diff options
| author | Michael Giacomelli <giac2000@hotmail.com> | 2009-03-01 21:36:13 +0000 |
|---|---|---|
| committer | Michael Giacomelli <giac2000@hotmail.com> | 2009-03-01 21:36:13 +0000 |
| commit | 912b24f0788114314704966a443ad8666fc99637 (patch) | |
| tree | fe792788e6fbaf033927fba2577e76454d770f78 /apps/codecs | |
| parent | d13f1a485f0e35a6fbbd0a664f14acc3798d52a0 (diff) | |
| download | rockbox-912b24f0788114314704966a443ad8666fc99637.zip rockbox-912b24f0788114314704966a443ad8666fc99637.tar.gz rockbox-912b24f0788114314704966a443ad8666fc99637.tar.bz2 rockbox-912b24f0788114314704966a443ad8666fc99637.tar.xz | |
Make tremor check for very long ogg tags and truncate them if they're larger then 10000 characters rather then seg faulting. Fixes FS#9866.
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@20156 a1c6a512-1295-4272-9138-f99709370657
Diffstat (limited to 'apps/codecs')
| -rw-r--r-- | apps/codecs/libtremor/info.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/apps/codecs/libtremor/info.c b/apps/codecs/libtremor/info.c index c0bd0ae..e96dd88 100644 --- a/apps/codecs/libtremor/info.c +++ b/apps/codecs/libtremor/info.c @@ -149,12 +149,21 @@ static int _vorbis_unpack_comment(vorbis_comment *vc,oggpack_buffer *opb){ vc->comment_lengths=(int *)_ogg_calloc(vc->comments+1, sizeof(*vc->comment_lengths)); for(i=0;i<vc->comments;i++){ - int len=oggpack_read(opb,32); - if(len<0)goto err_out; - vc->comment_lengths[i]=len; - vc->user_comments[i]=(char *)_ogg_calloc(len+1,1); - _v_readstring(opb,vc->user_comments[i],len); - } + int len=oggpack_read(opb,32); + if(len<0)goto err_out; + vc->comment_lengths[i]=len; + if(len>10000){ /*truncate long comments rather then seg faulting*/ + vc->user_comments[i]=(char *)_ogg_calloc(10001,1); + _v_readstring(opb,vc->user_comments[i],10000); + /*just to be neat, consumed and discard the rest of the comment*/ + len-=10000; + while(len--) + oggpack_read(opb,8); + }else{ + vc->user_comments[i]=(char *)_ogg_calloc(len+1,1); + _v_readstring(opb,vc->user_comments[i],len); + } + } if(oggpack_read(opb,1)!=1)goto err_out; /* EOP check */ return(0); |