mirror/taglib
1
0
Fork 0
mirror of https://github.com/taglib/taglib.git synced 2025-05-27 21:20:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

MPC: Fix heap-buffer-overflow in readSV7()

Browse Source 
If `data` is an allocation of only 3 bytes (MP+) then `data[3]` is a
read past the end of the buffer.
This commit is contained in:
bobsayshilol 2021-04-24 17:03:28 +01:00 committed by Urs Fleisch
parent 5f6bbb20e7
commit f2eb331696
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
taglib/mpc/mpcproperties.cpp
View File

@ -298,6 +298,9 @@ void MPC::Properties::readSV8(File *file, long streamLength)
void MPC::Properties::readSV7(const ByteVector &data, long streamLength)
{
if(data.startsWith("MP+")) {
if(data.size() < 4)
return;
d->version = data[3] & 15;
if(d->version < 7)
return;