[Pkg-mpd-maintainers] Bug#953110: libmpdclient2: broken request when size exceeds 4096 bytes

Damyan Ivanov dmn at debian.org
Wed Mar 4 17:23:24 GMT 2020 

Package: libmpdclient2
Version: 2.16-1
Severity: normal
Tags: upstream

Control: found -1 2.18-1

Reproducer:

Uses mpc to send a 'find' request, containing an invalid search expression. The 
expected result is an error message about the invalid search expression.

working:

 $ strace -s 40 -e trace=sendto,recvfrom mpc find '('$(for i in $(seq 1 4086); do echo -n "+"; done)')'
 recvfrom(3, "OK MPD 0.21.4\n", 4096, MSG_DONTWAIT, NULL, NULL) = 14
 sendto(3, "find \"(+++++++++++++++++++++++++++++++++"..., 4096, MSG_DONTWAIT, NULL, 0) = 4096
 recvfrom(3, "ACK [2 at 0] {find} Word expected\n", 4096, MSG_DONTWAIT, NULL, NULL) = 31
 mpd error: Word expected
 +++ exited with 1 +++

Note the request size on line 3: 4096 bytes.

broken:

The only difference is one more '+' in the expression, which would result in a 
request of 4097 bytes.

 $ strace -s 40 -e trace=sendto,recvfrom mpc find '('$(for i in $(seq 1 4087); do echo -n "+"; done)')'
 recvfrom(3, "OK MPD 0.21.4\n", 4096, MSG_DONTWAIT, NULL, NULL) = 14
 mpd error: Timeout
 +++ exited with 1 +++

Instead of error about the invalid request, a timeout occurs after 30 seconds 
because the request is not really sent (note the missing sendto() call).

Ideally, libmpdclient should support requests of arbitrary size (eventually 
reaching the server limit), but if that is not feasible, at least a proper 
error reporting would be nice.

Thanks for taking care of mpd software in Debian.


Cheers,
    dam

-- System Information:
Debian Release: 10.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8), LANGUAGE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libmpdclient2 depends on:
ii  libc6  2.29-3

libmpdclient2 recommends no packages.

libmpdclient2 suggests no packages.

-- no debconf information

More information about the Pkg-mpd-maintainers mailing list