#126 wav tag parsing problem - endless loop



minidlna was using 100% CPU on my system. Investigating I found that it was trying to read a wav file.

At one point the chunk size inside that wav was (erroneously) very large (near 2^32) which lead to an integer overflow of current_offset in tagutils-wav.c _get_tags function and hence to an endless loop.



  • Justin Maggard

    Justin Maggard - 2012-03-20
    • assigned_to: nobody --> jmaggard
    • status: open --> open-accepted
  • Justin Maggard

    Justin Maggard - 2012-03-20

    I fixed a couple bugs in that area recently. Can you check with the latest code from CVS?

  • Claudio Bley

    Claudio Bley - 2012-06-24


  • Claudio Bley

    Claudio Bley - 2012-06-24

    I checked out CVS a few days (er, week) ago, but I think there are still problems:

    - tagutils/tagutils-wav.c:103:3: warning: comparison of unsigned expression < 0 is always false [-Wtype-limits]
    - missing assignment to len in tagutils/tagutils-wav.c:114

    So, I took a stab at it and partially reimplemented the wav parser ensuring to read the file sequentially, not using an absolute file position.

    Please have a look at the attached patch which - as I believe - works for any (non-)broken file.


    PS: Sorry for answering so late, but I have little time to spare for programming in my private life.


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks