From 14eda582eee4484b8a14a8eb8aedf2be548c94ab Mon Sep 17 00:00:00 2001 From: Scott Wheeler <wheeler@kde.org> Date: Thu, 27 Sep 2007 20:52:50 +0000 Subject: [PATCH] Add a few checks to make sure that we don't blow up when trying to read zero-byte values. BUG:150250 git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@717984 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- taglib/ape/apetag.cpp | 2 +- taglib/toolkit/tbytevector.cpp | 8 +++++--- taglib/toolkit/tfile.cpp | 3 +++ 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/taglib/ape/apetag.cpp b/taglib/ape/apetag.cpp index ef3c3cd0..6c5c3b9b 100644 --- a/taglib/ape/apetag.cpp +++ b/taglib/ape/apetag.cpp @@ -216,7 +216,7 @@ void APE::Tag::read() d->file->seek(d->tagOffset); d->footer.setData(d->file->readBlock(Footer::size())); - if(d->footer.tagSize() == 0 || + if(d->footer.tagSize() <= Footer::size() || d->footer.tagSize() > uint(d->file->length())) return; diff --git a/taglib/toolkit/tbytevector.cpp b/taglib/toolkit/tbytevector.cpp index 26dd18cb..488d4773 100644 --- a/taglib/toolkit/tbytevector.cpp +++ b/taglib/toolkit/tbytevector.cpp @@ -321,7 +321,9 @@ ByteVector &ByteVector::setData(const char *data, uint length) detach(); resize(length); - ::memcpy(DATA(d), data, length); + + if(length > 0) + ::memcpy(DATA(d), data, length); return *this; } @@ -334,12 +336,12 @@ ByteVector &ByteVector::setData(const char *data) char *ByteVector::data() { detach(); - return DATA(d); + return size() > 0 ? DATA(d) : 0; } const char *ByteVector::data() const { - return DATA(d); + return size() > 0 ? DATA(d) : 0; } ByteVector ByteVector::mid(uint index, uint length) const diff --git a/taglib/toolkit/tfile.cpp b/taglib/toolkit/tfile.cpp index 2fa76077..a058763e 100644 --- a/taglib/toolkit/tfile.cpp +++ b/taglib/toolkit/tfile.cpp @@ -108,6 +108,9 @@ ByteVector File::readBlock(ulong length) return ByteVector::null; } + if(length == 0) + return ByteVector::null; + if(length > FilePrivate::bufferSize && length > ulong(File::length())) {