<div>Sorry for the wording. I am running taglib on a much slower machine. A large loop count like it would never stop.</div><div><br></div><div>The attached patch has added checks from the suggestion.</div><div><br></div>Best Regards,<div>
Frank Lai<br><br><div class="gmail_quote">2011/6/8 Lukáš Lalinský <span dir="ltr"><<a href="mailto:lalinsky@gmail.com">lalinsky@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div></div><div class="h5">On Tue, Jun 7, 2011 at 6:09 PM, Frank Lai <<a href="mailto:frank.franklai@gmail.com">frank.franklai@gmail.com</a>> wrote:<br>
> Hi all,<br>
> I got an invalid ogg file causes infinite loop. The reason is xiph comment<br>
> field count is very large (of course wrong value). The attached patch adds a<br>
> check before parse loop (comment count cannot > data size).<br>
> If the comment count just less than data size but a large value, the loop<br>
> still takes a little time to finish. Wondering if there is a better<br>
> solution.<br>
<br>
</div></div>I wondering how can this cause an infinite loop. From what I see, each<br>
iteration increases the i variable, so it should read commentFields<br>
eventually.<br>
<br>
Anyway, to filter out obviously wrong comments, you can use<br>
"(data.size() - 8) / 4" to further restrict the value, which is the<br>
minimal required size if all the fields are empty. The rest of the<br>
code pretty much the data is correct too, so there are other checks<br>
that could be added inside the loop:<br>
<br>
- Check if pos < data.size().<br>
- Check if commentSeparatorPosition is not -1.<br>
<br>
Lukas<br>
_______________________________________________<br>
taglib-devel mailing list<br>
<a href="mailto:taglib-devel@kde.org">taglib-devel@kde.org</a><br>
<a href="https://mail.kde.org/mailman/listinfo/taglib-devel" target="_blank">https://mail.kde.org/mailman/listinfo/taglib-devel</a><br>
</blockquote></div><br></div>