TagLib crash in STL due to append of zero-length GEOB filename

David Lasker dave at altosdesign.com
Sun May 27 00:49:51 CEST 2007


I have been using TagLib as built with MS VC++2003 with no problems.

I just tried VC++2005 and ran into a problem. This is with the latest source
checked out of SVN.

My application opens an mp3 file, adds a new ID3v2
UserTextIdentificationFrame ('TXXX'), and then calls
TagLib::MPEG::File::save().

The original mp3 file contains a 'GEOB' frame, which I do not modify.

In TagLib file generalencapsulatedobjectframe.cpp line 176:
     data.append(d->fileName.data(d->textEncoding));
the filename has not been set in the GEOB frame. So TagLib is trying to
append a zero-length string.

In tbytevector.cpp line 439, DATA(v.d) takes the address of v.d->data[0].
Since the string is zero length, [0] is an invalid index. There is a run
time check in VC++2005 STL that catches this. It appears that VC++2003
doesn't have that run time check.

I have fixed this by using the following patch:

Index: tbytevector.cpp
===================================================================
--- tbytevector.cpp     (revision 668577)
+++ tbytevector.cpp     (working copy)
@@ -434,9 +434,12 @@
 {
   detach();

-  uint originalSize = d->size;
-  resize(d->size + v.d->size);
-  ::memcpy(DATA(d) + originalSize, DATA(v.d), v.size());
+  if (v.size() > 0)
+  {
+    uint originalSize = d->size;
+    resize(d->size + v.d->size);
+    ::memcpy(DATA(d) + originalSize, DATA(v.d), v.size());
+  }

   return *this;
 }

I'm a bit of a newbie to ID3 and TagLib, so if there is something I can do
in my code to avoid this problem please let me know. Otherwise could some
kind soul apply this patch (corrected if necessary) to the repository?

Thanks for the help!

Dave



More information about the taglib-devel mailing list