On Thu, 2012-10-04 at 23:02 +0200, Max Kellermann wrote: > On 2012/10/04 18:35, Jurgen Kramer <gtmkra...@xs4all.nl> wrote: > > I went through the e-mails, I do not recall you having problems with > > dsdiff_handle_native_tag(). > > You made the same mistake twice. Maybe I didn't point you to the > second instance of the same bug. > > > We discussed dsdlib_tagid3() from dsdlib.c. I've added checks there. > > I don't see a check that prevents the crash from happening. Where is > it? > If added these checks to dsdlib_tag_id3():
+ /* Prevent broken files causing problems */ + if (is->offset >= is->size) + return; + + count = is->size - is->offset; + /* ID3 tag cannot be larger then complete file */ + if ((unsigned)count >= is->size) + return; There is no way to determine how big the tag can be (AFAIK), some tags contain images and are therefore rather big. If you have a suggestion please feel free ! For the case in dsdiff_handle_native_tag() here its only for handling artist names and titles and we can probably safely limit the number of characters to a certain number. Jurgen Jurgen ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
