Date: Thu, 26 Dec 1996 16:44:03 -0800 (PST) From: John-Mark Gurney <jmg@hydrogen.nike.efn.org> To: FreeBSD-gnats@freefall.FreeBSD.org Subject: bin/2303: cdcontrol can read to many toc entries if track numbers are large Message-ID: <199612270044.QAA28028@hydrogen.nike.efn.org> Resent-Message-ID: <199612272240.OAA11722@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 2303
>Category: bin
>Synopsis: cdcontrol can read to many toc entries if track numbers are large
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 27 14:40:00 PST 1996
>Last-Modified:
>Originator: John-Mark Gurney
>Organization:
Cu Networking
>Release: FreeBSD 2.2-960801-SNAP i386
>Environment:
pretty much and version of cdcontrol...
plus a cd such as Nine Inch Nail's Broken cd which has track numbers 1 to 153 (yes that is 153)...
>Description:
basicly it blindly uses the stant and ending track numbers to see how many toc entries exist... but from the looks of it (I'm not completely sure on this) there can only be a total of 100, no more...
if you try to read more it returns an error... basicly meaning any cd that has more than 99 (plus the last whole cd track number 170) it makes the cd unplayable....
at first I though it was because the buffer (hard coded to 100) wasn't big enough.. but then I added code to dynamicly allocate it but it didn't fix the problem...
if you would like example toc_header output of a failed case I can send the info to you...
>How-To-Repeat:
put a cd that has more than 99 playable tracks in the cd drive and use cdcontrol to get info on it... or play it... it fails...
>Fix:
apply this fix... it basicly checks to see if there are more than 99 tracks reported.. and if so, reduct the number of tracks down to 99...
open_cd already does the checking for a valid fd, and returns appropriately... the check before open_cd is called isn't needed... also move all the open_cd calls into one place... to reduce code duplication...
the last two hunks are the one that fixes the above bug... the rest are consolidating the open_cd code...
Index: cdcontrol.c
===================================================================
RCS file: /usr/cvs/src/usr.sbin/cdcontrol/cdcontrol.c,v
retrieving revision 1.13
diff -c -r1.13 cdcontrol.c
*** cdcontrol.c 1996/06/25 21:01:27 1.13
--- cdcontrol.c 1996/12/27 00:39:02
***************
*** 246,282 ****
switch (cmd) {
case CMD_QUIT:
exit (0);
case CMD_INFO:
- if (fd < 0 && ! open_cd ())
- return (0);
-
return info (arg);
case CMD_STATUS:
- if (fd < 0 && ! open_cd ())
- return (0);
-
return pstatus (arg);
case CMD_PAUSE:
- if (fd < 0 && ! open_cd ())
- return (0);
-
return ioctl (fd, CDIOCPAUSE);
case CMD_RESUME:
- if (fd < 0 && ! open_cd ())
- return (0);
-
return ioctl (fd, CDIOCRESUME);
case CMD_STOP:
- if (fd < 0 && ! open_cd ())
- return (0);
-
rc = ioctl (fd, CDIOCSTOP);
(void) ioctl (fd, CDIOCALLOW);
--- 246,287 ----
switch (cmd) {
+ /* the following commands need the cd open, so open it, or at
+ least try */
+ case CMD_VOLUME:
+ case CMD_PLAY:
+ case CMD_CLOSE:
+ case CMD_EJECT:
+ case CMD_DEBUG:
+ case CMD_RESET:
+ case CMD_STOP:
+ case CMD_RESUME:
+ case CMD_PAUSE:
+ case CMD_STATUS:
+ case CMD_INFO:
+ if (! open_cd ())
+ return (0);
+ break;
+ }
+
+ switch (cmd) {
+
case CMD_QUIT:
exit (0);
case CMD_INFO:
return info (arg);
case CMD_STATUS:
return pstatus (arg);
case CMD_PAUSE:
return ioctl (fd, CDIOCPAUSE);
case CMD_RESUME:
return ioctl (fd, CDIOCRESUME);
case CMD_STOP:
rc = ioctl (fd, CDIOCSTOP);
(void) ioctl (fd, CDIOCALLOW);
***************
*** 284,292 ****
return (rc);
case CMD_RESET:
- if (fd < 0 && ! open_cd ())
- return (0);
-
rc = ioctl (fd, CDIOCRESET);
if (rc < 0)
return rc;
--- 289,294 ----
***************
*** 295,303 ****
return (0);
case CMD_DEBUG:
- if (fd < 0 && ! open_cd ())
- return (0);
-
if (! strcasecmp (arg, "on"))
return ioctl (fd, CDIOCSETDEBUG);
--- 297,302 ----
***************
*** 309,317 ****
return (0);
case CMD_EJECT:
- if (fd < 0 && ! open_cd ())
- return (0);
-
(void) ioctl (fd, CDIOCALLOW);
rc = ioctl (fd, CDIOCEJECT);
if (rc < 0)
--- 308,313 ----
***************
*** 319,327 ****
return (0);
case CMD_CLOSE:
- if (fd < 0 && ! open_cd ())
- return (0);
-
(void) ioctl (fd, CDIOCALLOW);
rc = ioctl (fd, CDIOCCLOSE);
if (rc < 0)
--- 315,320 ----
***************
*** 331,339 ****
return (0);
case CMD_PLAY:
- if (fd < 0 && ! open_cd ())
- return (0);
-
while (isspace (*arg))
arg++;
--- 324,329 ----
***************
*** 349,357 ****
return (0);
case CMD_VOLUME:
- if (fd < 0 && !open_cd ())
- return (0);
-
if (! strncasecmp (arg, "left", strlen(arg)))
return ioctl (fd, CDIOCSETLEFT);
--- 339,344 ----
***************
*** 393,398 ****
--- 380,387 ----
return (rc);
n = h.ending_track - h.starting_track + 1;
+ if(n>99)
+ n=99;
rc = read_toc_entrys ((n + 1) * sizeof (struct cd_toc_entry));
if (rc < 0)
***************
*** 742,747 ****
--- 731,738 ----
}
n = h.ending_track - h.starting_track + 1;
+ if(n>99)
+ n=99;
rc = read_toc_entrys ((n + 1) * sizeof (struct cd_toc_entry));
if (rc < 0)
return (rc);
>Audit-Trail:
>Unformatted:
John-Mark Gurney
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612270044.QAA28028>