'[Bug 92028] crashes when reading tags from a mpc file'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 92028] crashes when reading tags from a mpc file
From:       Scott Wheeler <wheeler () kde ! org>
Date:       2004-10-31 20:31:02
Message-ID: 20041031203102.2080.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
        
http://bugs.kde.org/show_bug.cgi?id=92028        
wheeler kde org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From wheeler kde org  2004-10-31 21:30 -------
CVS commit by wheeler: 

Do bounds checking before assuming that just because we've been told that
there are actually more items that there actually are.

BUG:92028


  M +2 -2      ape-tag-format.txt   1.2
  M +3 -1      apeitem.cpp   1.7
  M +10 -4     apetag.cpp   1.8
  M +6 -0      apetag.h   1.6


--- kdesupport/taglib/ape/ape-tag-format.txt  #1.1:1.2
 @ -88,5 +88,5  @
 |                |         | compatibility)                                 |
 |----------------|---------|------------------------------------------------|
-|Item Count      | 4 bytes | Number of items in the tag                     |
+| Item Count     | 4 bytes | Number of items in the tag                     |
 |----------------|---------|------------------------------------------------|
 | Tag Flags      | 4 bytes | Global flags                                   |
 @ -168,3 +168,3  @
 Sections 5 - 7 haven't yet been converted from:
 
-http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html
\ No newline at end of file
+http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html

--- kdesupport/taglib/ape/apeitem.cpp  #1.6:1.7
 @ -127,5 +127,7  @ bool APE::Item::isEmpty() const
 void APE::Item::parse(const ByteVector &data)
 {
-  if(data.size() < 10) {
+  // 11 bytes is the minimum size for an APE item
+
+  if(data.size() < 11) {
     debug("APE::Item::parse() -- no data in item");
     return;

--- kdesupport/taglib/ape/apetag.cpp  #1.7:1.8
 @ -214,5 +214,5  @ void APE::Tag::read()
 
     d->file->seek(d->tagOffset + Footer::size() - d->footer.tagSize());
-    parse(d->file->readBlock(d->footer.tagSize() - Footer::size()), d->footer.itemCount());
+    parse(d->file->readBlock(d->footer.tagSize() - Footer::size()));
   }
 }
 @ -239,9 +239,16  @ ByteVector APE::Tag::render() const
 }
 
-void APE::Tag::parse(const ByteVector &data, uint count)
+void APE::Tag::parse(const ByteVector &data, uint)
+{
+  parse(data);
+}
+
+void APE::Tag::parse(const ByteVector &data)
 {
   uint pos = 0;
 
-  while(count > 0) {
+  // 11 bytes is the minimum size for an APE item
+
+  for(uint i = 0; i < d->footer.itemCount() && pos <= data.size() - 11; i++) {
     APE::Item item;
     item.parse(data.mid(pos));
 @ -250,5 +257,4  @ void APE::Tag::parse(const ByteVector &d
 
     pos += item.size();
-    count--;
   }
 }

--- kdesupport/taglib/ape/apetag.h  #1.5:1.6
 @ -143,7 +143,13  @ namespace TagLib {
       /*!
        * Parses the body of the tag in \a data with \a count items.
+       * \deprecated Please use the version that doesn't require an item count.
        */
       void parse(const ByteVector &data, uint count);
 
+      /*!
+       * Parses the body of the tag in \a data.
+       */
+      void parse(const ByteVector &data);
+
     private:
       Tag(const Tag &);
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic