ref: 9fd9c7b9e579e2ce4de4ee63a28c0ab04459ca13
parent: 5e7d1c7c613f0d46b9266a43b941d33ea8d88d32
author: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se>
date: Tue Mar 5 20:31:09 EST 2024
id3v2: avoid going too far within the buffer when searching for a sync word to calculate duration
--- a/id3v2.c
+++ b/id3v2.c
@@ -377,7 +377,7 @@
int sz, exsz, framesz;
int ver, unsync, offset;
int newpos, oldpos;
- uint8_t d[10], *b;
+ uint8_t d[10], *b, *e;
if(ctx->read(ctx, d, sizeof(d)) != sizeof(d))
return -1;
@@ -458,6 +458,7 @@
offset = ctx->seek(ctx, sz, 1);
sz = ctx->bufsz <= 2048 ? ctx->bufsz : 2048;
+ e = (uint8_t*)ctx->buf + sz - 3;
b = nil;
for(exsz = 0; exsz < 2048; exsz += sz){if(ctx->read(ctx, ctx->buf, sz) != sz)
@@ -471,7 +472,7 @@
goto header;
}
}
- for(b = (uint8_t*)ctx->buf; (b = memchr(b, 0xff, sz-3)) != nil; b++){+ for(b = (uint8_t*)ctx->buf; b < e && (b = memchr(b, 0xff, e-b)) != nil; b++){ if((b[1] & 0xe0) == 0xe0){offset = ctx->seek(ctx, (char*)b - ctx->buf + offset + exsz, 0);
exsz = 2048;