Andre Noll [Tue, 8 Mar 2016 23:23:17 +0000 (00:23 +0100)]
i9e: print warning if keyseq can not be mapped.
In i9e_open() we currently ignore errors from rl_generic_bind(), which
is OK, but we should at least let the user know that the binding
won't work. While at it, call rl_bind_keyseq_in_map() instead of
rl_generic_bind() as the former function provides all we need and
is simpler.
Andre Noll [Tue, 8 Mar 2016 23:21:15 +0000 (00:21 +0100)]
i9e: Zero out private pointer on open.
This should not matter at the moment since i9e_open() is only called
once and the i9e_private structure is static, so it's already zeroed
out by the first time the function is called. But since the ie9 API
is supposed to work across multiple open/close cycles, it seems wise
to be conservative here.
Andre Noll [Fri, 1 Apr 2016 23:33:47 +0000 (01:33 +0200)]
Merge branch 'maint'
A couple of overflow bugs and a aslignment issue, all detected by ubsan. Plus
two unrelated old bugs.
* maint:
client: Fix lsatt completer.
playlist: Do not update score if no playlist is open.
Avoid member access within misaligned address for ancillary data buffer.
mood.c: Avoid overflow in update_quadratic_deviation().
mood.c: Avoid integer underflow.
mood.c: Avoid integer overflow.
Andre Noll [Mon, 21 Mar 2016 19:51:08 +0000 (19:51 +0000)]
playlist: Do not update score if no playlist is open.
This bug caused the score of the current audio file to be updated
twice in mood mode since both the mood event handler and playlist
event handler honor afs events and update the score.
We fix the bug by moving the check whether a playlist is open to the
top of the playlist event handler, similar to the check in the mood
event handler of mood.c. If no playlist is open, we now return early
from the playlist event handler, ignoring all afs events.
In recv_cred_buffer(), pass_afd() and dispose_fds() the on-stack
ancillary data buffer is not necessarily aligned. The pointer is
cast to struct cmsghdr *, then dereferenced, resulting in undefined
behaviour due to the lack of alignment.
This patch asks the compiler to align the ancillary data buffers.
Andre Noll [Wed, 16 Mar 2016 21:48:54 +0000 (22:48 +0100)]
mood.c: Avoid overflow in update_quadratic_deviation().
The last multiplication of the expression returned can overflow. This
patch replaces the expression by an equivalent one which avoids to
multiply large numbers.
Andre Noll [Thu, 9 Apr 2015 13:27:16 +0000 (13:27 +0000)]
build: Let man pages depend on git-version.h.
This is necessary to always include the correct version number in
the man pages. For example, if the work tree becomes dirty because
an unrelated file has been modified, the version string changes and
we need to regenerate the man pages.
Andre Noll [Tue, 15 Mar 2016 19:48:12 +0000 (20:48 +0100)]
mood.c: Avoid integer underflow.
The three variables x, s, n are all of unsigned type, and the
subtraction x - s / n may underflow, resulting in a very large positive
value. This should not matter since we square the difference, but on
the other hand, the underflow can easily be avoided. This patch uses
a temporary variable to do so.
Andre Noll [Tue, 15 Mar 2016 19:41:37 +0000 (20:41 +0100)]
mood.c: Avoid integer overflow.
The quadratic deviation qd can be very large, causing the
multiplication n * qd to overflow. The new code avoids the
multiplication at the cost of two calls to int_sqrt() instead of one.
Andre Noll [Mon, 29 Feb 2016 18:26:09 +0000 (19:26 +0100)]
string.c: Alloc space for terminating null wide character.
Should not matter since we already know the number of wide characters
and never look past the allocated buffer. But let's be conservative
here and allocate space for the terminating null wide character.
Andre Noll [Sat, 2 Jan 2016 17:41:37 +0000 (17:41 +0000)]
client: Add completer for version command.
This command gained the -v flag but the commit that introduced it
last year (26dc18b2, Unify version command handlers) missed to provide
the corresponding completer for para_client.
Andre Noll [Sun, 7 Feb 2016 16:33:15 +0000 (17:33 +0100)]
attribute: Avoid shifting 32 bit integers.
Doing "1UL << i" is wrong here, because the constant "1UL" is 32 bit
on 32 bit systems and we definitely need 64 bit quantities for the
attribute mask.
Andre Noll [Sat, 20 Jun 2015 21:32:13 +0000 (23:32 +0200)]
spxdec: Check frame sizes.
We pass a buffer of fixed size MAX_FRAME_SIZE (defined to 2000)
to the speex decoder. This sanity check makes sure we never overrun
the buffer. Although this adds one function call per output frame,
the overhead is in the noise.
Andre Noll [Tue, 6 Oct 2015 02:32:31 +0000 (02:32 +0000)]
Constify struct filter access and introduce filter_get().
This modifies all users of the filter API to not access the filter
array directly. Instead all callers now obtain a const pointer to
the filter structure through the new filter_get() accessor function.
However, the filter array can not be made constant yet because the
->init methods modify the filter structure. This requires some casts
in filter_common.c unfortunately.
Andre Noll [Wed, 30 Sep 2015 01:09:24 +0000 (01:09 +0000)]
Fix documentation of check_receiver_arg().
Receiver name and options are NOT separated by a colon. Also, all three
receivers (http, udp, dccp) are always supported, so it's pointless
to talk about supported paraslash receivers. This patch simplifies
the comment accordingly.
Andre Noll [Wed, 9 Sep 2015 18:30:24 +0000 (20:30 +0200)]
afh_recv: Improve documentation of --begin-chunk.
The help text referred to --info, which was removed four years ago
in commit 06f33ca1. This patch also inlucdes a couple of minor other
improvements to the same paragraph.
Andre Noll [Sat, 4 Oct 2014 23:52:50 +0000 (23:52 +0000)]
afh: Make ->chunks_total and ->seconds_total fixed-size.
These members of struct afh_info are stored as 4-byte quantities in
the serialized afhi blob created by save_afhi(), so the structure
should declare them as uint32_t rather than unsigned long.
Fortunately, this bug is benign since save_afhi() uses the write_u32()
helper from portable_io.h which does the right thing, regardless of
the type of the variable passed.
Andre Noll [Sat, 5 Sep 2015 19:49:16 +0000 (21:49 +0200)]
aft.c: Prefer localtime() over localtime_r().
While localtime(3) is required to behave as though tzset(3) was
called, localtime_r(3) does not have this requirement, and portable
code should thus call tzset(3) before localtime_r(3). This is not
the case for get_local_time() of aft.c.
As we are single-threaded here, we don't need the thread-safe version,
so it is easiest to switch to localtime(3).
Andre Noll [Mon, 28 Sep 2015 17:43:39 +0000 (17:43 +0000)]
Avoid duplication of sender subcommands.
The list of sender subcommands (add, delete, allow, deny, on, off)
is defined as an enumeration in send.h. This list is duplicated in
check_sender_args() of command.c which contains the six subcommands
as C-strings to be matched against the first word of the sender
command line.
For the code to work properly it is essential that the two subcommand
lists are identical, which is a bad design that is quite error
prone. Fortunately it is easy to avoid the duplication with a little
preprocessor fu.
Since the subcommands are spelled in lower case and there is no
toupper function in CPP, we need to change the subcommand part of the
enumeration constants to lower case. The bulk of the patch consists
in trivial changes of all the users of these constants.
Andre Noll [Sun, 4 Oct 2015 20:25:06 +0000 (20:25 +0000)]
build: Fix audiod_command.c dependency.
The effect of these typos is that the dependencies are effectively
ignored. That is, changes to audiod_command.c do not cause a rebuild
of the command_list files.
Andre Noll [Sat, 3 Oct 2015 22:48:38 +0000 (22:48 +0000)]
play: Handle empty arguments to --key-map gracefully.
Executing para_play with an empty argument to --key-map results in
a read which starts one byte past the allocated buffer:
==24163== Invalid read of size 1
==24163== at 0x402A1DA: index (mc_replace_strmem.c:223)
==24163== by 0x804DA22: main (play.c:187)
==24163== Address 0x498e331 is 0 bytes after a block of size 1 alloc'd
This patch fixes the issue by rejecting empty arguments as invalid.
Andre Noll [Sat, 3 Oct 2015 17:51:38 +0000 (17:51 +0000)]
i9e: Avoid key binding macros.
