diff options
author | Roman Artiukhin <bahusdrive@gmail.com> | 2024-11-25 12:48:26 +0200 |
---|---|---|
committer | Roman Artiukhin <bahusdrive@gmail.com> | 2024-12-11 11:36:09 +0200 |
commit | f7d5da6b2f77709b01628f45da94f2ceff5b5c20 (patch) | |
tree | a19aa90f4dadb15bbb55cabd818e81fa82e65b9a | |
parent | 18520c27a5bc03c7efffd91be802f7461dfe3711 (diff) | |
download | rockbox-f7d5da6b2f.tar.gz rockbox-f7d5da6b2f.zip |
metadata: mp3: Limit utf-8 buffer stack allocation to prevent stack overflow
Fixes FS#13518
Change-Id: I549ecb21c3dbaba580c13a6a155559585f0aa08e
-rw-r--r-- | lib/rbcodec/metadata/id3tags.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/rbcodec/metadata/id3tags.c b/lib/rbcodec/metadata/id3tags.c index 70be23234f..c355da22da 100644 --- a/lib/rbcodec/metadata/id3tags.c +++ b/lib/rbcodec/metadata/id3tags.c @@ -1116,7 +1116,14 @@ retry_with_limit: { /* UTF-8 could potentially be 3 times larger */ /* so we need to create a new buffer */ - char utf8buf[(3 * bytesread) + 1]; + int utf8_size = (3 * bytesread); + if (utf8_size > ID3V2_BUF_SIZE) + { + //limit stack allocation to avoid stack overflow + utf8_size = ID3V2_BUF_SIZE; + bytesread = ID3V2_BUF_SIZE/3; + } + char utf8buf[utf8_size + 1]; unicode_munge( tag, utf8buf, &bytesread); if(bytesread >= buffersize - bufferpos) bytesread = buffersize - bufferpos - 1; |