Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fixed: don't segfault on corrupt vorbiscomments in flac files
(cherry picked from commit c4cded5a6c8724369703d797c8524b8cc31d4522)

git-svn-id: https://xbmc.svn.sourceforge.net/svnroot/xbmc/branches/Dharma@35058 568bbfeb-2a22-0410-94d2-cc84cf5bfa90
  • Loading branch information
theuni committed Oct 28, 2010
1 parent e32c7ee commit 2513aa5
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 3 deletions.
9 changes: 7 additions & 2 deletions xbmc/FlacTag.cpp
Expand Up @@ -83,7 +83,7 @@ bool CFlacTag::Read(const CStdString& strFile)
{
m_file->Read((void*)tag, size);
// Process this tag info
ProcessVorbisComment(tag);
ProcessVorbisComment(tag,size);
foundTag = true;
delete[] tag;
}
Expand Down Expand Up @@ -210,7 +210,7 @@ int CFlacTag::FindFlacHeader(void)
return 0;
}

void CFlacTag::ProcessVorbisComment(const char *pBuffer)
void CFlacTag::ProcessVorbisComment(const char *pBuffer, size_t bufsize)
{
unsigned int Pos = 0; // position in the buffer
unsigned int I1 = Endian_SwapLE32(*(unsigned int*)(pBuffer + Pos)); // length of vendor string
Expand All @@ -220,6 +220,11 @@ void CFlacTag::ProcessVorbisComment(const char *pBuffer)
char C1[CHUNK_SIZE];
for (unsigned int I2 = 0; I2 < Count; I2++) // Run through the comments
{
if (Pos >= bufsize)
{
CLog::Log(LOGWARNING,"flac tag overflow");
return;
}
I1 = Endian_SwapLE32(*(unsigned int*)(pBuffer + Pos)); // Length of comment
if (I1 < CHUNK_SIZE)
{
Expand Down
2 changes: 1 addition & 1 deletion xbmc/FlacTag.h
Expand Up @@ -41,7 +41,7 @@ class CFlacTag : public CVorbisTag

protected:
XFILE::CFile* m_file;
void ProcessVorbisComment(const char *pBuffer);
void ProcessVorbisComment(const char *pBuffer, size_t bufsize);
int ReadFlacHeader(void); // returns the position after the STREAM_INFO metadata
int FindFlacHeader(void); // returns the offset in the file of the fLaC data
unsigned int ReadUnsigned(); // reads a 32 bit unsigned int
Expand Down

0 comments on commit 2513aa5

Please sign in to comment.