Update of /cvsroot/bitcollider/bitcollider/lib
In directory usw-pr-cvs1:/tmp/cvs-serv15974
Modified Files:
id3.c
Log Message:
Added some sanity checking for frame sizes. If the frame size claims to
be larger than the filesize, skip the frame...
Index: id3.c
===================================================================
RCS file: /cvsroot/bitcollider/bitcollider/lib/id3.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -r1.4 -r1.5
*** id3.c 2001/05/09 23:08:29 1.4
--- id3.c 2001/06/14 21:28:09 1.5
***************
*** 200,205 ****
ID3Info *info = NULL;
int ret;
! int size;
! unsigned int frameSize = 0;
inFile = fopen(fileName, "rb");
--- 200,204 ----
ID3Info *info = NULL;
int ret;
! unsigned int size, frameSize = 0, fileSize = 0;
inFile = fopen(fileName, "rb");
***************
*** 207,210 ****
--- 206,213 ----
return NULL;
+ ret = fseek(inFile, 0, SEEK_END);
+ fileSize = ftell(inFile);
+ fseek(inFile, 0, SEEK_SET);
+
ret = fread(&head, 1, sizeof(ID3Header), inFile);
if (ret != sizeof(ID3Header))
***************
*** 230,233 ****
--- 233,244 ----
((head.size[1] & 0x7F) << 14) |
((head.size[0] & 0x7F) << 21);
+
+ // Check to make sure that the size we calculate are sane!
+ if (size > fileSize)
+ {
+ fclose(inFile);
+ return NULL;
+ }
+
if (head.flags & (1 << 6))
{
***************
*** 276,280 ****
frameSize = ntohl(frame_v2_3.size);
}
! if (frameSize == 0)
break;
--- 287,293 ----
frameSize = ntohl(frame_v2_3.size);
}
!
! // If the frame size is funky, skip it and move on
! if (frameSize == 0 || frameSize > fileSize)
break;
|
