mirror/taglib
1
0
Fork 0
mirror of https://github.com/taglib/taglib.git synced 2026-02-14 20:23:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

Check for EOF to fix an infinite loop while parsing fuzzed MPC files.

Browse Source
This commit is contained in:
Tsuda Kageyu
2015-01-08 12:28:20 +09:00
parent 2193d6dd84
commit 65664e6855
3 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
taglib/mpc/mpcproperties.cpp
View File

@ -197,10 +197,15 @@ void MPC::Properties::readSV8(File *file)
unsigned long packetSize = readSize(file, packetSizeLength);
unsigned long dataSize = packetSize - 2 - packetSizeLength;
const ByteVector data = file->readBlock(dataSize);
if(data.size() != dataSize) {
debug("MPC::Properties::readSV8() - dataSize doesn't match the actual data size.");
break;
}
if(packetType == "SH") {
// Stream Header
// http://trac.musepack.net/wiki/SV8Specification#StreamHeaderPacket
ByteVector data = file->readBlock(dataSize);
readSH = true;
TagLib::uint pos = 4;
@ -225,7 +230,6 @@ void MPC::Properties::readSV8(File *file)
else if (packetType == "RG") {
// Replay Gain
// http://trac.musepack.net/wiki/SV8Specification#ReplaygainPacket
ByteVector data = file->readBlock(dataSize);
readRG = true;
int replayGainVersion = data[0];