[tracker-miners] extract/mp3: Assert that the reader position is within mmap boundaries
- From: Carlos Garnacho <carlosg src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [tracker-miners] extract/mp3: Assert that the reader position is within mmap boundaries
- Date: Tue, 22 Aug 2017 16:46:54 +0000 (UTC)
commit 2f3d04c16e61a0e5336c450ebaa50c4500078c14
Author: Carlos Garnacho <carlosg gnome org>
Date: Sun Aug 20 13:52:31 2017 +0200
extract/mp3: Assert that the reader position is within mmap boundaries
The 'pos' variable is always at the start of a frame, which means pos
can't surpass the mmap size minus the frame size. This just happens
implicitly, and is a programming error if we let that ever happen, so
let's make it really sure this isn't possible.
https://bugzilla.gnome.org/show_bug.cgi?id=786539
src/tracker-extract/tracker-extract-mp3.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index e89849c..3a59128 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -1888,6 +1888,8 @@ parse_id3v24 (const gchar *data,
size_t csize;
unsigned short flags;
+ g_assert (pos <= size - frame_size);
+
/* Frames are 10 bytes each and made up of:
* Frame ID $xx xx xx xx (4 chars)
* Size $xx xx xx xx
@@ -2090,6 +2092,8 @@ parse_id3v23 (const gchar *data,
size_t csize;
unsigned short flags;
+ g_assert (pos <= size - frame_size);
+
/* Frames are 10 bytes each and made up of:
* Frame ID $xx xx xx xx (4 chars)
* Size $xx xx xx xx
@@ -2226,6 +2230,8 @@ parse_id3v20 (const gchar *data,
id3v2frame frame;
size_t csize;
+ g_assert (pos <= size - frame_size);
+
if (pos + frame_size > tsize + header_size) {
g_message ("[v20] Expected MP3 frame size (%d) to be within tag size (%d) boundaries,
position = %d",
frame_size,
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
