Andre Noll [Mon, 21 Feb 2022 14:52:42 +0000 (15:52 +0100)]
Merge branch 'refs/heads/t/sha256'
A couple of changes which start to eliminate the use of sha1 in favor
of sha256. This series is only the first step, though, as we need to
keep sha1 for the time being to provide backward compatibility.
Cooking for four months.
* refs/heads/t/sha256:
manual: Avoid sha1.
upgrade_db: Add copyright and purpose to upgrade_db.c.
web: Add link to the para_upgrade_db(1) man page.
afs: Switch to sha256 and change default database path.
Add para_upgrade_db.
Use sha256 for the challenge response.
Introduce hash2 (sha256).
Assume sideband and aes_ctr128 are always supported/requested.
Andre Noll [Thu, 25 Nov 2021 19:25:43 +0000 (20:25 +0100)]
audiod: Avoid delay in status transition from standby to on.
In close_receiver() we invalidate the current audio format value
to prevent the receiver from re-starting too quickly. See commit 2d61a8005c74 (audiod: Invalidate current audio format on close)
from seven years ago for details.
This invalidation happens in particular when the receiver is closed
because audiod was told to enter standby mode. If audiod is switched
back on shortly thereafter, no receiver can't be started because we
forgot the current audio format and must wait up to one minute until
the next status item dump arrives from the server which re-initializes
the current audio format value.
Fix this flaw by only invalidating the current audio format when
audiod operates in "on" mode.
Andre Noll [Sat, 4 Dec 2021 16:41:34 +0000 (17:41 +0100)]
manual: Avoid sha1.
The section on client-server authentication is no longer accurate
because it depends on the version of client and server whether sha1
or sha256 is used for authentication. Since the hash function is an
implementation detail which should not be mentioned in the manual,
let's avoid the term and talk about cryptographic hash functions
instead.
Andre Noll [Mon, 15 Nov 2021 18:31:41 +0000 (19:31 +0100)]
Merge branch 'refs/heads/t/list-cleanups'
A bunch of simple patches which streamline the macros and inline
functions of list.h which were taken from linux long ago without
adjusting the coding style.
Cooking for three months.
* refs/heads/t/list-cleanups:
list.h: Convert INIT_LIST_HEAD macro to inline function.
list.h: Fix parameter doc of iterators.
list.h: Move list_is_singular() up.
list.h: Rename argument of list_move().
list.h: Don't use "new" as an variable name.
list.h: Open-code LIST_POISON1 and LIST_POISON2.
list.h: Get rid of internal helpers.
list.h: Trivial cleanups.
list.h: Remove unused list_for_each_entry_safe_reverse.
Andre Noll [Thu, 4 Nov 2021 16:15:26 +0000 (17:15 +0100)]
paraslash 0.6.4
Another v0.6 release to mark the destination of the maint branch
which will now be fast-forwarded to this commit. Subsequent merges
of topic branches into master will incorporate incompatible changes,
so from now on the master branch should be regarded as pre-0.7.
Andre Noll [Thu, 4 Nov 2021 15:56:56 +0000 (16:56 +0100)]
paraslash 0.5.9
A final v0.5-release to record the tip of the maint branch when
paraslash-0.5 became EOL. Shortly after this commit the 0.6.4 release
will be drawn from master, and maint will be fast-forwarded to point
to the v0.6.4 commit.
Andre Noll [Tue, 26 Oct 2021 18:19:58 +0000 (20:19 +0200)]
string: Remove malloc attribute from para_realloc().
Quoting from the corresponding section of the gcc-10 manual:
This tells the compiler that a function is 'malloc'-like, i.e.,
that the pointer P returned by the function cannot alias any other
pointer valid when the function returns, and moreover no pointers to
valid objects occur in any storage addressed by P.
Using this attribute can improve optimization. Compiler predicts
that a function with the attribute returns non-null in most cases.
Functions like 'malloc' and 'calloc' have this property because they
return a pointer to uninitialized or zeroed-out storage. However,
functions like 'realloc' do not have this property, as they can return
a pointer to storage containing pointers.
Found by code inspection, the unpached code never caused problems.
Also, the function definition in string.c does not contain the
attribute.
Andre Noll [Sun, 5 Sep 2021 18:16:59 +0000 (20:16 +0200)]
Teach writers to abort gracefully on early EOF.
