mirror of
https://github.com/cookiengineer/audacity
synced 2025-11-04 16:14:00 +01:00
54 lines
1.6 KiB
Diff
54 lines
1.6 KiB
Diff
From 41da64d9270b2fa10c93ce74dea014fe8f0bd303 Mon Sep 17 00:00:00 2001
|
|
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
|
Date: Sat, 5 Nov 2011 09:49:14 +1100
|
|
Subject: [PATCH] src/id3.c : Fix a stack overflow when parsing a file with multiple ID3 headers.
|
|
|
|
---
|
|
ChangeLog | 8 ++++++++
|
|
src/id3.c | 11 ++++++++---
|
|
2 files changed, 16 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/ChangeLog b/ChangeLog
|
|
index 380aa4c..3fe35fc 100644
|
|
--- a/ChangeLog
|
|
+++ b/ChangeLog
|
|
@@ -1,3 +1,11 @@
|
|
+2011-11-05 Erik de Castro Lopo <erikd AT mega-nerd DOT com>
|
|
+
|
|
+ * src/id3.c
|
|
+ Fix a stack overflow that can occur when parsing a file with multiple
|
|
+ ID3 headers which would cause libsndfile to go into an infinite recursion
|
|
+ until it blew the stack. Thanks to Anders Svensson for supplying an example
|
|
+ file.
|
|
+
|
|
2011-10-30 Erik de Castro Lopo <erikd AT mega-nerd DOT com>
|
|
|
|
* src/double64.c src/float32.c src/common.h
|
|
diff --git a/src/id3.c b/src/id3.c
|
|
index a1a189e..2fd0a0b 100644
|
|
--- a/src/id3.c
|
|
+++ b/src/id3.c
|
|
@@ -40,11 +40,16 @@ id3_skip (SF_PRIVATE * psf)
|
|
offset = (offset << 7) | (buf [8] & 0x7f) ;
|
|
offset = (offset << 7) | (buf [9] & 0x7f) ;
|
|
|
|
- psf_binheader_readf (psf, "j", make_size_t (offset)) ;
|
|
-
|
|
psf_log_printf (psf, "ID3 length : %d\n--------------------\n", offset) ;
|
|
|
|
- psf->fileoffset = 10 + offset ;
|
|
+ /* Never want to jump backwards in a file. */
|
|
+ if (offset < 0)
|
|
+ return 0 ;
|
|
+
|
|
+ /* Calculate new file offset and position ourselves there. */
|
|
+ psf->fileoffset += offset + 10 ;
|
|
+ psf_binheader_readf (psf, "p", psf->fileoffset) ;
|
|
+
|
|
return 1 ;
|
|
} ;
|
|
|
|
--
|
|
1.7.4.1
|
|
|