From 5ebb2ece80387e60abca5bec0dc65f02391ee5f9 Mon Sep 17 00:00:00 2001 From: Tsuda Kageyu Date: Thu, 1 Jan 2015 19:54:17 +0900 Subject: [PATCH] Fix a segfault when reading faulty Ogg/FLAC files. --- taglib/ogg/flac/oggflacfile.cpp | 9 +++++++-- tests/data/segfault.oga | Bin 0 -> 120 bytes tests/test_oggflac.cpp | 7 +++++++ 3 files changed, 14 insertions(+), 2 deletions(-) create mode 100644 tests/data/segfault.oga diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp index bdf82459..0c1d61b6 100644 --- a/taglib/ogg/flac/oggflacfile.cpp +++ b/taglib/ogg/flac/oggflacfile.cpp @@ -103,7 +103,7 @@ PropertyMap Ogg::FLAC::File::properties() const PropertyMap Ogg::FLAC::File::setProperties(const PropertyMap &properties) { return d->comment->setProperties(properties); -} +} Properties *Ogg::FLAC::File::audioProperties() const { @@ -233,7 +233,12 @@ void Ogg::FLAC::File::scan() } - header = metadataHeader.mid(0,4); + header = metadataHeader.mid(0, 4); + if(header.size() < 4) { + debug("Ogg::FLAC::File::scan() -- Invalid Ogg/FLAC metadata header"); + return; + } + // Header format (from spec): // <1> Last-metadata-block flag // <7> BLOCK_TYPE diff --git a/tests/data/segfault.oga b/tests/data/segfault.oga new file mode 100644 index 0000000000000000000000000000000000000000..e23c21706e2f87776b3b210be638f431e416c00e GIT binary patch literal 120 zcmeZIPY-5bVt|6`<8dhhK(-;${T;af=&?wZf>p|rsRR^Hyd>{Y-^*$$~ literal 0 HcmV?d00001 diff --git a/tests/test_oggflac.cpp b/tests/test_oggflac.cpp index 1cdb24b0..975af44e 100644 --- a/tests/test_oggflac.cpp +++ b/tests/test_oggflac.cpp @@ -15,6 +15,7 @@ class TestOggFLAC : public CppUnit::TestFixture { CPPUNIT_TEST_SUITE(TestOggFLAC); CPPUNIT_TEST(testFramingBit); + CPPUNIT_TEST(testFuzzedFile); CPPUNIT_TEST_SUITE_END(); public: @@ -39,6 +40,12 @@ public: delete f; } + void testFuzzedFile() + { + Ogg::FLAC::File f(TEST_FILE_PATH_C("segfault.oga")); + CPPUNIT_ASSERT(!f.isValid()); + } + }; CPPUNIT_TEST_SUITE_REGISTRATION(TestOggFLAC);