From ed253d369166e973657fe4c3d586e863bcbc9643 Mon Sep 17 00:00:00 2001 From: Tsuda Kageyu Date: Mon, 5 Jan 2015 09:22:50 +0900 Subject: [PATCH] Add some tests for huge memory allocation due to bad ID3v2 frame header flags. The tests covers #466 and #486. Also fixes a compilation error on some compilers. --- taglib/mpeg/id3v2/id3v2frame.cpp | 3 ++- tests/data/excessive_alloc.aif | Bin 0 -> 2170 bytes tests/data/excessive_alloc.mp3 | Bin 0 -> 925 bytes tests/test_aiff.cpp | 13 ++++++++++--- tests/test_mpeg.cpp | 7 +++++++ 5 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 tests/data/excessive_alloc.aif create mode 100644 tests/data/excessive_alloc.mp3 diff --git a/taglib/mpeg/id3v2/id3v2frame.cpp b/taglib/mpeg/id3v2/id3v2frame.cpp index bb251d18..5dc84971 100644 --- a/taglib/mpeg/id3v2/id3v2frame.cpp +++ b/taglib/mpeg/id3v2/id3v2frame.cpp @@ -32,6 +32,7 @@ #endif #include +#include #include #include @@ -255,7 +256,7 @@ ByteVector Frame::fieldData(const ByteVector &frameData) const !d->header->encryption()) { z_stream stream; - memset(&stream, 0, sizeof(z_stream)); + ::memset(&stream, 0, sizeof(z_stream)); if(inflateInit(&stream) != Z_OK) return ByteVector(); diff --git a/tests/data/excessive_alloc.aif b/tests/data/excessive_alloc.aif new file mode 100644 index 0000000000000000000000000000000000000000..9cb3a6e10defc7bff06bfa670aae859f687b0193 GIT binary patch literal 2170 zcmcIlT}V@57=EV``LmcKNCe}f=nrExr9=>Moi$x`oX!*NCMb8-oS8>9BPwfyBB8tP zg!C@D>ME$a0;3BtyeR4-qPmIjCdxq#wfuU&?|eIdZeYw7DPb#A}pNZ&U0Ggi=wtF;1DYC2pL>B_VWYar5*4`(#~N z_<=>ZpaSz%LRFxz?*#s;%ZzLB?zWc00MlJ(PbxiV+uWDdGTP|H%-;Aug8v(&+7#`mCyzlL8=zw%sby6T?4)GR&fpIJHN>kPkJSXd++h_!Rj(%2wt8LRHnt1cf4dlqg|ZT(92Nui%@`jT1_y7 zM3`MklA&1^MobLD01Lw!GQ$*GG-@TnVlKyr>l<1Q>z)=@v!ldn+RMb%6x{;fK%-lG znYVc1Z!J5#u1x0+w-T|80KQpMS^#qWXC#Fmo#;ClWUk%d=_*o6Fzle%MC;HDh5_8Q zpv~HFqRkph+S^D=I{qcl&L9=H*{Nubz}Z_#sSql%%2kB(glU@rg2_moC)*h#D-53K z`^VD&FTXx(+ECf8$aX3eKfO-8e>YfO<7I2&qb=N5iA9UNODSZhe;^ZuE| z%5suPsa-N1QIJ{|VvgPJ?yZNlZ3Ti83xrcEv= cyi`A-?dL@P#oEN=*U17yN%yzO_lEu9H9*zMH2W62`|JguzhA_xdCIqAXw*fMj$arOu z#h)_KRLZrm6g043F?E6|gFF}}wMRq5r?>(>n=x*WJP*MYE-q%UTCJK&<~bLNt!2@S z<$^kajoAiDv*!P zXPH=Q{drU_GwL|}tAl?Lv+QCYYn zNZp>XG3;sQ(ba1yrsMrO<0 #include #include #include #include #include +#include #include "utils.h" using namespace std; @@ -14,7 +14,8 @@ class TestAIFF : public CppUnit::TestFixture CPPUNIT_TEST_SUITE(TestAIFF); CPPUNIT_TEST(testReading); CPPUNIT_TEST(testAiffCProperties); - CPPUNIT_TEST(testReading); + CPPUNIT_TEST(testFuzzedFile1); + CPPUNIT_TEST(testFuzzedFile2); CPPUNIT_TEST_SUITE_END(); public: @@ -33,12 +34,18 @@ public: CPPUNIT_ASSERT(f.audioProperties()->compressionName() == "SGI CCITT G.711 A-law"); } - void testFuzzedFiles() + void testFuzzedFile1() { RIFF::AIFF::File f(TEST_FILE_PATH_C("segfault.aif")); CPPUNIT_ASSERT(!f.isValid()); } + void testFuzzedFile2() + { + RIFF::AIFF::File f(TEST_FILE_PATH_C("excessive_alloc.aif")); + CPPUNIT_ASSERT(!f.isValid()); + } + }; CPPUNIT_TEST_SUITE_REGISTRATION(TestAIFF); diff --git a/tests/test_mpeg.cpp b/tests/test_mpeg.cpp index 024da6a0..07b970ee 100644 --- a/tests/test_mpeg.cpp +++ b/tests/test_mpeg.cpp @@ -17,6 +17,7 @@ class TestMPEG : public CppUnit::TestFixture CPPUNIT_TEST(testSaveID3v24WrongParam); CPPUNIT_TEST(testSaveID3v23); CPPUNIT_TEST(testDuplicateID3v2); + CPPUNIT_TEST(testFuzzedFile); CPPUNIT_TEST_SUITE_END(); public: @@ -106,6 +107,12 @@ public: CPPUNIT_ASSERT_EQUAL(44100, f.audioProperties()->sampleRate()); } + void testFuzzedFile() + { + MPEG::File f(TEST_FILE_PATH_C("excessive_alloc.mp3")); + CPPUNIT_ASSERT(f.isValid()); + } + }; CPPUNIT_TEST_SUITE_REGISTRATION(TestMPEG);