summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWilliam Wilgus <wilgus.william@gmail.com>2021-08-01 22:26:05 -0400
committerWilliam Wilgus <wilgus.william@gmail.com>2021-08-01 22:29:14 -0400
commit247731fe8c1bdf8c18605ba0844072ed0c5568da (patch)
tree88b31e590105337c879bcc45aff0a91cde4c27e1
parent2346a7aa6dbba06118d09220a9ec5893cfb5ff0c (diff)
downloadrockbox-247731fe8c1bdf8c18605ba0844072ed0c5568da.tar.gz
rockbox-247731fe8c1bdf8c18605ba0844072ed0c5568da.tar.bz2
rockbox-247731fe8c1bdf8c18605ba0844072ed0c5568da.zip
id3tags.c check for buffer overrun
Change-Id: I74fde8e234fe85abfabefddcea7f10038167c715
-rw-r--r--lib/rbcodec/metadata/id3tags.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/rbcodec/metadata/id3tags.c b/lib/rbcodec/metadata/id3tags.c
index c3a0473e7e..458e24cf61 100644
--- a/lib/rbcodec/metadata/id3tags.c
+++ b/lib/rbcodec/metadata/id3tags.c
@@ -970,6 +970,9 @@ void setid3v2title(int fd, struct mp3entry *entry)
if((tr->tag_length == 4 && !memcmp( header, "COMM", 4)) ||
(tr->tag_length == 3 && !memcmp( header, "COM", 3))) {
int offset;
+ if (buffersize - bufferpos <= 4)
+ return; /* Error ?? */
+
if(bytesread >= 8 && !strncmp(tag+4, "iTun", 4)) {
/* check for iTunes gapless information */
if(bytesread >= 12 && !strncmp(tag+4, "iTunSMPB", 8))