Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-12-04 18:09:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

WV: Stop manually indexing in block parsing

Browse source
This commit is contained in:
Serial 2024-11-19 23:24:39 -05:00 committed by Alex
parent 440cae88c6
commit 46ee9dd56e
4 changed files with 28 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -39,10 +39,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- When skipping invalid frames in `ParsingMode::{BestAttempt, Relaxed}`, the parser will no longer be able to go out of the bounds
of the frame content ([issue](https://github.com/Serial-ATA/lofty-rs/issues/458)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/459))
- **MP4**: Support for flag items (ex. `cpil`) of any size (not just 1 byte) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/457)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/460))
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/476)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/479)):
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/476)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/479)) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/483)):
- **MusePack**: Fix panic when ID3v2 tag sizes exceed the stream length ([issue](https://github.com/Serial-ATA/lofty-rs/issues/470))
- **WAV**: Fix panic when calculating bit depth with abnormally large `bytes_per_sample` ([issue](https://github.com/Serial-ATA/lofty-rs/issues/471))
- **WavPack***: Fix panic when encountering wrongly sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/472))
- **WavPack***: Fix panic when encountering wrongly sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/472)) ([issue](https://github.com/Serial-ATA/lofty-rs/issues/480))
- **WavPack***: Fix panic when encountering zero-sized blocks ([issue](https://github.com/Serial-ATA/lofty-rs/issues/473))
- **MPEG**: Fix panic when APE tags are incorrectly sized ([issue](https://github.com/Serial-ATA/lofty-rs/issues/474))
- **ID3v2**: Fix panic when parsing non-ASCII `TDAT` and `TIME` frames in `TDRC` conversion ([issue](https://github.com/Serial-ATA/lofty-rs/issues/477))

58
lofty/src/wavpack/properties.rs
View file

@ -302,28 +302,19 @@ fn get_extended_meta_info(
block_content: &[u8],
properties: &mut WavPackProperties,
) -> Result<()> {
let mut index = 0;
let block_size = block_content.len();
while index < block_size {
if block_size - index < 2 {
let reader = &mut &block_content[..];
loop {
if reader.len() < 2 {
break;
}
let id = block_content[index];
index += 1;
let mut size = u32::from(block_content[index]) << 1;
index += 1;
let id = reader.read_u8()?;
let mut size = u32::from(reader.read_u8()?) << 1;
let is_large = id & ID_FLAG_LARGE_SIZE > 0;
if is_large {
if block_size - index < 2 {
break;
}
size += u32::from(block_content[index]) << 9;
size += u32::from(block_content[index + 1]) << 17;
index += 2;
size += u32::from(reader.read_u8()?) << 9;
size += u32::from(reader.read_u8()?) << 17;
}
if size == 0 {
@ -334,19 +325,20 @@ fn get_extended_meta_info(
size -= 1;
}
if (size as usize) >= reader.len() {
err!(SizeMismatch);
}
match id & 0x3F {
ID_NON_STANDARD_SAMPLE_RATE => {
properties.sample_rate =
(&mut &block_content[index..]).read_u24::<LittleEndian>()?;
index += 3;
properties.sample_rate = reader.read_u24::<LittleEndian>()?;
},
ID_DSD => {
if size <= 1 {
decode_err!(@BAIL WavPack, "Encountered an invalid DSD block size");
}
let mut rate_multiplier = u32::from(block_content[index]);
index += 1;
let mut rate_multiplier = u32::from(reader.read_u8()?);
if rate_multiplier > 30 {
parse_mode_choice!(
@ -360,62 +352,47 @@ fn get_extended_meta_info(
properties.sample_rate = properties.sample_rate.wrapping_mul(rate_multiplier);
// Skip DSD mode
index += 1;
let _ = reader.read_u8()?;
},
ID_MULTICHANNEL => {
if size <= 1 {
decode_err!(@BAIL WavPack, "Unable to extract channel information");
}
properties.channels = u16::from(block_content[index]);
index += 1;
let reader = &mut &block_content[index..];
properties.channels = u16::from(reader.read_u8()?);
// size - (id length + channel length)
let s = size - 2;
match s {
0 => {
let channel_mask = reader.read_u8()?;
index += 1;
properties.channel_mask = ChannelMask(u32::from(channel_mask));
},
1 => {
let channel_mask = reader.read_u16::<LittleEndian>()?;
index += 2;
properties.channel_mask = ChannelMask(u32::from(channel_mask));
},
2 => {
let channel_mask = reader.read_u24::<LittleEndian>()?;
index += 3;
properties.channel_mask = ChannelMask(channel_mask);
},
3 => {
let channel_mask = reader.read_u32::<LittleEndian>()?;
index += 4;
properties.channel_mask = ChannelMask(channel_mask);
},
4 => {
properties.channels |= u16::from(reader.read_u8()? & 0xF) << 8;
properties.channels += 1;
index += 1;
let channel_mask = reader.read_u24::<LittleEndian>()?;
index += 3;
properties.channel_mask = ChannelMask(channel_mask);
},
5 => {
properties.channels |= u16::from(reader.read_u8()? & 0xF) << 8;
properties.channels += 1;
index += 1;
let channel_mask = reader.read_u32::<LittleEndian>()?;
index += 4;
properties.channel_mask = ChannelMask(channel_mask);
},
@ -423,12 +400,13 @@ fn get_extended_meta_info(
}
},
_ => {
index += size as usize;
let (_, rem) = reader.split_at(size as usize);
*reader = rem;
},
}
if id & ID_FLAG_ODD_SIZE > 0 {
index += 1;
let _ = reader.read_u8()?;
}
}

BIN
lofty/tests/fuzz/assets/wavpackfile_read_from/crash-96407368cf46fbf0ef1285c4d84fbd39a919ef2b_minimized Normal file
View file

Binary file not shown.

8
lofty/tests/fuzz/wavpackfile_read_from.rs
View file

@ -104,3 +104,11 @@ fn panic3() {
);
let _ = WavPackFile::read_from(&mut reader, ParseOptions::default());
}
#[test_log::test]
fn panic4() {
let mut reader = crate::get_reader(
"wavpackfile_read_from/crash-96407368cf46fbf0ef1285c4d84fbd39a919ef2b_minimized",
);
let _ = WavPackFile::read_from(&mut reader, ParseOptions::default());
}