For very short streams it may happen that the receiver and decoder
unregister themselves from the buffer tree before the writer had a
chance to query the information from the decoder which it needs to
open the audio device. This leads to errors such as
Aug 25 14:24:51 schubert (5) get_btr_value: cmd sample_rate: Operation not supported
Aug 25 14:24:51 schubert (5) get_btr_value: cmd channels: Operation not supported
Aug 25 14:24:51 schubert (5) get_btr_value: cmd sample_format: Operation not supported
Aug 25 14:24:51 schubert (4) alsa_init: channels count not available: Invalid argument
This may happen with all receivers, audio formats and writers,
although it is most common with ogg streams.
This commit changes get_btr_sample_rate() and friends to return a
standard error code rather than assuming success. The alsa, ao and
oss writers are patched to check the return value and fail gracefully
if one of these functions fails.
Andre Noll [Fri, 13 Mar 2020 18:44:00 +0000 (19:44 +0100)]
afs: Switch to sha256 and change default database path.
This switches the hash column of the audio file table to use sha256
rather than sha1. Due to the preparations implemented in the previous
patches this is a mechanical conversion that could have been performed
by a script.
The only non-trivial thing is the rename of the audio file table
directory, which changes from "audio_files" to "audio-files" because
this is the name the conversion script introduced in the previous
commit picked.
Andre Noll [Fri, 6 Mar 2020 13:26:39 +0000 (14:26 +0100)]
Add para_upgrade_db.
This new executable is required to convert existing paraslash databases
to the new format. Only the layout of the audio file table changes
due to the switch from sha1 to sha256. The command creates and opens
a new audio file table and copies over each row, using an arbitrary
(incorrect) hash value for the values in hash column of the destination
table.
After all rows have been copied in this way, the old table is deleted
and the database directory is renamed from afs-database-0.4 to
afs-database-0.7, which will be the default path in paraslash-0.7.
Subsequent patches will modify para_server to load the database
from the new path and use sha256 instead of sha1 for the hash that
identifies the audio file. The user must then start the thusly patched
para_server and force-add all audio files to correct the hashes. This
approach keeps para_upgrade_db minimal and shortens its running time.
Andre Noll [Thu, 12 Mar 2020 22:13:17 +0000 (23:13 +0100)]
Use sha256 for the challenge response.
sha1 is broken and should no longer be used. This commit introduces
the new server feature "sha256". It is announced during the handshake
with the client. The client code is patched to detect whether the
server supports the feature and uses sha256 if it does.
This change is backwards compatible. That is, old clients can still
connect to a new server (using sha1). Also new clients can connect
to an old server (and also use sha1 in this case).
Andre Noll [Thu, 12 Mar 2020 15:06:12 +0000 (16:06 +0100)]
Introduce hash2 (sha256).
This adds a second hash function which will replace sha1. Both openssl
and libgcrypt support sha256, so it is easy to do. There are no users
of the new functions so far, so this patch has no effect yet.
Andre Noll [Thu, 12 Mar 2020 21:08:16 +0000 (22:08 +0100)]
Assume sideband and aes_ctr128 are always supported/requested.
Sideband connections and the AES-based stream cipher have become
mandatory in paraslash-0.6.
The server no longer needs to annouce the feature as 0.6.x clients
request it, regardless of whether it was announced or not. It needs
to still accept the option, though.
On the client side, we don't need to request the features any more
as the server just ignores the request.
Andre Noll [Tue, 5 Oct 2021 19:31:06 +0000 (21:31 +0200)]
client_common: Improve documentation of client_{pre,post}_select().
It was outdated and not worded very well. In particular, it referred
to a task pointer although the argument is named "context". Also,
client_open() does not return a "client data structure", so talk
about the effect of that function rather than its return value.
Andre Noll [Sun, 5 Sep 2021 20:38:41 +0000 (22:38 +0200)]
Remove ->fd of struct audio file data.
This structure contains information about the next audio file. It
is stored in a shared memory area, and a reference to this area is
sent through a pipe from the afs process to the server process. The
file descriptor of the next audio file, however, must be passed via
Unix socket magic (SCM_RIGHTS) and thus does not need to be part of
the structure.
Moreover, it's easier to define the afd structure in
open_and_update_audio_file() of aft.c rather than in its caller,
open_next_audio_file() of afs.c, because the caller only needs the
fd of the audio file and the shared memory ID but not the audio file
data structure itself.
Expand the documentation of open_and_update_audio_file() a bit while
at it.
Andre Noll [Sun, 5 Sep 2021 19:36:55 +0000 (21:36 +0200)]
afs: Improve error diagnostics if no admissible files are found.
Currently, the server prints something like the following with
loglevel error:
Sep 05 21:19:42 (4) (31845) open_next_audio_file: key not found in rbtree
Sep 05 21:19:42 (4) (31844) recv_afs_result: afs code: 1, expected: 0
Sep 05 21:19:42 (4) (31844) recv_afs_result: did not receive open fd from afs
This is both cryptic and scary, given that this error is handled by
simply clearing the play bit from the vss status flags.
This commit changes the code to only print one clear log message with
loglevel notice:
Sep 05 21:34:45 (3) (5233) log_statistics: no admissible files
Andre Noll [Tue, 21 Sep 2021 12:09:39 +0000 (14:09 +0200)]
server: Wait for command handler exit also when afs dies.
When para_server is running in foreground mode in a terminal session,
and gets signalled by hitting CTRL+C, it is unspecified whether the
server or the afs process receive the resulting SIGINT first. It may
even happen that the afs process dies first, and that the server sees
the resulting SIGCHLD *before* the SIGINT.
In this case we currently don't wait for the command handlers to exit
but proceed right away with the shutdown, closing the signal pipe and
destroying the shared memory area which contains the mmd structure.
This leads to error messages on shutdown such as
This commit avoids the issue by letting the server wait for all
its children also in the SIGCHILD case when we exit because the afs
process has terminated.
Andre Noll [Mon, 20 Sep 2021 18:42:37 +0000 (20:42 +0200)]
vss: Avoid double free on exit.
When para_server fails to receive the fd for the next audio file,
the memory pointed to by mmd->afd.afhi.chunk_table is freed but the
pointer is not set to NULL. If the failure was due to server and afs
receiving SIGINT, the subsequent signal handling code might attempt
to free the chunk table again. This double free error is detected by
glibc, which results resulting in messages such as
Andre Noll [Mon, 20 Sep 2021 17:15:12 +0000 (19:15 +0200)]
vss: Handle empty chunk groups gracefully.
The assertion in compute_group_size() triggers if the stream is
positioned right at the end of the file when the next chunk group
starts. This was observed with an mp3 file and the udp sender when
pausing and restarting the stream at the end of the file.
Fix this braino by returning EOF instead of aborting if the next
chunk group happens to be empty.
Andre Noll [Mon, 20 Sep 2021 18:28:42 +0000 (20:28 +0200)]
upd sender: Don't send FEC EOF from command handler context.
Without this, the EOF packet might be sent twice: once by the command
handler which stopped the stream and once by the server process. This
does not hurt, but results in additional unnecessary network traffic,
so return early from udp_close_target() when we're running in command
handler context.
Andre Noll [Thu, 26 Aug 2021 17:31:25 +0000 (19:31 +0200)]
afh: Avoid memory leak at exit.
We missed to free the lopsub parse result. This is not a real leak
because it's a one-off allocation and we are about to exit anyway. It's
worth to fix nevertheless, though, because with the patch applied,
valgrind says "no leaks are possible". Hence any other output means
we have introduced a new memory leak.
Andre Noll [Fri, 13 Aug 2021 19:47:47 +0000 (21:47 +0200)]
aac_afh: Fix check of return value of mp4ff_meta_update().
This function returns zero on failure, and one on success, so the
current check for a negative return value is incorrect. The call to
mp4ff_meta_get_by_index() suffers from the same mistake.
Andre Noll [Sat, 3 Jul 2021 12:36:43 +0000 (14:36 +0200)]
com_jmp(): Handle negative values gracefully.
Currently these get silently converted to a (large) unsigned number,
which causes para_server to skip to the next audio file. This patch
modifies the command handler to check whether the given value is
within range and fails the command if it is out of range.
Andre Noll [Tue, 20 Aug 2019 07:10:53 +0000 (09:10 +0200)]
Avoid warning about sys/sysctl.h on glibc-2.30.
From glibc-2.30 NEWS:
The Linux-specific <sys/sysctl.h> header and the sysctl function have
been deprecated and will be removed from a future version of glibc.
Compilation against the glibc-2.30 headers results in the following warning:
In file included from ipc.c:10:
/usr/include/sys/sysctl.h:21:2: warning: #warning "The <sys/sysctl.h> header is deprecated and will be removed." [-Wcpp]
On NetBSD and FreeBSD, however, we still need to include the header
to get the declaration of sysctlbyname(3).
