diff options
author | William Wilgus <wilgus.william@gmail.com> | 2021-08-11 21:58:32 -0400 |
---|---|---|
committer | William Wilgus <wilgus.william@gmail.com> | 2021-08-11 22:06:15 -0400 |
commit | 7aa0e0a898091dca8cf8e69ace23b57e9a1e7129 (patch) | |
tree | 572d30e87d22460cd92c1ff9ae005bef667d0a77 | |
parent | d8bec3da63f5db2d4d8c3831b116373f773b9136 (diff) |
metadata/asf.c ensure variable init & add sanity checks
Change-Id: If4432549b843cafb000c3fedee12184d75da595b
-rw-r--r-- | lib/rbcodec/metadata/asf.c | 44 |
1 files changed, 28 insertions, 16 deletions
diff --git a/lib/rbcodec/metadata/asf.c b/lib/rbcodec/metadata/asf.c index 13e193ae35..d90487b36b 100644 --- a/lib/rbcodec/metadata/asf.c +++ b/lib/rbcodec/metadata/asf.c @@ -104,16 +104,21 @@ static int asf_guid_match(const guid_t *guid1, const guid_t *guid2) /* Read the 16 byte GUID from a file */ static void asf_readGUID(int fd, guid_t* guid) { - read_uint32le(fd, &guid->v1); - read_uint16le(fd, &guid->v2); - read_uint16le(fd, &guid->v3); - read(fd, guid->v4, 8); + int bytes; + bytes = read_uint32le(fd, &guid->v1); + bytes += read_uint16le(fd, &guid->v2); + bytes += read_uint16le(fd, &guid->v3); + bytes += read(fd, guid->v4, 8); + if (bytes != sizeof(guid_t)) + memset(guid, 0, sizeof(guid_t)); } static void asf_read_object_header(asf_object_t *obj, int fd) { asf_readGUID(fd, &obj->guid); - read_uint64le(fd, &obj->size); + + if (read_uint64le(fd, &obj->size) != sizeof (uint64_t)) + obj->size = 0; obj->datalen = 0; } @@ -122,24 +127,28 @@ static void asf_read_object_header(asf_object_t *obj, int fd) */ static int asf_intdecode(int fd, int type, int length) { + int bytes = 0; + int ret; uint16_t tmp16; uint32_t tmp32; uint64_t tmp64; if (type == 3) { - read_uint32le(fd, &tmp32); - lseek(fd,length - 4,SEEK_CUR); - return (int)tmp32; + bytes = read_uint32le(fd, &tmp32); + ret = (int)tmp32; } else if (type == 4) { - read_uint64le(fd, &tmp64); - lseek(fd,length - 8,SEEK_CUR); - return (int)tmp64; + bytes = read_uint64le(fd, &tmp64); + ret = (int)tmp64; } else if (type == 5) { - read_uint16le(fd, &tmp16); - lseek(fd,length - 2,SEEK_CUR); - return (int)tmp16; + bytes = read_uint16le(fd, &tmp16); + ret = (int)tmp16; } + if (bytes > 0) + { + lseek(fd,length - bytes, SEEK_CUR); + return ret; + } return 0; } @@ -482,13 +491,16 @@ static int asf_parse_header(int fd, struct mp3entry* id3, asf_utf16LEdecode(fd, length, &id3buf, &id3buf_remaining); #ifdef HAVE_ALBUMART } else if (!strcmp("WM/Picture", utf8buf)) { - uint32_t datalength, strlength; + uint32_t datalength = 0; + uint32_t strlength; /* Expected is either "01 00 xx xx 03 yy yy yy yy" or * "03 yy yy yy yy". xx is the size of the WM/Picture * container in bytes. yy equals the raw data length of * the embedded image. */ lseek(fd, -4, SEEK_CUR); - read(fd, &type, 1); + if (read(fd, &type, 1) != 1) + type = 0; + if (type == 1) { lseek(fd, 3, SEEK_CUR); read(fd, &type, 1); |