mirror/opustags
1
0
Fork 0
mirror of https://github.com/fmang/opustags.git synced 2025-03-14 08:30:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

ogg: fix wrapping loop issue for comment_count

Browse Source 
since the number of remaining bytes keeps decreasing, it wouldn't cause
infinite looping, but it would allow an indefinite number of comments (more
than 2^32)
This commit is contained in:
Frédéric Mangano 2016-03-04 15:02:17 +01:00
parent 0e2b1fec9c
commit 4cd0e34d0d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/ogg.cc
View File

@ -110,12 +110,13 @@ void ogg::Stream::parse_opustags(const ogg_packet &op)
// User comments count
if (remaining < 4)
throw std::runtime_error("no space for user comment list length");
uint32_t comment_count = le32toh(*reinterpret_cast<uint32_t*>(data));
long comment_count = le32toh(*reinterpret_cast<uint32_t*>(data));
data += 4;
remaining -= 4;
// Actual comments
for (uint32_t i = 0; i < comment_count; i++) {
// We iterate on a long type to prevent infinite looping when comment_count == UINT32_MAX.
for (long i = 0; i < comment_count; i++) {
if (remaining < 4)
throw std::runtime_error("no space for user comment length");
uint32_t comment_length = le32toh(*reinterpret_cast<uint32_t*>(data));