[vlc-commits] commit: Fix out of range memory access when APIC frame type is out of the range defined in the ID3v2 specification (corrupted tag or vendor defined). (Fargier Sylvain )
git at videolan.org
git at videolan.org
Tue Sep 14 19:02:05 CEST 2010
vlc | branch: master | Fargier Sylvain <fargier.sylvain at free.fr> | Tue Sep 14 00:24:48 2010 +0200| [639c195bf4a6e89e32042663857165b7eb05b33b] | committer: Rémi Duraffort
Fix out of range memory access when APIC frame type is out of the range defined in the ID3v2 specification (corrupted tag or vendor defined).
Signed-off-by: Fargier Sylvain <fargier.sylvain at free.fr>
Signed-off-by: Rémi Duraffort <ivoire at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=639c195bf4a6e89e32042663857165b7eb05b33b
---
modules/meta_engine/taglib.cpp | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/modules/meta_engine/taglib.cpp b/modules/meta_engine/taglib.cpp
index e1e03fb..33866d0 100644
--- a/modules/meta_engine/taglib.cpp
+++ b/modules/meta_engine/taglib.cpp
@@ -200,6 +200,7 @@ static void ReadMetaFromId3v2( ID3v2::Tag* tag, demux_t* p_demux, demux_meta_t*
3, /* Logo of the band or performer. */
2 /* Logo of the publisher (record company). */
};
+ #define PI_COVER_SCORE_SIZE (sizeof (pi_cover_score) / sizeof (pi_cover_score[0]))
int i_score = -1;
// Try now to get embedded art
@@ -261,9 +262,13 @@ static void ReadMetaFromId3v2( ID3v2::Tag* tag, demux_t* p_demux, demux_meta_t*
p_attachment );
free( psz_description );
- if( pi_cover_score[p_apic->type()] > i_score )
+ unsigned i_pic_type = p_apic->type();
+ if( i_pic_type >= PI_COVER_SCORE_SIZE )
+ i_pic_type = 0; // Defaults to "Other"
+
+ if( pi_cover_score[i_pic_type] > i_score )
{
- i_score = pi_cover_score[p_apic->type()];
+ i_score = pi_cover_score[i_pic_type];
char *psz_url;
if( asprintf( &psz_url, "attachment://%s",
p_attachment->psz_name ) == -1 )
More information about the vlc-commits
mailing list