This patch changes ipc.c to include sys/sysctl.h only if __FreeBSD__ or
__NetBSD__ is defined. Also remove the pointless check for __APPLE__.
Andre Noll [Mon, 25 Nov 2019 20:22:35 +0000 (21:22 +0100)]
Rework score formula.
Currently the two scales for the num_played and the last_played
components of the score value are computed independently of each
other. There is, however, a natural link between the two scales:
a file with best possible num_played value (zero) and worst possible
last_played value (now) should receive the average score zero.
This patch employs this idea to rescale the two components. See the
new comment to compute_score() for details about the implementation.
Andre Noll [Thu, 6 May 2021 18:29:06 +0000 (20:29 +0200)]
server: Don't crash on blank moods.
We special-case empty mood definitions (because we can't map the
osl object anyway), but we don't check whether the mood definition
contains anything else than whitespace or comments.
Such blank mood definitions result in an empty abstract syntax tree
indicated by ->ast of the mood parser's context structure being
NULL. We happily dereference that pointer in mp_eval_row() and die
by the resulting SIGSEGV.
The fix is trivial: simply treat blank moods in the same way as the
dummy mood, i.e. regard each audio file as admissible.
Andre Noll [Wed, 28 Apr 2021 11:17:03 +0000 (13:17 +0200)]
aft: Silence format-overflow warning with gcc-10.
aft.c: In function 'print_list_item':
aft.c:736:17: warning: '%*u' directive writing between 1 and 65529 bytes into a region of size 30 [-Wformat-overflow=]
736 | sprintf(buf, "%*u:%02u:%02d", max_width - 6, hours, mins,
| ^~~
aft.c:736:16: note: directive argument in the range [1, 4294967295]
736 | sprintf(buf, "%*u:%02u:%02d", max_width - 6, hours, mins,
| ^~~~~~~~~~~~~~~
aft.c:736:16: note: directive argument in the range [-59, 59]
aft.c:736:3: note: 'sprintf' output between 8 and 65545 bytes into a destination of size 30
736 | sprintf(buf, "%*u:%02u:%02d", max_width - 6, hours, mins,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
737 | seconds % 60);
| ~~~~~~~~~~~~~
The code is correct but gcc can't prove it. Silence the warning by
passing the size of the buffer and asserting that it won't overflow
before printing to it.
Andre Noll [Thu, 8 Apr 2021 15:12:02 +0000 (17:12 +0200)]
manual: Fix dead audiocoding.com link.
As pointed out by Sven, audiocoding.com has been out of service and
shut down the website since August of 2020. The library is still
available for download on the sourceforge project page, so link to
that page instead.
Andre Noll [Mon, 5 Apr 2021 18:29:28 +0000 (20:29 +0200)]
prebuffer: Remove buffer tree node on errors.
When the ->post_select method of a filter returns negative, it *must*
remove its buffer tree node as well. The prebuffer missed to do that,
which results in a stale reference to the buffer tree which keeps
the audiod slot busy. When no more slots are free, audiod hangs or
exits with a "no more free slots" message. This patch avoids this.
Andre Noll [Mon, 16 Mar 2020 18:30:55 +0000 (19:30 +0100)]
Remove support for version 1 moods.
Version 2 moods were introduced in v0.6.1 which was released more
than three years ago. Since then the older version 1 moods have
been deprecated. This commit gets rid of them removing quite some
questionable and unmaintained code.
Andre Noll [Thu, 7 Jan 2021 23:55:13 +0000 (00:55 +0100)]
alsa_write: Avoid hung tasks.
Without this fix the alsa writer may never shutdown, occupying a
slot of audiod. The hang was observed with in conjunction to the
udp receiver and the prebuffer filter. See also the recent commit 23913cbbfc98.
Andre Noll [Fri, 16 Oct 2020 13:49:47 +0000 (15:49 +0200)]
aft: Avoid NULL pointer dereference.
osl_get_object() must not be called with a NULL row pointer. Currently
this may happen on blob events. This patch avoids the problem and
makes sure we catch this programming error early.
Andre Noll [Fri, 1 Jan 2021 15:05:56 +0000 (16:05 +0100)]
prebuffer: Bail out on bufffer tree errors.
Without this, the prebuffer filter might stay active forever, occupying
a slot of para_audiod until no more slots are available. This was
observed with the udp receiver.
Andre Noll [Mon, 1 Jun 2020 17:28:01 +0000 (19:28 +0200)]
Replace /* fallthrouth*/ by __attribute__ ((fallthrough));
Some (recent) gcc versions still complain because the switch case
falls through. The new code causes a warning on old compilers which
don't know the fallthrough attribute, but this is still better than
seeing the warning on systems with a recent compiler.
