Bug with ID3v2 tags
Daniele Cocca
daniele.cocca at gmail.com
Mon Jul 24 00:57:27 CEST 2006
After a lot of testing, I've found out that the bug is in here, and it happens
only on files with an APIC:
#if HAVE_ZLIB
if(d->header->compression()) {
ByteVector data(frameDataLength);
uLongf uLongTmp = frameDataLength;
::uncompress((Bytef *) data.data(),
(uLongf *) &uLongTmp,
(Bytef *) frameData.data() + frameDataOffset,
size());
return data;
}
else
#endif
It crashes while creating a new ByteVector with frameDataLength, because this
value is computed from a broken frame, so it's a huge number (about
20000000000 characters for the MP3 I tested).
Adding these lines:
if (frameDataLength > 0x1000000) {
ByteVector blank;
debug("Detected a frame with more than ten megabytes of data. File
corrupted?");
return blank;
}
just before "if(d->header->compression()) {" seems to solve the problem.
I hope my informations are useful in any way. Bye. :)
More information about the taglib-devel
mailing list