diff options
author | William Wilgus <wilgus.william@gmail.com> | 2021-08-11 21:58:32 -0400 |
---|---|---|
committer | William Wilgus <wilgus.william@gmail.com> | 2021-08-11 22:06:15 -0400 |
commit | 7aa0e0a898091dca8cf8e69ace23b57e9a1e7129 (patch) | |
tree | 572d30e87d22460cd92c1ff9ae005bef667d0a77 /lib/rbcodec/metadata | |
parent | d8bec3da63f5db2d4d8c3831b116373f773b9136 (diff) | |
download | rockbox-7aa0e0a898091dca8cf8e69ace23b57e9a1e7129.tar.gz rockbox-7aa0e0a898091dca8cf8e69ace23b57e9a1e7129.zip |
metadata/asf.c ensure variable init & add sanity checks
Change-Id: If4432549b843cafb000c3fedee12184d75da595b
Diffstat (limited to 'lib/rbcodec/metadata')
-rw-r--r-- | lib/rbcodec/metadata/asf.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/lib/rbcodec/metadata/asf.c b/lib/rbcodec/metadata/asf.c index 13e193ae35..d90487b36b 100644 --- a/lib/rbcodec/metadata/asf.c +++ b/lib/rbcodec/metadata/asf.c | |||
@@ -104,16 +104,21 @@ static int asf_guid_match(const guid_t *guid1, const guid_t *guid2) | |||
104 | /* Read the 16 byte GUID from a file */ | 104 | /* Read the 16 byte GUID from a file */ |
105 | static void asf_readGUID(int fd, guid_t* guid) | 105 | static void asf_readGUID(int fd, guid_t* guid) |
106 | { | 106 | { |
107 | read_uint32le(fd, &guid->v1); | 107 | int bytes; |
108 | read_uint16le(fd, &guid->v2); | 108 | bytes = read_uint32le(fd, &guid->v1); |
109 | read_uint16le(fd, &guid->v3); | 109 | bytes += read_uint16le(fd, &guid->v2); |
110 | read(fd, guid->v4, 8); | 110 | bytes += read_uint16le(fd, &guid->v3); |
111 | bytes += read(fd, guid->v4, 8); | ||
112 | if (bytes != sizeof(guid_t)) | ||
113 | memset(guid, 0, sizeof(guid_t)); | ||
111 | } | 114 | } |
112 | 115 | ||
113 | static void asf_read_object_header(asf_object_t *obj, int fd) | 116 | static void asf_read_object_header(asf_object_t *obj, int fd) |
114 | { | 117 | { |
115 | asf_readGUID(fd, &obj->guid); | 118 | asf_readGUID(fd, &obj->guid); |
116 | read_uint64le(fd, &obj->size); | 119 | |
120 | if (read_uint64le(fd, &obj->size) != sizeof (uint64_t)) | ||
121 | obj->size = 0; | ||
117 | obj->datalen = 0; | 122 | obj->datalen = 0; |
118 | } | 123 | } |
119 | 124 | ||
@@ -122,24 +127,28 @@ static void asf_read_object_header(asf_object_t *obj, int fd) | |||
122 | */ | 127 | */ |
123 | static int asf_intdecode(int fd, int type, int length) | 128 | static int asf_intdecode(int fd, int type, int length) |
124 | { | 129 | { |
130 | int bytes = 0; | ||
131 | int ret; | ||
125 | uint16_t tmp16; | 132 | uint16_t tmp16; |
126 | uint32_t tmp32; | 133 | uint32_t tmp32; |
127 | uint64_t tmp64; | 134 | uint64_t tmp64; |
128 | 135 | ||
129 | if (type == 3) { | 136 | if (type == 3) { |
130 | read_uint32le(fd, &tmp32); | 137 | bytes = read_uint32le(fd, &tmp32); |
131 | lseek(fd,length - 4,SEEK_CUR); | 138 | ret = (int)tmp32; |
132 | return (int)tmp32; | ||
133 | } else if (type == 4) { | 139 | } else if (type == 4) { |
134 | read_uint64le(fd, &tmp64); | 140 | bytes = read_uint64le(fd, &tmp64); |
135 | lseek(fd,length - 8,SEEK_CUR); | 141 | ret = (int)tmp64; |
136 | return (int)tmp64; | ||
137 | } else if (type == 5) { | 142 | } else if (type == 5) { |
138 | read_uint16le(fd, &tmp16); | 143 | bytes = read_uint16le(fd, &tmp16); |
139 | lseek(fd,length - 2,SEEK_CUR); | 144 | ret = (int)tmp16; |
140 | return (int)tmp16; | ||
141 | } | 145 | } |
142 | 146 | ||
147 | if (bytes > 0) | ||
148 | { | ||
149 | lseek(fd,length - bytes, SEEK_CUR); | ||
150 | return ret; | ||
151 | } | ||
143 | return 0; | 152 | return 0; |
144 | } | 153 | } |
145 | 154 | ||
@@ -482,13 +491,16 @@ static int asf_parse_header(int fd, struct mp3entry* id3, | |||
482 | asf_utf16LEdecode(fd, length, &id3buf, &id3buf_remaining); | 491 | asf_utf16LEdecode(fd, length, &id3buf, &id3buf_remaining); |
483 | #ifdef HAVE_ALBUMART | 492 | #ifdef HAVE_ALBUMART |
484 | } else if (!strcmp("WM/Picture", utf8buf)) { | 493 | } else if (!strcmp("WM/Picture", utf8buf)) { |
485 | uint32_t datalength, strlength; | 494 | uint32_t datalength = 0; |
495 | uint32_t strlength; | ||
486 | /* Expected is either "01 00 xx xx 03 yy yy yy yy" or | 496 | /* Expected is either "01 00 xx xx 03 yy yy yy yy" or |
487 | * "03 yy yy yy yy". xx is the size of the WM/Picture | 497 | * "03 yy yy yy yy". xx is the size of the WM/Picture |
488 | * container in bytes. yy equals the raw data length of | 498 | * container in bytes. yy equals the raw data length of |
489 | * the embedded image. */ | 499 | * the embedded image. */ |
490 | lseek(fd, -4, SEEK_CUR); | 500 | lseek(fd, -4, SEEK_CUR); |
491 | read(fd, &type, 1); | 501 | if (read(fd, &type, 1) != 1) |
502 | type = 0; | ||
503 | |||
492 | if (type == 1) { | 504 | if (type == 1) { |
493 | lseek(fd, 3, SEEK_CUR); | 505 | lseek(fd, 3, SEEK_CUR); |
494 | read(fd, &type, 1); | 506 | read(fd, &type, 1); |