I ran into a crash using TagLib with an m4a audio file.
<div><br></div><div>Here's the stack:</div><div><div><br></div><div>tagd.dll!std::_Debug_range<std::_Vector_const_iterator<char,std::allocator<char> > >(std::_Vector_const_iterator<char,std::allocator<char> > _First=0x61 'a', std::_Vector_const_iterator<char,std::allocator<char> > _Last=0x00, const wchar_t * _File=0x635cbef8, unsigned int _Line=0x000003a5) Line 1598 + 0x57 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
<div>tagd.dll!std::vector<char,std::allocator<char> >::_Insert<std::_Vector_const_iterator<char,std::allocator<char> > >(std::_Vector_const_iterator<char,std::allocator<char> > _Where=..., std::_Vector_const_iterator<char,std::allocator<char> > _First=0x61 'a', std::_Vector_const_iterator<char,std::allocator<char> > _Last=0x00, std::forward_iterator_tag __formal={...}) Line 933 + 0x45 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
<div>tagd.dll!std::vector<char,std::allocator<char> >::insert<std::_Vector_const_iterator<char,std::allocator<char> > >(std::_Vector_const_iterator<char,std::allocator<char> > _Where=..., std::_Vector_const_iterator<char,std::allocator<char> > _First=0x61 'a', std::_Vector_const_iterator<char,std::allocator<char> > _Last=0x00) Line 890<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
<div>tagd.dll!TagLib::ByteVector::mid(unsigned int index=0x00000010, unsigned int length=0xfffffff9) Line 369 + 0xf9 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div><div>tagd.dll!TagLib::MP4::Tag::parseData(TagLib::MP4::Atom * atom=0x0255f738, TagLib::File * file=0x03a9e84c, int expectedFlags=0xffffffff, bool freeForm=false) Line 122 + 0x1d bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
<div>tagd.dll!TagLib::MP4::Tag::parseGnre(TagLib::MP4::Atom * atom=0x0255f738, TagLib::File * file=0x03a9e84c) Line 143 + 0x18 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div><div>tagd.dll!TagLib::MP4::Tag::Tag(TagLib::File * file=0x03a9e84c, TagLib::MP4::Atoms * atoms=0x0255a158) Line 78 + 0x10 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
<div>tagd.dll!TagLib::MP4::File::read(bool readProperties=true, TagLib::AudioProperties::ReadStyle audioPropertiesStyle=Fast) Line 123 + 0x30 bytes<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div><div>
tagd.dll!TagLib::MP4::File::File(TagLib::FileName file={...}, bool readProperties=true, TagLib::AudioProperties::ReadStyle audioPropertiesStyle=Fast) Line 73<span class="Apple-tab-span" style="white-space:pre"> </span>C++</div>
</div><div><br></div><div>There's two problems:</div><div>- The obvious one is that ByteVector ByteVector::mid(uint index, uint length) const doesn't validate length, which can result in invalid iterators being passed into the STL insert function. I have attached a patch to check for that problem that seems to work fine. Can someone please verify and check it into the source tree?</div>
<div>- The root cause of this is why the value of length is bad in the first place. I don't see the calling code validating it anywhere, so I don't know if that's intentional. It might be that the audio file itself is corrupt but I'm happy to provide it if anyone wants to look into this more.</div>
<div><br></div><div>Thanks,</div><div>Viraj</div>