[mad-dev] Initite loop bug in libid3tag-0.15.0b
Rahul Banerjee
rahulbec at gmail.com
Tue Jan 29 18:49:36 PST 2008
Hi,
I am new to the usage of this mad library. I have a question regarding this.
Is the fast forward playback of mp3 is supported with this library?
Thanks and Regards,
Rahul Banerjee
On 1/13/08, Kentaro Oda <odaken at gmail.com> wrote:
>
> Hi, for the maintainer libid3tag.
>
> I found an infinite loop bug in libid3tag-0.15.0b library, which
> causes memory overflow.
>
> The problem occurs when parsing an ID3_FIELD_TYPE_STRINGLIST field,
> specifically when data to be parsed is ended with '\0'.
> In this case, **ptr == 0, but the condition end - *ptr is 1 so loop
> continues infinitely.
>
>
> *** field.c 2003-04-19 09:14:33.000000000 +0900
> --- field-patched.c 2008-01-13 16:08:22.000000000 +0900
> ***************
> *** 291,297 ****
>
> end = *ptr + length;
>
> ! while (end - *ptr > 0) {
> ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
> if (ucs4 == 0)
> goto fail;
> --- 291,297 ----
>
> end = *ptr + length;
>
> ! while (end - *ptr > 0 && **ptr != '\0') {
> ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
> if (ucs4 == 0)
> goto fail;
>
>
> --
> Kentaro Oda
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /mailman/public/mad-dev/attachments/20080130/223647dc/attachment.html
More information about the mad-dev
mailing list