Add some tests for huge memory allocation due to bad ID3v2 frame header flags.

The tests covers #466 and #486. Also fixes a compilation error on some compilers.
2025-05-27 21:20:26 -04:00 · 2015-01-05 09:22:50 +09:00 · 2015-01-05 09:22:50 +09:00 · ed253d3691
commit ed253d3691
parent 57729b834a
5 changed files with 19 additions and 4 deletions
--- a/taglib/mpeg/id3v2/id3v2frame.cpp
+++ b/taglib/mpeg/id3v2/id3v2frame.cpp
@ -32,6 +32,7 @@
 #endif

 #include <bitset>
+#include <cstring>

 #include <tdebug.h>
 #include <tstringlist.h>
@ -255,7 +256,7 @@ ByteVector Frame::fieldData(const ByteVector &frameData) const
     !d->header->encryption())
  {
    z_stream stream;
-    memset(&stream, 0, sizeof(z_stream));
+    ::memset(&stream, 0, sizeof(z_stream));

    if(inflateInit(&stream) != Z_OK)
      return ByteVector();
--- a/tests/data/excessive_alloc.aif
+++ b/tests/data/excessive_alloc.aif
--- a/tests/data/excessive_alloc.mp3
+++ b/tests/data/excessive_alloc.mp3
--- a/tests/test_aiff.cpp
+++ b/tests/test_aiff.cpp
@ -1,9 +1,9 @@
-#include <cppunit/extensions/HelperMacros.h>
 #include <string>
 #include <stdio.h>
 #include <tag.h>
 #include <tbytevectorlist.h>
 #include <aifffile.h>
+#include <cppunit/extensions/HelperMacros.h>
 #include "utils.h"

 using namespace std;
@ -14,7 +14,8 @@ class TestAIFF : public CppUnit::TestFixture
  CPPUNIT_TEST_SUITE(TestAIFF);
  CPPUNIT_TEST(testReading);
  CPPUNIT_TEST(testAiffCProperties);
-  CPPUNIT_TEST(testReading);
+  CPPUNIT_TEST(testFuzzedFile1);
+  CPPUNIT_TEST(testFuzzedFile2);
  CPPUNIT_TEST_SUITE_END();

 public:
@ -33,12 +34,18 @@ public:
    CPPUNIT_ASSERT(f.audioProperties()->compressionName() == "SGI CCITT G.711 A-law");
  }

-  void testFuzzedFiles()
+  void testFuzzedFile1()
  {
    RIFF::AIFF::File f(TEST_FILE_PATH_C("segfault.aif"));
    CPPUNIT_ASSERT(!f.isValid());
  }

+  void testFuzzedFile2()
+  {
+    RIFF::AIFF::File f(TEST_FILE_PATH_C("excessive_alloc.aif"));
+    CPPUNIT_ASSERT(!f.isValid());
+  }
+
 };

 CPPUNIT_TEST_SUITE_REGISTRATION(TestAIFF);
--- a/tests/test_mpeg.cpp
+++ b/tests/test_mpeg.cpp
@ -17,6 +17,7 @@ class TestMPEG : public CppUnit::TestFixture
  CPPUNIT_TEST(testSaveID3v24WrongParam);
  CPPUNIT_TEST(testSaveID3v23);
  CPPUNIT_TEST(testDuplicateID3v2);
+  CPPUNIT_TEST(testFuzzedFile);
  CPPUNIT_TEST_SUITE_END();

 public:
@ -106,6 +107,12 @@ public:
    CPPUNIT_ASSERT_EQUAL(44100, f.audioProperties()->sampleRate());
  }

+  void testFuzzedFile()
+  {
+    MPEG::File f(TEST_FILE_PATH_C("excessive_alloc.mp3"));
+    CPPUNIT_ASSERT(f.isValid());
+  }
+
 };

 CPPUNIT_TEST_SUITE_REGISTRATION(TestMPEG);