[tracker-miners] extract/mp3: Make clearer checks on offsets read from file

From: Carlos Garnacho <carlosg src gnome org>
To: commits-list gnome org
Cc:
Subject: [tracker-miners] extract/mp3: Make clearer checks on offsets read from file
Date: Tue, 22 Aug 2017 16:46:49 +0000 (UTC)
commit be8b2673bf8cafbe1c40c06cad0e6262f9129ae2
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sun Aug 13 12:41:22 2017 +0200

    extract/mp3: Make clearer checks on offsets read from file
    
    Put these on one side of the operand without added values.
    
    Spotted by Coverity (CID #162187) (Tentative fix)
    
    https://bugzilla.gnome.org/show_bug.cgi?id=786539

 src/tracker-extract/tracker-extract-mp3.c |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index 83bbd1d..e89849c 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -1852,7 +1852,7 @@ parse_id3v24 (const gchar           *data,
         * tag size (tsize) does not include the header which is 10
         * bytes, so we check that there is some content AFTER the
         * headers. */
-       if (tsize + header_size > size) {
+       if (tsize > size - header_size) {
                g_message ("[v24] Expected MP3 tag size and header size to be within file size boundaries");
                return;
        }
@@ -1874,7 +1874,7 @@ parse_id3v24 (const gchar           *data,
                 * simply the total tag size excluding the frames and
                 * the headers, in other words the padding.
                 */
-               if (tsize + header_size + ext_header_size > size) {
+               if (ext_header_size > size - header_size - tsize) {
                        g_message ("[v24] Expected MP3 tag size and extended header size to be within file 
size boundaries");
                        return;
                }
@@ -1917,7 +1917,7 @@ parse_id3v24 (const gchar           *data,
 
                csize = (size_t) extract_uint32_7bit (&data[pos + 4]);
 
-               if (pos + frame_size + csize > size) {
+               if (csize > size - frame_size - pos) {
                        g_debug ("[v24] Size of current frame '%s' (%" G_GSIZE_FORMAT ") "
                                 "exceeds file boundaries (%" G_GSIZE_FORMAT "), "
                                 "not processing any more frames",
@@ -2054,7 +2054,7 @@ parse_id3v23 (const gchar          *data,
         * tag size (tsize) does not include the header which is 10
         * bytes, so we check that there is some content AFTER the
         * headers. */
-       if (tsize + header_size > size) {
+       if (tsize > size - header_size) {
                g_message ("[v23] Expected MP3 tag size and header size to be within file size boundaries");
                return;
        }
@@ -2076,7 +2076,7 @@ parse_id3v23 (const gchar          *data,
                 * simply the total tag size excluding the frames and
                 * the headers, in other words the padding.
                 */
-               if (tsize + header_size + ext_header_size > size) {
+               if (ext_header_size > size - header_size - tsize) {
                        g_message ("[v23] Expected MP3 tag size and extended header size to be within file 
size boundaries");
                        return;
                }
@@ -2113,7 +2113,7 @@ parse_id3v23 (const gchar          *data,
 
                csize = (size_t) extract_uint32 (&data[pos + 4]);
 
-               if (pos + frame_size + csize > size) {
+               if (csize > size - frame_size - pos) {
                        g_debug ("[v23] Size of current frame '%s' (%" G_GSIZE_FORMAT ") "
                                 "exceeds file boundaries (%" G_GSIZE_FORMAT "), "
                                 "not processing any more frames",
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]