Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-12-12 13:42:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

MPEG: Fix potential panic in stream length calculation

Browse source
This commit is contained in:
Serial 2024-11-23 15:56:49 -05:00 committed by Alex
parent 013b17dde6
commit 35eb5785a5
4 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -59,6 +59,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- **WavPack***: Fix panic when encountering wrongly sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/472)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/480)) - **WavPack***: Fix panic when encountering wrongly sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/472)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/480))
- **WavPack***: Fix panic when encountering zero-sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/473)) - **WavPack***: Fix panic when encountering zero-sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/473))
- **MPEG**: Fix panic when APE tags are incorrectly sized ([issue](https://github.com/Serial-ATA/lofty-rs/issues/474)) - **MPEG**: Fix panic when APE tags are incorrectly sized ([issue](https://github.com/Serial-ATA/lofty-rs/issues/474))
- **MPEG**: Fix panic when calculating the stream length for files with improperly sized frames ([issue](https://github.com/Serial-ATA/lofty-rs/issues/487))
- **ID3v2**: Fix panic when parsing non-ASCII `TDAT` and `TIME` frames in `TDRC` conversion ([issue](https://github.com/Serial-ATA/lofty-rs/issues/477)) - **ID3v2**: Fix panic when parsing non-ASCII `TDAT` and `TIME` frames in `TDRC` conversion ([issue](https://github.com/Serial-ATA/lofty-rs/issues/477))
- **APE**: Fix panic when parsing incorrectly sized header APE tags ([issue](https://github.com/Serial-ATA/lofty-rs/issues/481)) - **APE**: Fix panic when parsing incorrectly sized header APE tags ([issue](https://github.com/Serial-ATA/lofty-rs/issues/481))

8
lofty/src/mpeg/properties.rs
View file

@ -212,7 +212,13 @@ where
return Ok(()); return Ok(());
}; };
let stream_len = (last_frame_offset + u64::from(last_frame_header.len)) - first_frame_offset; let stream_end = last_frame_offset + u64::from(last_frame_header.len);
if stream_end < first_frame_offset {
// Something is incredibly wrong with this file, just give up
return Ok(());
}
let stream_len = stream_end - first_frame_offset;
if !is_cbr { if !is_cbr {
log::debug!("MPEG: VBR detected"); log::debug!("MPEG: VBR detected");

BIN
lofty/tests/fuzz/assets/mpegfile_read_from/crash-625fdf469a07ca27b291122f8f95f6fce4458ad5_minimized Normal file
View file

Binary file not shown.

7
lofty/tests/fuzz/mpegfile_read_from.rs
View file

@ -33,6 +33,13 @@ fn crash4() {
let _ = MpegFile::read_from(&mut reader, ParseOptions::new()); let _ = MpegFile::read_from(&mut reader, ParseOptions::new());
} }
#[test_log::test]
fn crash5() {
let mut reader =
get_reader("mpegfile_read_from/crash-625fdf469a07ca27b291122f8f95f6fce4458ad5_minimized");
let _ = MpegFile::read_from(&mut reader, ParseOptions::new());
}
#[test_log::test] #[test_log::test]
fn oom1() { fn oom1() {
oom_test::<MpegFile>("mpegfile_read_from/oom-f8730cbfa5682ab12343ccb70de9b71a061ef4d0"); oom_test::<MpegFile>("mpegfile_read_from/oom-f8730cbfa5682ab12343ccb70de9b71a061ef4d0");