The audio file selector stores the chunk table of each audio file
as an osl disk object. Since the aac audio format handler employs
dynamic chunks, these on-disk chunk tables of aac files will never
be consulted for streaming. They exist only for consistency with the
other audio formats and should be empty.
Due to a mis-computation of the chunk table size in the callback of
the add command we happen to store the serialized lopsub parse result
as the chunk table.
This is a benign bug since it only affects the ls command, and only
if -l=c is given to print the chunk table.
char asc[2 * HASH2_SIZE + 1];
int ret;
char afsi_buf[AFSI_SIZE];
char asc[2 * HASH2_SIZE + 1];
int ret;
char afsi_buf[AFSI_SIZE];
- char *slpr = buf + read_u32(buf + CAB_LPR_OFFSET);
+ uint32_t slpr_offset = read_u32(buf + CAB_LPR_OFFSET);
+ char *slpr = buf + slpr_offset;
struct afs_info default_afsi = {.last_played = 0};
uint16_t afhi_offset, chunks_offset;
const struct lls_command *cmd = SERVER_CMD_CMD_PTR(ADD);
struct afs_info default_afsi = {.last_played = 0};
uint16_t afhi_offset, chunks_offset;
const struct lls_command *cmd = SERVER_CMD_CMD_PTR(ADD);
/* no hs or force mode, child must have sent afhi */
afhi_offset = read_u32(buf + CAB_AFHI_OFFSET_POS);
chunks_offset = read_u32(buf + CAB_CHUNKS_OFFSET_POS);
/* no hs or force mode, child must have sent afhi */
afhi_offset = read_u32(buf + CAB_AFHI_OFFSET_POS);
chunks_offset = read_u32(buf + CAB_CHUNKS_OFFSET_POS);
+ assert(chunks_offset <= slpr_offset);
objs[AFTCOL_AFHI].data = buf + afhi_offset;
objs[AFTCOL_AFHI].size = chunks_offset - afhi_offset;
objs[AFTCOL_AFHI].data = buf + afhi_offset;
objs[AFTCOL_AFHI].size = chunks_offset - afhi_offset;
if (!objs[AFTCOL_AFHI].size) /* "impossible" */
goto out;
objs[AFTCOL_CHUNKS].data = buf + chunks_offset;
if (!objs[AFTCOL_AFHI].size) /* "impossible" */
goto out;
objs[AFTCOL_CHUNKS].data = buf + chunks_offset;
- objs[AFTCOL_CHUNKS].size = aca->query.size - chunks_offset;
+ objs[AFTCOL_CHUNKS].size = slpr_offset - chunks_offset;
if (pb && !hs) { /* update pb's hash */
char old_asc[2 * HASH2_SIZE + 1];
unsigned char *old_hash;
if (pb && !hs) { /* update pb's hash */
char old_asc[2 * HASH2_SIZE + 1];
unsigned char *old_hash;