Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

id3: handle negative extended header sizes #607

Merged
merged 1 commit into from May 7, 2023
Merged

id3: handle negative extended header sizes #607

merged 1 commit into from May 7, 2023

Conversation

lazka
Copy link
Member

@lazka lazka commented May 7, 2023
edited

The extended header size is an integer, so can be negative. This leads to read_full() getting called with a negative size and failing with ValueError.

Handle this case explicitly and raise a proper mutagen exception instead.

@lazka lazka force-pushed the id3-negative-ext-header-size branch from a1d2bad to dd9ed81 Compare May 7, 2023 13:28
@lazka
id3: handle negative extended header sizes
bbbc9f1 
The extended header size is an integer, so can be negative.
This leads to read_full() getting called with a negative size
and failing with ValueError.

Handle this case explicitly and raise a proper mutagen exception instead.
@lazka lazka force-pushed the id3-negative-ext-header-size branch from dd9ed81 to bbbc9f1 Compare May 7, 2023 13:28
@phw
Copy link
Collaborator

phw commented May 7, 2023

I guess that was found by the fuzzing tests, right?

@lazka
Copy link
Member Author

lazka commented May 7, 2023
edited

yeah, the first one, I wanted to see if oss-fuzz picks this up somehow. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58145

thanks for the review!

@lazka lazka merged commit f85f512 into quodlibet:master May 7, 2023
16 checks passed
@lazka
Copy link
Member Author

lazka commented May 8, 2023

it closed the oss-fuzz issue automatically now, nice.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phw phw phw approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lazka @phw