On Mon, 2012-09-03 at 23:09 +0200, Max Kellermann wrote:
On 2012/08/21 20:01, Jurgen Kramer gtmkra...@xs4all.nl wrote:
Can you use dsdlib_tag_id3() for a DoS attack? This looks like it
could easily cause a stack overflow:
+ count = is-size - is-offset;
+ id3_byte_t
On 2012/09/19 14:50, Jurgen Kramer gtmkra...@xs4all.nl wrote:
Attached is an old fashioned patch with the updated code against current
mpd git.
There's no patch description.
I cannot make heads or tales from the mess that is my mpd git repo.
Everything I try only seems to make it worse.
On 2012/08/21 20:01, Jurgen Kramer gtmkra...@xs4all.nl wrote:
Can you use dsdlib_tag_id3() for a DoS attack? This looks like it
could easily cause a stack overflow:
+ count = is-size - is-offset;
+ id3_byte_t dsdid3[count];
What is your concern here? The allocation of dsdid3
On Mon, 2012-08-20 at 08:44 +0200, Max Kellermann wrote:
On 2012/08/16 18:18, Jurgen Kramer gtmkra...@xs4all.nl wrote:
Lots of activity in git. Just a reminder for above commit.
Memory leak in dsdlib_tag_id3().
Fixed. Added id3_tag_delete
Can you use dsdlib_tag_id3() for a DoS attack?
On Tue, Aug 21, 2012 at 08:01:07PM +0200, Jurgen Kramer wrote:
Regarding only submitting the needed patches. What the commit I supplied
(http://git.musicpd.org/cgit/gtmkramer/mpd.git/commit/?id=9696eff5f075180e88fca504f2502c4f12aef71b)
you get more then needed? (I am still not fully proficient
On 2012/08/16 18:18, Jurgen Kramer gtmkra...@xs4all.nl wrote:
Lots of activity in git. Just a reminder for above commit.
Memory leak in dsdlib_tag_id3().
Can you use dsdlib_tag_id3() for a DoS attack? This looks like it
could easily cause a stack overflow:
+ count = is-size - is-offset;
+
Updated version of my patch to add tag support to the DSD decoders.
Now uses scan_id3_tag() to add id3 tags (the comment in src/tag_id3.c/h
for scan_id3_tag() may need smartening up).
No more warnings when compiling with id3 support disabled.
Removes unneeded code when compiling without id3
