mirror of
https://github.com/Serial-ATA/lofty-rs
synced 2024-11-10 06:34:18 +00:00
FLAC: Return early when encountering invalid zero-sized blocks
This commit is contained in:
parent
5e35896dff
commit
19cef0400e
4 changed files with 17 additions and 2 deletions
|
@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
- **MP3/APE**: Stop trusting the lengths of APE tag items (Fixes OOM)
|
||||
- **PictureInformation**: Fix potential overflow on an invalid picture
|
||||
- **MP4**: The parser has received a major facelift, and shouldn't be so eager to allocate or trust user data (Fixes OOM)
|
||||
- **FLAC**: Return early when encountering invalid zero-sized blocks
|
||||
|
||||
## [0.7.1] - 2022-07-08
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ impl Block {
|
|||
let last = (byte & 0x80) != 0;
|
||||
let ty = byte & 0x7F;
|
||||
|
||||
let size = data.read_uint::<BigEndian>(3)? as u32;
|
||||
let size = data.read_u24::<BigEndian>()?;
|
||||
|
||||
let mut content = try_vec![0; size as usize];
|
||||
data.read_exact(&mut content)?;
|
||||
|
|
|
@ -87,6 +87,14 @@ where
|
|||
let block = Block::read(data)?;
|
||||
last_block = block.last;
|
||||
|
||||
if block.content.is_empty() && (block.ty != 1 && block.ty != 3) {
|
||||
return Err(FileDecodingError::new(
|
||||
FileType::FLAC,
|
||||
"Encountered a zero-sized metadata block",
|
||||
)
|
||||
.into());
|
||||
}
|
||||
|
||||
match block.ty {
|
||||
#[cfg(feature = "vorbis_comments")]
|
||||
4 => read_comments(&mut &*block.content, &mut tag)?,
|
||||
|
|
|
@ -1 +1,7 @@
|
|||
// TODO
|
||||
use crate::oom_test;
|
||||
use lofty::flac::FlacFile;
|
||||
|
||||
#[test]
|
||||
fn oom1() {
|
||||
oom_test::<FlacFile>("flacfile_read_from/oom-9268264e9bc5e2124e4d63cbff8cff0b0dec6644");
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue