Vorbis: Fix multiply with overflow panic

This commit is contained in:
Serial 2024-07-09 19:51:06 -04:00 committed by Alex
parent 1e8dbf4295
commit 60bd996e72
5 changed files with 15 additions and 4 deletions

View file

@ -25,6 +25,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Fixed ### Fixed
- **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/TODO)): - **Fuzzing** (Thanks [@qarmin](https://github.com/qarmin)!) ([PR](https://github.com/Serial-ATA/lofty-rs/pull/TODO)):
- **Vorbis**: Fix panic when reading properties of a file with large absolute granule positions ([issue](https://github.com/Serial-ATA/lofty-rs/issues/421))
- **FLAC**: Fix panic when reading properties of a file with incorrect block sizes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/422)) - **FLAC**: Fix panic when reading properties of a file with incorrect block sizes ([issue](https://github.com/Serial-ATA/lofty-rs/issues/422))
## [0.20.1] - 2024-07-02 ## [0.20.1] - 2024-07-02

View file

@ -96,7 +96,7 @@ where
let mut properties = VorbisProperties::default(); let mut properties = VorbisProperties::default();
// It's impossible to get this far without the identification packet, safe to unwrap // It's impossible to get this far without the identification packet, safe to unwrap
let first_packet = packets.get(0).unwrap(); let first_packet = packets.get(0).expect("Identification packet expected");
// Skip identification header // Skip identification header
let first_page_content = &mut &first_packet[7..]; let first_page_content = &mut &first_packet[7..];
@ -121,11 +121,12 @@ where
let last_page_abgp = last_page.header().abgp; let last_page_abgp = last_page.header().abgp;
if properties.sample_rate > 0 { if properties.sample_rate > 0 {
let total_samples = last_page_abgp.saturating_sub(first_page_abgp); let total_samples = last_page_abgp.saturating_sub(first_page_abgp) as u128;
// Best case scenario // Best case scenario
if total_samples > 0 { if total_samples > 0 {
length = (total_samples * 1000).div_round(u64::from(properties.sample_rate)); length =
(total_samples * 1000).div_round(u128::from(properties.sample_rate)) as u64;
properties.duration = Duration::from_millis(length); properties.duration = Duration::from_millis(length);
} else { } else {
log::warn!( log::warn!(

View file

@ -23,7 +23,7 @@ macro_rules! unsigned_rounded_division {
}; };
} }
unsigned_rounded_division!(u8, u16, u32, u64, usize); unsigned_rounded_division!(u8, u16, u32, u64, u128, usize);
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {

View file

@ -1,7 +1,16 @@
use crate::oom_test; use crate::oom_test;
use lofty::config::ParseOptions;
use lofty::file::AudioFile;
use lofty::ogg::VorbisFile; use lofty::ogg::VorbisFile;
#[test] #[test]
fn oom1() { fn oom1() {
oom_test::<VorbisFile>("vorbisfile_read_from/oom-436193bc2d1664b74c19720bef08697d03284f06"); oom_test::<VorbisFile>("vorbisfile_read_from/oom-436193bc2d1664b74c19720bef08697d03284f06");
} }
#[test]
fn panic1() {
let mut reader =
crate::get_reader("vorbisfile_read_from/order01d_IDX_32_RAND_22064097693866277502540.ogg");
let _ = VorbisFile::read_from(&mut reader, ParseOptions::new());
}