On 2012/10/05 09:10, Jurgen Kramer <gtmkra...@xs4all.nl> wrote: > If added these checks to dsdlib_tag_id3(): > > + /* Prevent broken files causing problems */ > + if (is->offset >= is->size) > + return; > + > + count = is->size - is->offset; > + /* ID3 tag cannot be larger then complete file */ > + if ((unsigned)count >= is->size) > + return;
But how does this help? "File size" is remote input that cannot be trusted, and you don't even need a multi-gigabyte file to get a stack overflow. > There is no way to determine how big the tag can be (AFAIK), some tags > contain images and are therefore rather big. Large binary tags are not interesting for MPD, they should be skipped. ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
