6e7a e16c 657a 202d 2030 3420 496e  Gonz.lez - 04 In
    00000f0: 204f 7572 204e 6174 7572 650d 0a30 3420   Our Nature..04
    0000100: 496e 204f 7572 204e 6174 7572 652e 6d70  In Our Nature.mp
    0000110: 330d 0a23 4558 5449 4e46 3a32 3133 2c4a  3..#EXTINF:213,J
    0000120: 6f73 e920 476f 6e7a e16c 657a 202d 2030  os. Gonz.lez - 0
    0000130: 3520 5465 6172 6472 6f70 0d0a 3035 2054  5 Teardrop..05 T
    0000140: 6561 7264 726f 702e 6d70 330d 0a23 4558  eardrop.mp3..#EX
    0000150: 5449 4e46 3a31 3038 2c4a 6f73 e920 476f  TINF:108,Jos. Go
    0000160: 6e7a e16c 657a 202d 2030 3620 4162 7261  nz.lez - 06 Abra
    0000170: 6d0d 0a30 3620 4162 7261 6d2e 6d70 330d  m..06 Abram.mp3.
    0000180: 0a23 4558 5449 4e46 3a31 3637 2c4a 6f73  .#EXTINF:167,Jos
    0000190: e920 476f 6e7a e16c 657a 202d 2030 3720  . Gonz.lez - 07
    00001a0: 5469 6d65 2054 6f20 5365 6e64 2053 6f6d  Time To Send Som
    00001b0: 656f 6e65 2041 7761 790d 0a30 3720 5469  eone Away..07 Ti
    00001c0: 6d65 2054 6f20 5365 6e64 2053 6f6d 656f  me To Send Someo
    00001d0: 6e65 2041 7761 792e 6d70 330d 0a23 4558  ne Away.mp3..#EX
    00001e0: 5449 4e46 3a31 3433 2c4a 6f73 e920 476f  TINF:143,Jos. Go
    00001f0: 6e7a e16c 657a 202d 2030 3820 5468 6520  nz.lez - 08 The
    0000200: 4e65 7374 0d0a 3038 2054 6865 204e 6573  Nest..08 The Nes
    0000210: 742e 6d70 330d 0a23 4558 5449 4e46 3a31  t.mp3..#EXTINF:1
    0000220: 3734 2c4a 6f73 e920 476f 6e7a e16c 657a  74,Jos. Gonz.lez
    0000230: 202d 2030 3920 466f 6c64 0d0a 3039 2046   - 09 Fold..09 F
    0000240: 6f6c 642e 6d70 330d 0a23 4558 5449 4e46  old.mp3..#EXTINF
    0000250: 3a34 3839 2c4a 6f73 e920 476f 6e7a e16c  :489,Jos. Gonz.l
    0000260: 657a 202d 2031 3020 4379 636c 696e 6720  ez - 10 Cycling
    0000270: 5472 6976 6961 6c69 7469 6573 0d0a 3130  Trivialities..10
    0000280: 2043 7963 6c69 6e67 2054 7269 7669 616c   Cycling Trivial
    0000290: 6974 6965 732e 6d70 330d 0a              ities.mp3..

     
  • Jin

    Jin - 2010-11-22

    Don't think too complicated, forget the SF form and just drop a mail to contact@mediatomb.cc

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks