From 35db88affe5d158c1bfda46e4cd0f8c69db4426d Mon Sep 17 00:00:00 2001 From: Jan Brittenson Date: Mon, 22 Dec 2014 22:26:55 -0800 Subject: DSF ID3 tags hitting 4k size limit Here's a change to dynamically allocate the DSD ID3 tag buffer. Pretty much anything with cover art is going to exceed the existing, static 4k limit... Here's a change to dynamically allocate the buffer and sanity check it at some upper limit. I rather arbitrarily pulled 256k out of thin air just to keep a corrupt file from causing it to trying to allocate a buffer larger than available memory. --- src/decoder/plugins/DsdLib.cxx | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 8892ed387..0436b9c3f 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -29,6 +29,7 @@ #include "input/InputStream.hxx" #include "tag/TagId3.hxx" #include "util/Error.hxx" +#include "util/Alloc.hxx" #include @@ -123,22 +124,27 @@ dsdlib_tag_id3(InputStream &is, const id3_length_t count = size - offset; - /* Check and limit id3 tag size to prevent a stack overflow */ - id3_byte_t dsdid3[4096]; - if (count == 0 || count > sizeof(dsdid3)) + if (count < 10 || count > 256*1024) return; - if (!decoder_read_full(nullptr, is, dsdid3, count)) + id3_byte_t *const id3_buf = static_cast(xalloc(count)); + + if (!decoder_read_full(nullptr, is, id3_buf, count)) { + free(id3_buf); return; + } - struct id3_tag *id3_tag = id3_tag_parse(dsdid3, count); - if (id3_tag == nullptr) + struct id3_tag *id3_tag = id3_tag_parse(id3_buf, count); + if (id3_tag == nullptr) { + free(id3_buf); return; + } scan_id3_tag(id3_tag, handler, handler_ctx); id3_tag_delete(id3_tag); + free(id3_buf); return; } #endif -- cgit v1.2.3 From b9c7771830dbecd7278ae6c883b4590f909cb881 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Tue, 23 Dec 2014 10:08:46 +0100 Subject: decoder/DsdLib: add missing stdlib.h include --- src/decoder/plugins/DsdLib.cxx | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx index 0436b9c3f..7321261f6 100644 --- a/src/decoder/plugins/DsdLib.cxx +++ b/src/decoder/plugins/DsdLib.cxx @@ -32,6 +32,7 @@ #include "util/Alloc.hxx" #include +#include #ifdef HAVE_ID3TAG #include -- cgit v1.2.3 From 43da4c0ecaf23ebb7b282bdfe3b5c6bfc3ab6c41 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Tue, 23 Dec 2014 20:34:45 +0100 Subject: input/mms: limit the mmsx_read() size --- src/input/plugins/MmsInputPlugin.cxx | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src') diff --git a/src/input/plugins/MmsInputPlugin.cxx b/src/input/plugins/MmsInputPlugin.cxx index 1aed9c662..df291bc84 100644 --- a/src/input/plugins/MmsInputPlugin.cxx +++ b/src/input/plugins/MmsInputPlugin.cxx @@ -92,6 +92,13 @@ input_mms_open(const char *url, size_t MmsInputStream::ThreadRead(void *ptr, size_t read_size, Error &error) { + /* unfortunately, mmsx_read() blocks until the whole buffer + has been filled; to avoid big latencies, limit the size of + each chunk we read to a reasonable size */ + constexpr size_t MAX_CHUNK = 16384; + if (read_size > MAX_CHUNK) + read_size = MAX_CHUNK; + int nbytes = mmsx_read(nullptr, mms, (char *)ptr, read_size); if (nbytes <= 0) { if (nbytes < 0) -- cgit v1.2.3