On Sat, 2012-10-06 at 17:27 +0200, Max Kellermann wrote: > On 2012/10/05 09:10, Jurgen Kramer <gtmkra...@xs4all.nl> wrote: > > If added these checks to dsdlib_tag_id3(): > > > > + /* Prevent broken files causing problems */ > > + if (is->offset >= is->size) > > + return; > > + > > + count = is->size - is->offset; > > + /* ID3 tag cannot be larger then complete file */ > > + if ((unsigned)count >= is->size) > > + return; > > But how does this help? "File size" is remote input that cannot be > trusted, and you don't even need a multi-gigabyte file to get a stack > overflow. > > > There is no way to determine how big the tag can be (AFAIK), some tags > > contain images and are therefore rather big. > > Large binary tags are not interesting for MPD, they should be skipped. > OK, I'll artificially limit the max length of the ID3 tag size for both DSD formats as well as limit the max length for the artist and title tags for the DSDIFF format.
Average ID3 tag size I encountered is 4034 so I'll set the max to 4096 (maximum I found is 488849). Average tag size I saw for artist and title tags of DSDIFF files is 40 so 60 seems a reasonable limit there. I'll create a new commit with these limits, I'll leave the current file size checks in tact (is->size etc). Jurgen ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