The key binding code of interactive.c is quite an ugly hack which is
marked with a FIXME comment since forever. We bind each key sequence
given in the ->bound_keyseqs array of struct i9e_client_info to a
key code which is then mapped to a command handler provoded by the
application. The bindings started at key 64 with an arbitrary limit
of 32 possible mappings.
Besides being ugly, the problem with this mapping scheme is that
upper case keys are also in this range and are hence also mapped to
the specified commands.
This commit takes another approach. We now bind key sequences to a
function instead of a macro, passing ISFUNC as the first parameter to
libreadline's rl_generic_bind(). All key sequences are bound to the
same function, dispatch_key(), which calls the application-defined
key handler.
This is still not optimal because we need to look up the key sequence
again in dispatch_key(). But since this is not a fast path anyway,
it should be OK.
* refs/heads/t/command_handler_cleanups: (39 commits)
com_addatt(): Return negative on errors
com_rm(): In force mode, don't complain if no paths matched.
aft: Unify handling of hash and path duplicates.
afs: Provide pbout para_buffer for each callback.
afs: Make afs callbacks more flexible.
afs: Rename callback_function to afs_callback.
com_check(): Add attribute checking.
Let afs_event() return int.
playlist_check_callback(): Return negative on errors
mood_check_callback(): Return negative on errors
com_mvblob(): Return negative on errors
com_addblob(): Return negative on errors
com_rmblob(): Return negative on errors, cleanup
com_catblob(): Return negative on errors
com_lsblob(): Return negative on errors
rmatt: Cleanup callback.
com_rmatt(): Return negative on errors
com_mvatt(): Return negative on errors
com_lsatt(): Return negative on errors
com_init(): Return negative on errors
...
Andre Noll [Sat, 17 Oct 2015 14:47:01 +0000 (16:47 +0200)]
build: Fix m4 dependencies for BSD m4.
FreeBSD and NetBSD ship an m4 version which does not understand
the --debug=i option which we use to generate the .m4d dependency
files. This results in empty dependency files on those systems.
This was broken since m4 dependencies were introduced two years ago
in commit e249d105 (Generate ggo dependencies automatically). The
bug went unnoticed for so long because the problematic m4 command
is the first command of a pipeline (hence the exit code is lost),
and because the command redirects stderr, so the error message is
not printed to the terminal.
This commit fixes the bug by using the (portable) -s option of
m4 rather than --debug. The -s option outputs line synchronization
directives which include the file name, so it is equally well suited
for generating the dependency files.
Andre Noll [Tue, 9 Jun 2015 17:42:31 +0000 (19:42 +0200)]
web: Clear DOT_FONTNAME in Doxyfile.
Doxygen-1.8.6. warns about DOT_FONTNAME being set:
Warning: doxygen no longer ships with the FreeSans font.
You may want to clear or change DOT_FONTNAME.
Otherwise you run the risk that the wrong font is being used for dot generated graphs.
The warning is harmless because the DOT_FONTNAME option has no effect
in our setup because HAVE_DOT is set to "NO". Setting DOT_FONTNAME
to the empty string, as recommended in the explanatory text after
the warning, silences the warning.
Andre Noll [Tue, 9 Jun 2015 17:23:13 +0000 (19:23 +0200)]
web: Update Doxyfile to doxygen-1.8.6.
The system on which the public web pages are generated is now running
on Ubuntu-14.04 which ships doxygen-1.8.6. This version prints a
couple of warnings about obsolete tags in Doxyfile:
Warning: Tag `SYMBOL_CACHE_SIZE' at line 289 of file - has become obsolete.
To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
Warning: Tag `SHOW_DIRECTORIES' at line 483 of file - has become obsolete.
To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
Warning: Tag `HTML_ALIGN_MEMBERS' at line 820 of file - has become obsolete.
To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
Warning: Tag `USE_INLINE_TREES' at line 989 of file - has become obsolete.
To avoid this warning please remove this line from your configuration file or upgrade it using "doxygen -u"
This patch is the result of running doxygen -u. With the patch applied,
the above warnings go away.
There is no need to be backwards compatible here because the web pages
are not created during a normal build.
Andre Noll [Wed, 12 Aug 2015 17:24:50 +0000 (19:24 +0200)]
error.h: Never call (para_)strerror() on osl errors.
In the (inlined) function para_strerror() of error.h we compile in
the call to osl_strerror() if and only if osl.h has been included
(in which case the preprocessor macro _OSL_H is defined). This is
wrong because an osl error code might well be passed to a function
defined in a compilation unit which does not include osl.h. If this
function calls para_strerror(), we will segfault or worse.
We need to check at link time whether osl_strerror is a defined
symbol rather than checking a preprocessor macro at compile time.
Fortunately, a little linker fu helps us out here. This patch
introduces a weak reference to osl_strerror to tell whether
osl_strerror is defined.
Andre Noll [Mon, 10 Aug 2015 18:00:49 +0000 (20:00 +0200)]
Clarify para_strerror().
para_strerror() needs to distinguish three kinds of errors: paraslash
errors, errors from the osl library, and system (libc) errors. This
is achieved through dedicated bits in the error code which are
set for errors from osl and libc function calls. These bits tell
para_strerror() which function to call in order to obtain the text
that corresponds to the error code.
If such a dedicated bit is set, para_strerror() first clears the bit,
then calls the library strerror() function that corresponds to the
bit. The code to clear the bit is
num & ((1 << OSL_ERROR_BIT) - 1))
and similar for libc errors. However, this expression clears *all*
high bits, not only bit number OSL_ERROR_BIT. This is not a problem
since the higher bits are not set under normal circumstances, but it
is better to fix this anyway. The new code is
Andre Noll [Sun, 27 Sep 2015 12:35:05 +0000 (12:35 +0000)]
Merge branch 'refs/heads/t/taggers'
Cooking in next since 2015-04-26.
* refs/heads/t/taggers:
aac: Fix compilation without libmp4v2.
The mp4 tagger.
The mp3 tagger.
The flac tagger.
The ogg/speex tagger.
The ogg/vorbis tagger.
The ogg/opus tagger.
The wma tagger.
This directory was used by a private script, but these days the script
creates its temporary files elsewhere. Hence it is no longer neccessary
to remove the directory in the receipe of the maintainer-clean target.
Andre Noll [Sat, 5 Sep 2015 11:01:18 +0000 (13:01 +0200)]
string.c: Kill E_STRTOLL.
This error code is unnecessary because para_atoi64() returns it only
if strtoll(3) did not perform any conversion and we have already a
more descriptive error code for this case: E_ATOI_NO_DIGITS.
Two new comments to para_atoi64() explain this in detail.
Andre Noll [Thu, 17 Sep 2015 18:07:02 +0000 (20:07 +0200)]
Merge branch 'refs/heads/t/com_ls_compat'
A single commit which adds support for the new syntax for the -l and -s options
of the ls command. These options should now be specified as -l=v rather than
-lv, for example. The old syntax still works, but support will be dropped in
v0.6.0.
Andre Noll [Mon, 14 Sep 2015 18:08:19 +0000 (20:08 +0200)]
build: Include flac afh only if libogg is available.
In configure.ac we have
AC_DEFUN([NEED_FLAC_OBJECTS], [{
test "$HAVE_OGG" = 'yes' -a "$HAVE_FLAC" = 'yes'
}])
In particular, we do not include the flac audio format handler on
systems where libflac is installed but libogg is not. In afh_common.c,
however, we only check for HAVE_FLAC. This results in a build failure
on those systems.
Fix this by modifying the check in afh_common.c to match the check
in configure.ac.
Andre Noll [Sun, 6 Sep 2015 13:05:30 +0000 (15:05 +0200)]
com_add(): Allow paths and afhi to exceed 64K.
The add command has the unnecessary limitation that for each audio
file to be added, the length of the path plus the size of serialized
audio format handler info structure (afhi) must not exceed 64K.
An afhi bigger than that is quite possible, given that it contains
the meta information of the file, for example an ID3v2 tag which can
contain almost unlimited amounts of data. If the 64K limit is exceeded,
all kinds of bad things may happen. So this issue definitely needs
to be addressed.
Specifically, save_add_callback_buffer() must be fixed. In this
function we serialize the data to be passed from the add command
handler to its callback. This includes path, afhi and the chunk table,
which are all variable in size. To cope with variable sizes, the
start of the buffer contains fields in which the offsets are stored
at which afhi and chunk table are located, relative to the start of
the serialized buffer. The problem is that the offset fields are only
16 bit wide, allowing for a maximal size of 64K.
