[tracker] tracker-extract: MP3s with ID3v23 tags should not hit infinite loop

From: Martyn James Russell <mr src gnome org>
To: commits-list gnome org
Cc:
Subject: [tracker] tracker-extract: MP3s with ID3v23 tags should not hit infinite loop
Date: Thu, 8 May 2014 11:23:42 +0000 (UTC)

commit a1d73a9582111158b5ea838ef0fd545dc7970c0c
Author: Martyn Russell <martyn lanedo com>
Date:   Mon Apr 28 16:23:31 2014 +0100

    tracker-extract: MP3s with ID3v23 tags should not hit infinite loop
    
    The extraction was using a while() loop with pos < size, but would never be
    FALSE and continued forever. The size is the size of the file, but actually,
    it should be using tsize, which is the tag size.
    
    What was happening, was the while() loop would increment over sizes of +10
    +content-size, but if there was padding, there was no tag frame and so no
    content size and the increment of 10 eventually would step into the RAW MP3
    data.
    
    Fixes:
    https://bugzilla.gnome.org/show_bug.cgi?id=728252
    
    Specification details:
    http://id3.org/id3v2.3.0

 src/tracker-extract/tracker-extract-mp3.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c
index 7dad217..d26ccf3 100644
--- a/src/tracker-extract/tracker-extract-mp3.c
+++ b/src/tracker-extract/tracker-extract-mp3.c
@@ -1778,12 +1778,12 @@ parse_id3v24 (const gchar           *data,
                }
        }
 
-       while (pos < size) {
+       while (pos < tsize) {
                id3v24frame frame;
                size_t csize;
                unsigned short flags;
 
-               if (pos + 10 > size) {
+               if (pos + 10 > tsize) {
                        return;
                }
 
@@ -1906,12 +1906,12 @@ parse_id3v23 (const gchar          *data,
                }
        }
 
-       while (pos < size) {
+       while (pos < tsize) {
                id3v24frame frame;
                size_t csize;
                unsigned short flags;
 
-               if (pos + 10 > size) {
+               if (pos + 10 > tsize) {
                        return;
                }
 
@@ -1933,7 +1933,7 @@ parse_id3v23 (const gchar          *data,
                        continue;
                }
 
-               if (pos + csize > size) {
+               if (pos + csize > tsize) {
                        break;
                } else if (csize == 0) {
                        continue;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]