mirror/taglib
1
0
Fork 0
mirror of https://github.com/taglib/taglib.git synced 2025-05-27 13:10:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Be more careful when parsing Vorbis Comments

Browse Source
This commit is contained in:
Frank Lai 2011-06-09 18:44:54 +02:00 committed by Lukáš Lalinský
parent 934ce51790
commit b7ec0d26ab
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
taglib/ogg/xiphcomment.cpp
View File

@ -295,21 +295,31 @@ void Ogg::XiphComment::parse(const ByteVector &data)
// Next the number of fields in the comment vector.
int commentFields = data.mid(pos, 4).toUInt(false);
uint commentFields = data.mid(pos, 4).toUInt(false);
pos += 4;
for(int i = 0; i < commentFields; i++) {
if(commentFields > (data.size() - 8) / 4) {
return;
}
for(uint i = 0; i < commentFields; i++) {
// Each comment field is in the format "KEY=value" in a UTF8 string and has
// 4 bytes before the text starts that gives the length.
int commentLength = data.mid(pos, 4).toUInt(false);
uint commentLength = data.mid(pos, 4).toUInt(false);
pos += 4;
String comment = String(data.mid(pos, commentLength), String::UTF8);
pos += commentLength;
if(pos > data.size()) {
break;
}
int commentSeparatorPosition = comment.find("=");
if(commentSeparatorPosition == -1) {
break;
}
String key = comment.substr(0, commentSeparatorPosition);
String value = comment.substr(commentSeparatorPosition + 1);