Andre Noll [Fri, 29 May 2020 23:22:49 +0000 (01:22 +0200)]
aft: Avoid invalid read.
A short chunk table is fatal for all audio formats except aac,
which employs dynamic chunks. The below valgrind spat was found when
para_server tried to open an aac audio file. Setting afhi->chunk_table
to NULL in this case should fix it.
==17667== Invalid read of size 4
==17667== at 0x805A862: write_u32 (portable_io.h:95)
==17667== by 0x805A862: save_chunk_table (aft.c:402)
==17667== by 0x805A862: save_chunk_table (aft.c:395)
==17667== by 0x805DDE6: save_afd (aft.c:616)
==17667== by 0x805DDE6: open_and_update_audio_file (aft.c:1113)
==17667== by 0x8058AA2: open_next_audio_file (afs.c:425)
==17667== by 0x8058AA2: execute_server_command (afs.c:867)
==17667== by 0x8058AA2: command_post_select.part.0 (afs.c:921)
==17667== by 0x8063062: call_post_select (sched.c:80)
==17667== by 0x8063062: sched_post_select (sched.c:106)
==17667== by 0x8063062: schedule (sched.c:159)
==17667== by 0x8059643: afs_init (afs.c:1006)
==17667== by 0x804D747: init_afs (server.c:529)
==17667== by 0x804D747: server_init (server.c:601)
==17667== by 0x804D747: main (server.c:690)
==17667== Address 0x4d7dcd0 is 0 bytes after a block of size 40 alloc'd
==17667== at 0x40365E2: malloc (vg_replace_malloc.c:309)
==17667== by 0x8053AB6: para_malloc (string.c:63)
==17667== by 0x805B20D: load_chunk_table (aft.c:415)
==17667== by 0x805DD65: open_and_update_audio_file (aft.c:1103)
==17667== by 0x8058AA2: open_next_audio_file (afs.c:425)
==17667== by 0x8058AA2: execute_server_command (afs.c:867)
==17667== by 0x8058AA2: command_post_select.part.0 (afs.c:921)
==17667== by 0x8063062: call_post_select (sched.c:80)
==17667== by 0x8063062: sched_post_select (sched.c:106)
==17667== by 0x8063062: schedule (sched.c:159)
==17667== by 0x8059643: afs_init (afs.c:1006)
==17667== by 0x804D747: init_afs (server.c:529)
==17667== by 0x804D747: server_init (server.c:601)
==17667== by 0x804D747: main (server.c:690)
Andre Noll [Mon, 16 Mar 2020 17:44:07 +0000 (18:44 +0100)]
mp: Always set mp_context to NULL on errors.
In mp_init(), if mp_yyparse() fails, we return early without setting
the result pointer to NULL. This does not matter much because both
callers of mood.c pass in NULL, but still..
Andre Noll [Fri, 12 Jun 2020 01:34:32 +0000 (03:34 +0200)]
vss: Rework fec client setup.
The current fec code assumes that the chunks of the audio file form a
contigous buffer. At least for aac/m4a this is not true, which is
why streaming m4a files over udp never worked well.
This patch should be a big improvement in this regard. We now copy
the chunks to preallocated buffers, which also makes the code easier
to follow because we can get rid of the two extra buffers in struct
fec_client.
Andre Noll [Sat, 6 Jun 2020 16:50:48 +0000 (18:50 +0200)]
gui: Adjust position of num_played value.
If the terminal window is only 80 characters wide, the num_played
value may be adjacent to the bitrate value, with no space between.
This happens only if the num_played value is bigger than 99, and only
with the "colorful blackness" theme.
Andre Noll [Thu, 11 Jun 2020 13:28:49 +0000 (15:28 +0200)]
Avoid audiod hangs when prebuffer filter is active.
This filter misses to honor task notifications. As a result of this
omission, when CTRL+C is pressed while audiod is running in foreground
mode and the prebuffer filter is active, the audiod process hangs.
Andre Noll [Mon, 23 Mar 2020 20:19:14 +0000 (21:19 +0100)]
Merge branch 'refs/heads/t/stale-pointer-fix'
This bug only triggered if the kernel changes the address of the memory
mapping of the audio file table after a file was added, and a subsequent
operation would access the then stale pointer.
Cooking for a week.
* refs/heads/t/stale-pointer-fix:
Don't use strdup() to copy hash.
aft: Avoid stale pointer pointer reference.