[PATCH] make sure to get to the end of an id3v2 tag, even if =
David Byron none
dbyron
Thu Sep 9 07:53:42 CEST 2010
something in the tag is bogus=0A=
=0A=
---=0A=
libavformat/id3v2.c | 16 +++++++++++++++-=0A=
1 files changed, 15 insertions(+), 1 deletions(-)=0A=
=0A=
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c=0A=
index 877e37d..26458c8 100644=0A=
--- a/libavformat/id3v2.c=0A=
+++ b/libavformat/id3v2.c=0A=
@@ -171,6 +171,11 @@ void ff_id3v2_parse(AVFormatContext *s, int len, =
uint8_t version, uint8_t flags)=0A=
ByteIOContext pb;=0A=
unsigned char *buffer =3D NULL;=0A=
int buffer_size =3D 0;=0A=
+ int64_t end_of_tag;=0A=
+=0A=
+ /* Figure out where the end of the tag is and make sure=0A=
+ we get there even if we find something bogus */=0A=
+ end_of_tag =3D len + url_ftell(s->pb);=0A=
=0A=
switch (version) {=0A=
case 2:=0A=
@@ -218,8 +223,11 @@ void ff_id3v2_parse(AVFormatContext *s, int len, =
uint8_t version, uint8_t flags)=0A=
}=0A=
len -=3D taghdrlen + tlen;=0A=
=0A=
- if (len < 0)=0A=
+ if (len < 0) {=0A=
+ av_log(s, AV_LOG_INFO, "\"%s\": bogus tag length: %d\n",=0A=
+ s->filename, tlen);=0A=
break;=0A=
+ }=0A=
=0A=
next =3D url_ftell(s->pb) + tlen;=0A=
=0A=
@@ -257,6 +265,12 @@ void ff_id3v2_parse(AVFormatContext *s, int len, =
uint8_t version, uint8_t flags)=0A=
if (version =3D=3D 4 && flags & 0x10) /* Footer preset, always 10 =
bytes, skip over it */=0A=
url_fskip(s->pb, 10);=0A=
=0A=
+ /* Make sure to get to the end of the tag. If we give=0A=
+ up parsing early because of an invalid frame we won't=0A=
+ otherwise and could misinterpret remaining bytes as=0A=
+ audio. */=0A=
+ url_fseek(s->pb, end_of_tag, SEEK_SET);=0A=
+=0A=
av_free(buffer);=0A=
return;=0A=
=0A=
-- =0A=
1.6.0.4=0A=
=0A=
------=_NextPart_000_047F_01CB5328.EA4AF7D0--
More information about the ffmpeg-devel
mailing list