Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-11-10 06:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

AAC: Fix overflow on tag size mismatches

Browse source
This commit is contained in:
Serial 2024-08-24 12:45:06 -04:00 committed by Alex
parent 9c967f6333
commit 34238b5ec1
4 changed files with 28 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
lofty/src/aac/read.rs
View file

@ -5,7 +5,7 @@ use crate::error::Result;
use crate::id3::v2::header::Id3v2Header; use crate::id3::v2::header::Id3v2Header;
use crate::id3::v2::read::parse_id3v2; use crate::id3::v2::read::parse_id3v2;
use crate::id3::{find_id3v1, ID3FindResults}; use crate::id3::{find_id3v1, ID3FindResults};
use crate::macros::{decode_err, parse_mode_choice}; use crate::macros::{decode_err, err, parse_mode_choice};
use crate::mpeg::header::{cmp_header, search_for_frame_sync, HeaderCmpResult}; use crate::mpeg::header::{cmp_header, search_for_frame_sync, HeaderCmpResult};
use std::io::{Read, Seek, SeekFrom}; use std::io::{Read, Seek, SeekFrom};
@ -46,7 +46,11 @@ where
let header = Id3v2Header::parse(reader)?; let header = Id3v2Header::parse(reader)?;
let skip_footer = header.flags.footer; let skip_footer = header.flags.footer;
stream_len -= u64::from(header.size); let Some(new_stream_len) = stream_len.checked_sub(u64::from(header.size)) else {
err!(SizeMismatch);
};
stream_len = new_stream_len;
if parse_options.read_tags { if parse_options.read_tags {
let id3v2 = parse_id3v2(reader, header, parse_options)?; let id3v2 = parse_id3v2(reader, header, parse_options)?;
@ -67,7 +71,11 @@ where
if skip_footer { if skip_footer {
log::debug!("Skipping ID3v2 footer"); log::debug!("Skipping ID3v2 footer");
stream_len -= 10; let Some(new_stream_len) = stream_len.checked_sub(10) else {
err!(SizeMismatch);
};
stream_len = new_stream_len;
reader.seek(SeekFrom::Current(10))?; reader.seek(SeekFrom::Current(10))?;
} }
@ -99,7 +107,11 @@ where
let ID3FindResults(header, id3v1) = find_id3v1(reader, parse_options.read_tags)?; let ID3FindResults(header, id3v1) = find_id3v1(reader, parse_options.read_tags)?;
if header.is_some() { if header.is_some() {
stream_len -= 128; let Some(new_stream_len) = stream_len.checked_sub(128) else {
err!(SizeMismatch);
};
stream_len = new_stream_len;
file.id3v1_tag = id3v1; file.id3v1_tag = id3v1;
} }

11
lofty/tests/fuzz/aacfile_read_from.rs Normal file
View file

@ -0,0 +1,11 @@
use lofty::aac::AacFile;
use lofty::config::ParseOptions;
use lofty::file::AudioFile;
#[test]
fn panic1() {
let mut reader = crate::get_reader(
"aacfile_read_from/01 - aalborg_IDX_9_RAND_168952727934877251846138.mp3",
);
let _ = AacFile::read_from(&mut reader, ParseOptions::new());
}

BIN
lofty/tests/fuzz/assets/aacfile_read_from/01 - aalborg_IDX_9_RAND_168952727934877251846138.mp3 Executable file
View file

Binary file not shown.

1
lofty/tests/fuzz/main.rs
View file

@ -6,6 +6,7 @@ use std::path::Path;
use std::thread; use std::thread;
use std::time::Instant; use std::time::Instant;
mod aacfile_read_from;
mod aifffile_read_from; mod aifffile_read_from;
mod flacfile_read_from; mod flacfile_read_from;
mod id3v2; mod id3v2;