aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMax Kellermann <max@duempel.org>2008-08-26 08:27:11 +0200
committerEric Wong <normalperson@yhbt.net>2008-08-30 18:45:13 -0700
commitca5eaffc16b9ace0ea7af519ef949bf014f42120 (patch)
tree2d418ebd0cccf15011ed773f5718b97f08af5132 /src
parent20755291951a9cb9e21afba763a80015229e7655 (diff)
downloadmpd-ca5eaffc16b9ace0ea7af519ef949bf014f42120.tar.gz
mpd-ca5eaffc16b9ace0ea7af519ef949bf014f42120.tar.xz
mpd-ca5eaffc16b9ace0ea7af519ef949bf014f42120.zip
aac: check buffer lengths
The AAC plugin sometimes does not check the length of available data when checking for magic prefixes. Add length checks.
Diffstat (limited to 'src')
-rw-r--r--src/inputPlugins/aac_plugin.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/inputPlugins/aac_plugin.c b/src/inputPlugins/aac_plugin.c
index e9eccf31a..faddb78c6 100644
--- a/src/inputPlugins/aac_plugin.c
+++ b/src/inputPlugins/aac_plugin.c
@@ -196,7 +196,7 @@ static void initAacBuffer(InputStream * inStream, AacBuffer * b, float *length)
fillAacBuffer(b);
tagsize = 0;
- if (!memcmp(b->buffer, "ID3", 3)) {
+ if (b->bytesIntoBuffer >= 10 && !memcmp(b->buffer, "ID3", 3)) {
tagsize = (b->buffer[6] << 21) | (b->buffer[7] << 14) |
(b->buffer[8] << 7) | (b->buffer[9] << 0);
@@ -208,7 +208,8 @@ static void initAacBuffer(InputStream * inStream, AacBuffer * b, float *length)
if (length == NULL)
return;
- if ((b->buffer[0] == 0xFF) && ((b->buffer[1] & 0xF6) == 0xF0)) {
+ if (b->bytesIntoBuffer >= 2 &&
+ (b->buffer[0] == 0xFF) && ((b->buffer[1] & 0xF6) == 0xF0)) {
adtsParse(b, length);
seekInputStream(b->inStream, tagsize, SEEK_SET);