From a3e62fb32edc914012bae43b5c25bd1406da3079 Mon Sep 17 00:00:00 2001 From: Scott Wheeler Date: Sun, 31 Oct 2004 20:30:47 +0000 Subject: [PATCH] Do bounds checking before assuming that just because we've been told that there are actually more items that there actually are. BUG:92028 git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@359382 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- ape/ape-tag-format.txt | 4 ++-- ape/apeitem.cpp | 4 +++- ape/apetag.cpp | 14 ++++++++++---- ape/apetag.h | 6 ++++++ 4 files changed, 21 insertions(+), 7 deletions(-) diff --git a/ape/ape-tag-format.txt b/ape/ape-tag-format.txt index 135438e0..21ff1c86 100644 --- a/ape/ape-tag-format.txt +++ b/ape/ape-tag-format.txt @@ -87,7 +87,7 @@ Member of APE Tag 2.0 | | | items excluding the header (for 1.000 | | | | compatibility) | |----------------|---------|------------------------------------------------| -|Item Count | 4 bytes | Number of items in the tag | +| Item Count | 4 bytes | Number of items in the tag | |----------------|---------|------------------------------------------------| | Tag Flags | 4 bytes | Global flags | |----------------|---------|------------------------------------------------| @@ -167,4 +167,4 @@ bitrate demands to avoid unnecessary drop-outs. Sections 5 - 7 haven't yet been converted from: -http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html \ No newline at end of file +http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html diff --git a/ape/apeitem.cpp b/ape/apeitem.cpp index b245cac0..1f8c4ba3 100644 --- a/ape/apeitem.cpp +++ b/ape/apeitem.cpp @@ -126,7 +126,9 @@ bool APE::Item::isEmpty() const void APE::Item::parse(const ByteVector &data) { - if(data.size() < 10) { + // 11 bytes is the minimum size for an APE item + + if(data.size() < 11) { debug("APE::Item::parse() -- no data in item"); return; } diff --git a/ape/apetag.cpp b/ape/apetag.cpp index 9b63b435..49260157 100644 --- a/ape/apetag.cpp +++ b/ape/apetag.cpp @@ -213,7 +213,7 @@ void APE::Tag::read() return; d->file->seek(d->tagOffset + Footer::size() - d->footer.tagSize()); - parse(d->file->readBlock(d->footer.tagSize() - Footer::size()), d->footer.itemCount()); + parse(d->file->readBlock(d->footer.tagSize() - Footer::size())); } } @@ -238,17 +238,23 @@ ByteVector APE::Tag::render() const return d->footer.renderHeader() + data + d->footer.renderFooter(); } -void APE::Tag::parse(const ByteVector &data, uint count) +void APE::Tag::parse(const ByteVector &data, uint) +{ + parse(data); +} + +void APE::Tag::parse(const ByteVector &data) { uint pos = 0; - while(count > 0) { + // 11 bytes is the minimum size for an APE item + + for(uint i = 0; i < d->footer.itemCount() && pos <= data.size() - 11; i++) { APE::Item item; item.parse(data.mid(pos)); d->itemListMap.insert(item.key().upper(), item); pos += item.size(); - count--; } } diff --git a/ape/apetag.h b/ape/apetag.h index 37f43338..d715e64d 100644 --- a/ape/apetag.h +++ b/ape/apetag.h @@ -142,9 +142,15 @@ namespace TagLib { void read(); /*! * Parses the body of the tag in \a data with \a count items. + * \deprecated Please use the version that doesn't require an item count. */ void parse(const ByteVector &data, uint count); + /*! + * Parses the body of the tag in \a data. + */ + void parse(const ByteVector &data); + private: Tag(const Tag &); Tag &operator=(const Tag &);