Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-11-10 06:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

WAV: Fix panic on improperly sized INFO LISTs

Browse source
This commit is contained in:
Serial 2024-07-14 14:41:48 -04:00 committed by Alex
parent dd9aa76a54
commit 2a7c061e74
4 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -28,7 +28,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- **MP4**:
- Fix panic when reading properties of a file with no timescale specified ([issue](https://github.com/Serial-ATA/lofty-rs/issues/418))
- Fix panics when reading improperly sized freeform atom identifiers ([issue](https://github.com/Serial-ATA/lofty-rs/issues/425)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/426))
- **WAV**: Fix panic when reading properties with large written bytes per second ([issue](https://github.com/Serial-ATA/lofty-rs/issues/420))
- **WAV**:
- Fix panic when reading properties with large written bytes per second ([issue](https://github.com/Serial-ATA/lofty-rs/issues/420))
- Fix panic when reading an improperly sized INFO LIST ([issue](https://github.com/Serial-ATA/lofty-rs/issues/427))
- **Vorbis**: Fix panic when reading properties of a file with large absolute granule positions ([issue](https://github.com/Serial-ATA/lofty-rs/issues/421))
- **FLAC**: Fix panic when reading properties of a file with incorrect block sizes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/422))
- **AIFF**: Fix panic when reading properties of a file with invalid f80 sample rate ([issue](https://github.com/Serial-ATA/lofty-rs/issues/424))

17
lofty/src/iff/wav/read.rs
View file

@ -5,7 +5,7 @@ use crate::config::ParseOptions;
use crate::error::Result;
use crate::id3::v2::tag::Id3v2Tag;
use crate::iff::chunk::Chunks;
use crate::macros::decode_err;
use crate::macros::{decode_err, err};
use std::io::{Read, Seek, SeekFrom};
@ -74,12 +74,25 @@ where
chunks.skip(data)?;
},
b"LIST" => {
let mut size = chunks.size;
if size < 4 {
decode_err!(@BAIL Wav, "Invalid LIST chunk size");
}
let mut list_type = [0; 4];
data.read_exact(&mut list_type)?;
size -= 4;
match &list_type {
b"INFO" if parse_options.read_tags => {
let end = data.stream_position()? + u64::from(chunks.size - 4);
// TODO: We already get the current position above, just keep it up to date and use it here
// to avoid the seeks.
let end = data.stream_position()? + u64::from(size);
if end > file_len {
err!(SizeMismatch);
}
super::tag::read::parse_riff_info(data, &mut chunks, end, &mut riff_info)?;
},
_ => {

BIN
lofty/tests/fuzz/assets/wavfile_read_from/2_IDX_63_RAND_104275228651573584855676.wav Executable file
View file

Binary file not shown.

7
lofty/tests/fuzz/wavfile_read_from.rs
View file

@ -14,3 +14,10 @@ fn panic1() {
crate::get_reader("wavfile_read_from/2_IDX_0_RAND_85629492689553753214598.wav");
let _ = WavFile::read_from(&mut reader, ParseOptions::new());
}
#[test]
fn panic2() {
let mut reader =
crate::get_reader("wavfile_read_from/2_IDX_63_RAND_104275228651573584855676.wav");
let _ = WavFile::read_from(&mut reader, ParseOptions::new());
}