New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
some vulnerability - 0x03 an out-of-bound vulnerability in readTextWithDescrFrame function #79
Comments
|
Duplicate of #76 |
|
If the array size is less than 2, it still panic in the latest commit, just like in the figure below |
|
Ah yes! Thanks. Happy to receive a pull request to fix :-). |
@dhowden I'm Sorry. My code is so terrible, but I can give you an advice if you don't have a better way to fix such bugs. You could use |
No worries :-) I will have a look now. |
|
Just to note: the library was built to read data from valid files (and making it conform to all the specs was bad enough, so I mostly ignored safety measures to trap bad files).. Using a fuzzer will likely find lots of issues like this! If people are using this in production environments, would definitely recommend that they wrap all alls to the library with recover (as you suggest above) to make sure that a panic here does not bring down their entire process. |


This is the third vulnerability in id3v2frames.go
In readTextWithDescrFrame function, you don't check the size of b , program will happen panic when the size of b is 2 or less than 2 .
testcase 8eff69ad26a59a05ec11e38f3ca6c592f08dcc54.zip
The text was updated successfully, but these errors were encountered: