Separate read-only metadata accessors from write-path mutators to
prepare for the dual-license split (MIT reader / LGPL writer).
metadata.c retains 20 aaruf_get_* functions: geometry, media sequence,
creator, comments, media title, media/drive manufacturer/model/serial/
barcode/part number, firmware revision, CICM metadata, Aaru JSON
metadata, user/negative/overflow sectors, and image info.
metadata_write.c receives 28 functions: 15 aaruf_set_* (geometry,
media sequence, creator, comments, media title, media/drive
manufacturer/model/serial/barcode/part number, firmware revision,
Aaru JSON metadata) and 13 aaruf_clear_* counterparts.
No shared static helpers between the two files. No behavioral change.
All functions are independent public API — no function pointer or
callback mechanism needed (unlike close.c which required a finalization
hook).
Verified:
- Builds cleanly, zero warnings
- 163/165 tests pass (2 pre-existing failures)
- metadata.o exports no set_/clear_ symbols
Separate writer finalization from resource cleanup in close.c to
enable a future reader-only library target (aaruformatread).
close_write.c contains all write_* helpers and aaruf_finalize_write().
close.c retains aaruf_close() with cleanup only, dispatching writer
finalization via a function pointer set by aaruf_create()/aaruf_open().
Zero behavioral change — same tests pass, same error semantics.
7 tests across two files covering three upstreamed Mode 2 bug fixes:
mode2_nocrc.cpp — fix/mode2-form2-nocrc-edc regression:
- NoCrcEdcBytesAreZero: Form 2 sectors with zero EDC read back with
bytes 2348..2351 zeroed (not uninitialized). Uses poisoned buffer
(0xCC fill) to detect missing memset.
- ValidEdcSurvivesRoundtrip: sanity check that valid-EDC sectors are
not treated as NoCrc.
- MixedNoCrcAndValidEdcPerSector: alternating NoCrc/Ok sectors verify
per-sector DDT suffix status tracking.
mode2_errored.cpp — fix/mode2-errored-suffix-read and
fix/mode2-form-detection-read regressions:
- ErroredForm2SuffixRestored: wrong EDC (0xDEADBEEF) survives roundtrip
through the 4-byte suffix buffer for Form 2 errored sectors.
- ErroredForm1SuffixRestored: full 280-byte suffix (EDC+ECC) survives
roundtrip for Form 1 errored sectors.
- MixedErroredForm1AndForm2: alternating forms in one track, verifying
the DDT correctly dispatches per-sector.
- DisagreeingSubheaderUsesForm2: subheader copy 1 says Form 1, copy 2
says Form 2 — verifies OR logic picks Form 2 and all 2324 bytes of
user data are intact (old bug corrupted bytes 2072+).
All tests use programmatic fixtures via aaruf_create/write_sector_long
with crafted 2352-byte sectors — no external data files needed.
V1 images stored cmpCrc64 over the full LZMA payload including the
5-byte properties prefix, but verify.c unconditionally skipped the
prefix before computing the CRC. This caused aaruf_verify_image() to
report AARUF_ERROR_INVALID_BLOCK_CRC on every valid v1 image.
The fix makes the LZMA properties skip conditional on v2+ images:
- V1: CRC computed over full cmpLength (properties included), then byte-swapped
- V2+: CRC computed over cmpLength minus 5 (properties excluded), no byte-swap
Applies to DataBlock, DeDuplicationTable (v1), and DeDuplicationTable2.
Verified against fixtures created by Aaru 5.3 (v1) and aaruformattool (v2).
Tests added (14 total, VerifyImageFixture suite):
- Happy path: floptical/mf2hd/cdmode1 for both v1 and v2 (6 tests)
- Invalid context: NULL and garbage (2 tests)
- Corruption detection: data block v1/v2, TracksBlock (3 tests)
- Index corruption: invalid offset, bad signature (2 tests)
- Programmatic round-trip: create + write + close + verify (1 test)
Regression tests for the error handling improvements in
fix/flac-error-handling (PR #23). The fix changed decode/encode to
return 0 instead of (size_t)-1 on failure, added NULL allocation
checks, and fixed a decoder memory leak on init failure.
Tests added (flacErrors suite):
- decode_garbage_returns_zero: random non-FLAC data
- decode_truncated_flac_returns_zero: valid magic, truncated stream
- decode_empty_input_returns_zero: NULL source buffer
- decode_zero_length_returns_zero: non-NULL but zero-length source
- encode_zero_length_no_crash: NULL source, verifies no crash/leak
- encode_garbage_roundtrip_fails_cleanly: non-PCM encode + decode
- decode_dst_too_small_returns_zero: undersized output buffer
All tests are self-contained (no fixture files needed) and pass
under AddressSanitizer.
