From owner-freebsd-bugs Fri Dec 27 14:40:04 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA11730 for bugs-outgoing; Fri, 27 Dec 1996 14:40:04 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id OAA11722; Fri, 27 Dec 1996 14:40:01 -0800 (PST) Resent-Date: Fri, 27 Dec 1996 14:40:01 -0800 (PST) Resent-Message-Id: <199612272240.OAA11722@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, gurney_j@efn.org Received: from mail.webspan.net (mail.webspan.net [206.154.70.7]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA11600 for ; Fri, 27 Dec 1996 14:36:08 -0800 (PST) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (8.7.5/8.7.3) with ESMTP id RAA09728 for ; Fri, 27 Dec 1996 17:35:17 -0500 (EST) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (8.8.3/8.7.3) with ESMTP id RAA03717 for ; Fri, 27 Dec 1996 17:35:16 -0500 (EST) Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.18]) by mail.webspan.net (8.7.5/8.7.3) with ESMTP id TAA04915 for ; Thu, 26 Dec 1996 19:44:32 -0500 (EST) Received: from hydrogen.nike.efn.org (resnet.uoregon.edu [128.223.170.28]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id QAA21489 for ; Thu, 26 Dec 1996 16:44:05 -0800 (PST) Received: (from jmg@localhost) by hydrogen.nike.efn.org (8.8.4/8.8.4) id QAA28028; Thu, 26 Dec 1996 16:44:03 -0800 (PST) Message-Id: <199612270044.QAA28028@hydrogen.nike.efn.org> Date: Thu, 26 Dec 1996 16:44:03 -0800 (PST) From: John-Mark Gurney Reply-To: gurney_j@efn.org To: FreeBSD-gnats@freefall.FreeBSD.org X-Send-Pr-Version: 3.2 Subject: bin/2303: cdcontrol can read to many toc entries if track numbers are large Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 2303 >Category: bin >Synopsis: cdcontrol can read to many toc entries if track numbers are large >Confidential: no >Severity: serious >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 27 14:40:00 PST 1996 >Last-Modified: >Originator: John-Mark Gurney >Organization: Cu Networking >Release: FreeBSD 2.2-960801-SNAP i386 >Environment: pretty much and version of cdcontrol... plus a cd such as Nine Inch Nail's Broken cd which has track numbers 1 to 153 (yes that is 153)... >Description: basicly it blindly uses the stant and ending track numbers to see how many toc entries exist... but from the looks of it (I'm not completely sure on this) there can only be a total of 100, no more... if you try to read more it returns an error... basicly meaning any cd that has more than 99 (plus the last whole cd track number 170) it makes the cd unplayable.... at first I though it was because the buffer (hard coded to 100) wasn't big enough.. but then I added code to dynamicly allocate it but it didn't fix the problem... if you would like example toc_header output of a failed case I can send the info to you... >How-To-Repeat: put a cd that has more than 99 playable tracks in the cd drive and use cdcontrol to get info on it... or play it... it fails... >Fix: apply this fix... it basicly checks to see if there are more than 99 tracks reported.. and if so, reduct the number of tracks down to 99... open_cd already does the checking for a valid fd, and returns appropriately... the check before open_cd is called isn't needed... also move all the open_cd calls into one place... to reduce code duplication... the last two hunks are the one that fixes the above bug... the rest are consolidating the open_cd code... Index: cdcontrol.c =================================================================== RCS file: /usr/cvs/src/usr.sbin/cdcontrol/cdcontrol.c,v retrieving revision 1.13 diff -c -r1.13 cdcontrol.c *** cdcontrol.c 1996/06/25 21:01:27 1.13 --- cdcontrol.c 1996/12/27 00:39:02 *************** *** 246,282 **** switch (cmd) { case CMD_QUIT: exit (0); case CMD_INFO: - if (fd < 0 && ! open_cd ()) - return (0); - return info (arg); case CMD_STATUS: - if (fd < 0 && ! open_cd ()) - return (0); - return pstatus (arg); case CMD_PAUSE: - if (fd < 0 && ! open_cd ()) - return (0); - return ioctl (fd, CDIOCPAUSE); case CMD_RESUME: - if (fd < 0 && ! open_cd ()) - return (0); - return ioctl (fd, CDIOCRESUME); case CMD_STOP: - if (fd < 0 && ! open_cd ()) - return (0); - rc = ioctl (fd, CDIOCSTOP); (void) ioctl (fd, CDIOCALLOW); --- 246,287 ---- switch (cmd) { + /* the following commands need the cd open, so open it, or at + least try */ + case CMD_VOLUME: + case CMD_PLAY: + case CMD_CLOSE: + case CMD_EJECT: + case CMD_DEBUG: + case CMD_RESET: + case CMD_STOP: + case CMD_RESUME: + case CMD_PAUSE: + case CMD_STATUS: + case CMD_INFO: + if (! open_cd ()) + return (0); + break; + } + + switch (cmd) { + case CMD_QUIT: exit (0); case CMD_INFO: return info (arg); case CMD_STATUS: return pstatus (arg); case CMD_PAUSE: return ioctl (fd, CDIOCPAUSE); case CMD_RESUME: return ioctl (fd, CDIOCRESUME); case CMD_STOP: rc = ioctl (fd, CDIOCSTOP); (void) ioctl (fd, CDIOCALLOW); *************** *** 284,292 **** return (rc); case CMD_RESET: - if (fd < 0 && ! open_cd ()) - return (0); - rc = ioctl (fd, CDIOCRESET); if (rc < 0) return rc; --- 289,294 ---- *************** *** 295,303 **** return (0); case CMD_DEBUG: - if (fd < 0 && ! open_cd ()) - return (0); - if (! strcasecmp (arg, "on")) return ioctl (fd, CDIOCSETDEBUG); --- 297,302 ---- *************** *** 309,317 **** return (0); case CMD_EJECT: - if (fd < 0 && ! open_cd ()) - return (0); - (void) ioctl (fd, CDIOCALLOW); rc = ioctl (fd, CDIOCEJECT); if (rc < 0) --- 308,313 ---- *************** *** 319,327 **** return (0); case CMD_CLOSE: - if (fd < 0 && ! open_cd ()) - return (0); - (void) ioctl (fd, CDIOCALLOW); rc = ioctl (fd, CDIOCCLOSE); if (rc < 0) --- 315,320 ---- *************** *** 331,339 **** return (0); case CMD_PLAY: - if (fd < 0 && ! open_cd ()) - return (0); - while (isspace (*arg)) arg++; --- 324,329 ---- *************** *** 349,357 **** return (0); case CMD_VOLUME: - if (fd < 0 && !open_cd ()) - return (0); - if (! strncasecmp (arg, "left", strlen(arg))) return ioctl (fd, CDIOCSETLEFT); --- 339,344 ---- *************** *** 393,398 **** --- 380,387 ---- return (rc); n = h.ending_track - h.starting_track + 1; + if(n>99) + n=99; rc = read_toc_entrys ((n + 1) * sizeof (struct cd_toc_entry)); if (rc < 0) *************** *** 742,747 **** --- 731,738 ---- } n = h.ending_track - h.starting_track + 1; + if(n>99) + n=99; rc = read_toc_entrys ((n + 1) * sizeof (struct cd_toc_entry)); if (rc < 0) return (rc); >Audit-Trail: >Unformatted: John-Mark Gurney