Bug 151078

Summary: Crash in AttachedPictureFrame(const ByteVector&), GeneralEncapsulatedObjectFrame(const ByteVector&)
Product: [Unmaintained] taglib Reporter: Urs Fleisch <ufleisch>
Component: generalAssignee: Scott Wheeler <wheeler>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Urs Fleisch 2007-10-20 09:24:25 UTC 
Version:           1.4 (using KDE KDE 3.5.8)
Installed from:    Ubuntu Packages
Compiler:          g++ (GCC) 4.1.3 20070929 (prerelease) (Ubuntu 4.1.2-16ubuntu2) 
OS:                Linux

The "from ByteVector" constructors of AttachedPictureFrame and GeneralEncapsulatedObjectFrame first call setData() (which calls parse(), which dereferences the FramePrivate d pointer), and then allocate d, which causes a segfault. Those two lines should be swapped.

diff -ru taglib.orig/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp taglib/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
--- taglib.orig/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp	2007-10-20 08:40:22.000000000 +0200
+++ taglib/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp	2007-10-20 09:16:27.000000000 +0200
@@ -54,8 +54,8 @@
 
 AttachedPictureFrame::AttachedPictureFrame(const ByteVector &data) : Frame(data)
 {
-  setData(data);
   d = new AttachedPictureFramePrivate;
+  setData(data);
 }
 
 AttachedPictureFrame::~AttachedPictureFrame()
diff -ru taglib.orig/taglib/mpeg/id3v2/frames/generalencapsulatedobjectframe.cpp taglib/taglib/mpeg/id3v2/frames/generalencapsulatedobjectframe.cpp
--- taglib.orig/taglib/mpeg/id3v2/frames/generalencapsulatedobjectframe.cpp	2007-10-20 08:40:22.000000000 +0200
+++ taglib/taglib/mpeg/id3v2/frames/generalencapsulatedobjectframe.cpp	2007-10-20 09:16:41.000000000 +0200
@@ -55,8 +55,8 @@
 
 GeneralEncapsulatedObjectFrame::GeneralEncapsulatedObjectFrame(const ByteVector &data) : Frame(data)
 {
-  setData(data);
   d = new GeneralEncapsulatedObjectFramePrivate;
+  setData(data);
 }
 
 GeneralEncapsulatedObjectFrame::~GeneralEncapsulatedObjectFrame()
Comment 1 Lukáš Lalinský 2007-11-10 19:09:16 UTC 
Fixed in r735035 along with other APIC-related bugs.