This commit makes the offsets 32 bit wide and reorders them a
bit. Also, the CAB_AUDIO_FORMAT_OFFSET identifier is renamed to
CAB_AUDIO_FORMAT_ID_OFFSET.
Andre Noll [Wed, 1 Apr 2015 00:25:04 +0000 (00:25 +0000)]
server.h: Improve documentation of mmd struct.
This adds a sentence to the description of the structure which explains
how the misc_meta_data structure is used for communication betweeen
the server process and the command handlers. The patch also contains
some minor language improvements.
Andre Noll [Fri, 4 Sep 2015 07:24:12 +0000 (09:24 +0200)]
rmblob: Generate proper BLOB_REMOVE_EVENT.
com_rmblob_callback() of blob.c is responsible for removing blobs from
any of the four blob tables (images, lyrics, moods, playlists). After
a blob has been removed, the function generates an AFS event to tell
the other tables about the removal.
However, the call to afs_event() passes the event identifier
BLOB_RENAME rather than BLOB_REMOVE to the event handlers, which is
clearly incorrect. Fortunately, this does not matter because the only
event handler which cares about blob events is the one in mood.c,
and this handler treats the two events identically. Nevertheless,
it's is a bug that should be fixed.
This bug was introduced eight years ago when event handling was
introduced: commit 02d818d9 (Complete afs event handling).
Andre Noll [Wed, 26 Aug 2015 20:24:02 +0000 (22:24 +0200)]
Introduce new syntax for com_ls().
The ls command is the only command that takes one-letter arguments
which immediately follow the option. For example, -lv activates
verbose listing mode. If we ever want to support short option combining
(like in rm -rf) for paraslash commands, the one-letter arguments are
problematic because, in the above example, -lv can also be interpreted
as -l -v.
This commit encourages a different syntax for the -l and -s options
of the ls command while keeping the one-letter options working
for backwards compatibility. The new official way to enable verbose
listing mode is -l=v. This is analogous to how the "stat" and "touch"
commands expect their arguments.
The ls completer and the documentation are also updated according to
the new syntax.
Andre Noll [Mon, 31 Aug 2015 20:00:17 +0000 (22:00 +0200)]
com_rm(): In force mode, don't complain if no paths matched.
The documentation says that the rm command stays silent and exits
successfully if none of the given patterns matched any path of the
audio file table.
This was true until commit b02b7155 (com_rm(): Return negative on
errors), which effectively made -f a no-op by mistake. Since then
the rm command prints an error message and fails if there is no
match.
Andre Noll [Sat, 29 Aug 2015 13:10:25 +0000 (15:10 +0200)]
setatt: Do not abort if no pattern is given.
It is an error if no pattern is given to the setatt command.
For example,
setatt foo+ bar-
should result in a syntax error because no file name pattern is given.
The code in aft.c contains an assertion to detect this type of error,
but the afs proccess terminates if the condition of the assert
statement is not fulfilled:
Andre Noll [Fri, 28 Aug 2015 20:33:57 +0000 (22:33 +0200)]
lsatt: Fix sort order.
The -i option had the opposite effect of what the documentation
says. That is, lsatt -i sorted the attribute list by name while the
default was to sort by id. This patch reverts the logic in com_lsatt()
to let the implementation match the documentation.
Andre Noll [Sat, 22 Aug 2015 14:21:53 +0000 (16:21 +0200)]
server: Avoid segfault in com_sender().
If exactly one argument is given to the sender command, and this
argument is the name of an existing sender, the sender command
segfaults due to the NULL pointer dereference. The problem is an
off-by-one bug in the check for the number of arguments.
This patch makes sure we never dereference argv[2] if it is NULL.
Andre Noll [Wed, 1 Apr 2015 02:18:29 +0000 (02:18 +0000)]
oggdec: Add documentation of output size constants.
The OGGDEC_MAX_OUTPUT_SIZE and OGGDEC_OUTPUT_CHUNK_SIZE defines in
oggdec_filter.c are undocumented. This commit adds comments for both which
explain the meaning of the two sizes.