Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-11-10 06:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

Vorbis: Fix multiply with overflow panic

Browse source
This commit is contained in:
Serial 2024-07-09 19:51:06 -04:00 committed by Alex
parent 1e8dbf4295
commit 60bd996e72
5 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -25,6 +25,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/TODO)):
- **Vorbis**: Fix panic when reading properties of a file with large absolute granule positions ([issue](https://github.com/Serial-ATA/lofty-rs/issues/421))
- **FLAC**: Fix panic when reading properties of a file with incorrect block sizes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/422))
## [0.20.1] - 2024-07-02

7
lofty/src/ogg/vorbis/properties.rs
View file

@ -96,7 +96,7 @@ where
let mut properties = VorbisProperties::default();
// It's impossible to get this far without the identification packet, safe to unwrap
let first_packet = packets.get(0).unwrap();
let first_packet = packets.get(0).expect("Identification packet expected");
// Skip identification header
let first_page_content = &mut &first_packet[7..];
@ -121,11 +121,12 @@ where
let last_page_abgp = last_page.header().abgp;
if properties.sample_rate > 0 {
let total_samples = last_page_abgp.saturating_sub(first_page_abgp);
let total_samples = last_page_abgp.saturating_sub(first_page_abgp) as u128;
// Best case scenario
if total_samples > 0 {
length = (total_samples * 1000).div_round(u64::from(properties.sample_rate));
length =
(total_samples * 1000).div_round(u128::from(properties.sample_rate)) as u64;
properties.duration = Duration::from_millis(length);
} else {
log::warn!(

2
lofty/src/util/math.rs
View file

@ -23,7 +23,7 @@ macro_rules! unsigned_rounded_division {
};
}
unsigned_rounded_division!(u8, u16, u32, u64, usize);
unsigned_rounded_division!(u8, u16, u32, u64, u128, usize);
#[cfg(test)]
mod tests {

BIN
lofty/tests/fuzz/assets/vorbisfile_read_from/order01d_IDX_32_RAND_22064097693866277502540.ogg Executable file
View file

Binary file not shown.

9
lofty/tests/fuzz/vorbisfile_read_from.rs
View file

@ -1,7 +1,16 @@
use crate::oom_test;
use lofty::config::ParseOptions;
use lofty::file::AudioFile;
use lofty::ogg::VorbisFile;
#[test]
fn oom1() {
oom_test::<VorbisFile>("vorbisfile_read_from/oom-436193bc2d1664b74c19720bef08697d03284f06");
}
#[test]
fn panic1() {
let mut reader =
crate::get_reader("vorbisfile_read_from/order01d_IDX_32_RAND_22064097693866277502540.ogg");
let _ = VorbisFile::read_from(&mut reader, ParseOptions::new());
}