[tracker] tracker-extract-mp3: Fix crash with invalid extended header
- From: Jürg Billeter <juergbi src gnome org>
- To: svn-commits-list gnome org
- Cc:
- Subject: [tracker] tracker-extract-mp3: Fix crash with invalid extended header
- Date: Wed, 16 Sep 2009 10:32:49 +0000 (UTC)
commit 9f76cfa4091f107c7355b690168ef4efc1457efc
Author: Jürg Billeter <j bitron ch>
Date: Wed Sep 16 12:31:21 2009 +0200
tracker-extract-mp3: Fix crash with invalid extended header
src/tracker-extract/tracker-extract-mp3.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index 7559261..4985495 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -1644,6 +1644,11 @@ parse_id3v24 (const gchar *data,
((data[12] & 0x7F) << 7) |
((data[13] & 0x7F) << 0));
pos += ehdrSize;
+
+ if (pos + tsize > size) {
+ /* invalid size: extended header longer than tag */
+ return;
+ }
}
if (unsync) {
@@ -1719,6 +1724,11 @@ parse_id3v23 (const gchar *data,
else {
return;
}
+
+ if (pos + tsize > size) {
+ /* invalid size: extended header longer than tag */
+ return;
+ }
}
if (unsync) {
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
