summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2021-08-01 22:55:28 -0400
committerWilliam Wilgus <me.theuser@yahoo.com>2021-08-02 03:00:01 +0000
commit0501af8b063a9c4aa79a008566810bed7deb5502 (patch)
tree3f504b45872c8ef40f6bb9f0c74be77e126bd53b
parent247731fe8c1bdf8c18605ba0844072ed0c5568da (diff)
downloadrockbox-0501af8b063a9c4aa79a008566810bed7deb5502.tar.gz
rockbox-0501af8b063a9c4aa79a008566810bed7deb5502.zip
metadata/flac.c fix potential buffer overrun
Change-Id: Iee12f251455c4fda9d91d10e466d17e5e02046b9
Diffstat
-rw-r--r--lib/rbcodec/metadata/flac.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/lib/rbcodec/metadata/flac.c b/lib/rbcodec/metadata/flac.c
index f19591fe3e..99c0efeca9 100644
--- a/lib/rbcodec/metadata/flac.c
+++ b/lib/rbcodec/metadata/flac.c
@@ -125,13 +125,25 @@ bool get_flac_metadata(int fd, struct mp3entry* id3)
125 id3->albumart.pos = lseek(fd, 0, SEEK_CUR); 125 id3->albumart.pos = lseek(fd, 0, SEEK_CUR);
126 126
127 int bytes_read = read(fd, buf, buf_size); 127 int bytes_read = read(fd, buf, buf_size);
128 buf[buf_size-1] = '\0';
128 i -= bytes_read; 129 i -= bytes_read;
130 if (bytes_read <= picframe_pos + 4) /* get_long_be expects 4 chars */
131 {
132 logf("flac picture length invalid!");
133 return false;
134 }
129 135
130 mime_length = get_long_be(&buf[picframe_pos]); 136 mime_length = get_long_be(&buf[picframe_pos]);
131 137
132 char *mime = buf + picframe_pos + 4; 138 char *mime = buf + picframe_pos + 4;
133 picframe_pos += 4 + mime_length; 139 picframe_pos += 4 + mime_length;
134 140
141 if (bytes_read < picframe_pos)
142 {
143 logf("flac picture length invalid!");
144 return false;
145 }
146
135 id3->albumart.type = AA_TYPE_UNKNOWN; 147 id3->albumart.type = AA_TYPE_UNKNOWN;
136 if (memcmp(mime, "image/", 6) == 0) 148 if (memcmp(mime, "image/", 6) == 0)
137 { 149 {
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 04:27:40 +0000