summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoman Artiukhin <bahusdrive@gmail.com>2024-11-25 12:48:26 +0200
committerRoman Artiukhin <bahusdrive@gmail.com>2024-12-11 11:36:09 +0200
commitf7d5da6b2f77709b01628f45da94f2ceff5b5c20 (patch)
treea19aa90f4dadb15bbb55cabd818e81fa82e65b9a
parent18520c27a5bc03c7efffd91be802f7461dfe3711 (diff)
downloadrockbox-f7d5da6b2f.tar.gz
rockbox-f7d5da6b2f.zip
metadata: mp3: Limit utf-8 buffer stack allocation to prevent stack overflow
Fixes FS#13518 Change-Id: I549ecb21c3dbaba580c13a6a155559585f0aa08e
-rw-r--r--lib/rbcodec/metadata/id3tags.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/rbcodec/metadata/id3tags.c b/lib/rbcodec/metadata/id3tags.c
index 70be23234f..c355da22da 100644
--- a/lib/rbcodec/metadata/id3tags.c
+++ b/lib/rbcodec/metadata/id3tags.c
@@ -1116,7 +1116,14 @@ retry_with_limit:
{
/* UTF-8 could potentially be 3 times larger */
/* so we need to create a new buffer */
- char utf8buf[(3 * bytesread) + 1];
+ int utf8_size = (3 * bytesread);
+ if (utf8_size > ID3V2_BUF_SIZE)
+ {
+ //limit stack allocation to avoid stack overflow
+ utf8_size = ID3V2_BUF_SIZE;
+ bytesread = ID3V2_BUF_SIZE/3;
+ }
+ char utf8buf[utf8_size + 1];
unicode_munge( tag, utf8buf, &bytesread);
if(bytesread >= buffersize - bufferpos)
bytesread = buffersize - bufferpos - 1;