Re: [Musicpd-dev-team] [PATCH] Add tag support to DSD decoders
On 2012/10/05 09:10, Jurgen Kramer gtmkra...@xs4all.nl wrote: If added these checks to dsdlib_tag_id3(): + /* Prevent broken files causing problems */ + if (is-offset = is-size) + return; + + count = is-size - is-offset; + /* ID3 tag cannot be larger then complete file */ + if ((unsigned)count = is-size) + return; But how does this help? File size is remote input that cannot be trusted, and you don't even need a multi-gigabyte file to get a stack overflow. There is no way to determine how big the tag can be (AFAIK), some tags contain images and are therefore rather big. Large binary tags are not interesting for MPD, they should be skipped. -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
Re: [Musicpd-dev-team] [PATCH] Add tag support to DSD decoders
On Sat, 2012-10-06 at 17:27 +0200, Max Kellermann wrote: On 2012/10/05 09:10, Jurgen Kramer gtmkra...@xs4all.nl wrote: If added these checks to dsdlib_tag_id3(): + /* Prevent broken files causing problems */ + if (is-offset = is-size) + return; + + count = is-size - is-offset; + /* ID3 tag cannot be larger then complete file */ + if ((unsigned)count = is-size) + return; But how does this help? File size is remote input that cannot be trusted, and you don't even need a multi-gigabyte file to get a stack overflow. There is no way to determine how big the tag can be (AFAIK), some tags contain images and are therefore rather big. Large binary tags are not interesting for MPD, they should be skipped. OK, I'll artificially limit the max length of the ID3 tag size for both DSD formats as well as limit the max length for the artist and title tags for the DSDIFF format. Average ID3 tag size I encountered is 4034 so I'll set the max to 4096 (maximum I found is 488849). Average tag size I saw for artist and title tags of DSDIFF files is 40 so 60 seems a reasonable limit there. I'll create a new commit with these limits, I'll leave the current file size checks in tact (is-size etc). Jurgen -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
Re: [Musicpd-dev-team] MPD builds for Windows
On Wed, 03 Oct 2012 19:08:31 +0100 Hugo Rodrigues corr...@hugorodrigues.com wrote: I'm trying to do the same in linux too. I guess the process will be the same, but i have no clue how to do it. like a statically linked binary? ive done it before for a tigervnc windows binary mostly using gentoo crossdev not sure about the licensing though... -- aaron m -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev ___ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
Re: [Musicpd-dev-team] MPD builds for Windows
Hi, Yes, something like that. The official MPD window build already does that. A folder with mpd binary and the dependent dll's Do you think it is possible to that in windows and mac? Best Regards, HR On 06/10/12 22:37, aaron mcewan wrote: On Wed, 03 Oct 2012 19:08:31 +0100 Hugo Rodrigues corr...@hugorodrigues.com wrote: I'm trying to do the same in linux too. I guess the process will be the same, but i have no clue how to do it. like a statically linked binary? ive done it before for a tigervnc windows binary mostly using gentoo crossdev not sure about the licensing though... -- Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev___ Musicpd-dev-team mailing list Musicpd-dev-team@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/musicpd-dev-team
