diff options
author | Jan Brittenson <bson@rockgarden.net> | 2014-12-22 22:26:55 -0800 |
---|---|---|
committer | Max Kellermann <max@duempel.org> | 2014-12-23 09:49:33 +0100 |
commit | 35db88affe5d158c1bfda46e4cd0f8c69db4426d (patch) | |
tree | b32a17a9100bc49f03d94f7c1bee3a422d998d84 | |
parent | e38faca455995f1ae7df54780ffeed53c8037346 (diff) | |
download | mpd-35db88affe5d158c1bfda46e4cd0f8c69db4426d.tar.gz mpd-35db88affe5d158c1bfda46e4cd0f8c69db4426d.tar.xz mpd-35db88affe5d158c1bfda46e4cd0f8c69db4426d.zip |
DSF ID3 tags hitting 4k size limit
Here's a change to dynamically allocate the DSD ID3 tag buffer.
Pretty much anything with cover art is going to exceed the existing,
static 4k limit... Here's a change to dynamically allocate the buffer
and sanity check it at some upper limit. I rather arbitrarily pulled
256k out of thin air just to keep a corrupt file from causing it to
trying to allocate a buffer larger than available memory.
-rw-r--r-- | NEWS | 2 | ||||
-rw-r--r-- | src/decoder/plugins/DsdLib.cxx | 18 |
2 files changed, 14 insertions, 6 deletions
@@ -1,4 +1,6 @@ ver 0.19.8 (not yet released) +* decoder + - dsdiff, dsf: allow ID3 tags larger than 4 kB ver 0.19.7 (2014/12/17) * input diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 8892ed387..0436b9c3f 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -29,6 +29,7 @@ #include "input/InputStream.hxx" #include "tag/TagId3.hxx" #include "util/Error.hxx" +#include "util/Alloc.hxx" #include <string.h> @@ -123,22 +124,27 @@ dsdlib_tag_id3(InputStream &is, const id3_length_t count = size - offset; - /* Check and limit id3 tag size to prevent a stack overflow */ - id3_byte_t dsdid3[4096]; - if (count == 0 || count > sizeof(dsdid3)) + if (count < 10 || count > 256*1024) return; - if (!decoder_read_full(nullptr, is, dsdid3, count)) + id3_byte_t *const id3_buf = static_cast<id3_byte_t*>(xalloc(count)); + + if (!decoder_read_full(nullptr, is, id3_buf, count)) { + free(id3_buf); return; + } - struct id3_tag *id3_tag = id3_tag_parse(dsdid3, count); - if (id3_tag == nullptr) + struct id3_tag *id3_tag = id3_tag_parse(id3_buf, count); + if (id3_tag == nullptr) { + free(id3_buf); return; + } scan_id3_tag(id3_tag, handler, handler_ctx); id3_tag_delete(id3_tag); + free(id3_buf); return; } #endif |