[1/2] id3v2: explicitly seek to the end of the tag after reading

Message ID 1300172063-14628-1-git-send-email-anton@khirnov.net
State Superseded
Headers show

Commit Message

Anton Khirnov March 15, 2011, 6:54 a.m.
Current code might stop in the middle of an invalid tag.

fixes issue2650
---
 libavformat/id3v2.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

Comments

Kostya Shishkov March 15, 2011, 11:37 a.m. | #1
On Tue, Mar 15, 2011 at 07:54:21AM +0100, Anton Khirnov wrote:
> Current code might stop in the middle of an invalid tag.
> 
> fixes issue2650
> ---
>  libavformat/id3v2.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)

looks reasonable
Justin Ruggles March 15, 2011, 6:23 p.m. | #2
On 03/15/2011 02:54 AM, Anton Khirnov wrote:

> Current code might stop in the middle of an invalid tag.
> 
> fixes issue2650
> ---
>  libavformat/id3v2.c |    3 ++-
>  1 files changed, 2 insertions(+), 1 deletions(-)
> 
> diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
> index 76c7124..46648d5 100644
> --- a/libavformat/id3v2.c
> +++ b/libavformat/id3v2.c
> @@ -140,7 +140,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
>  {
>      int isv34, tlen, unsync;
>      char tag[5];
> -    int64_t next;
> +    int64_t next, end = avio_tell(s->pb) + len;
>      int taghdrlen;
>      const char *reason;
>      AVIOContext pb;
> @@ -240,6 +240,7 @@ static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
>      if (version == 4 && flags & 0x10) /* Footer preset, always 10 bytes, skip over it */
>          avio_seek(s->pb, 10, SEEK_CUR);
>  
> +    avio_seek(s->pb, end, SEEK_SET);
>      av_free(buffer);
>      return;


What about the footer?  That appears to come after 'len' bytes?  Or am I
just missing something?

-Justin

Patch

diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 76c7124..46648d5 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -140,7 +140,7 @@  static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
 {
     int isv34, tlen, unsync;
     char tag[5];
-    int64_t next;
+    int64_t next, end = avio_tell(s->pb) + len;
     int taghdrlen;
     const char *reason;
     AVIOContext pb;
@@ -240,6 +240,7 @@  static void ff_id3v2_parse(AVFormatContext *s, int len, uint8_t version, uint8_t
     if (version == 4 && flags & 0x10) /* Footer preset, always 10 bytes, skip over it */
         avio_seek(s->pb, 10, SEEK_CUR);
 
+    avio_seek(s->pb, end, SEEK_SET);
     av_free(buffer);
     return;