Infinite loop bug in TagLib
Philip Van Baren
philip at vibrationresearch.com
Sat Jul 12 18:15:12 CEST 2008
On some mpeg video files (particularly on incomplete or corrupt files)
TagLib gets stuck using 100% CPU.
The problem is an infinite loop in Filters/TagLib/Mpeg/File.cs
ReadVideoPacket function. If the FindMarker doesn't find the right packet
type, it doesn't increment offset, and just calls FindMarker again with the
same offset, and repeats...
Here is a version of that function which prevents the infinite loop:
void ReadVideoPacket (ref long position)
{
Seek (position + 4);
int length = ReadBlock (2).ToUShort ();
long offset = position + 6;
// Put a sanity limit on how long we search
int sanity_limit = 1000;
int i=0;
while (!video_found && (i < sanity_limit) && offset < position + length)
{
if (FindMarker (ref offset) ==
Marker.VideoSyncPacket) {
video_header = new VideoHeader (this,
offset + 4);
video_found = true;
} else {
// Make sure we keep moving forward, because this one didn't
match
offset += 4;
}
i++;
}
position += length;
}
http://bugzilla.gnome.org/show_bug.cgi?id=542582
Philip Van Baren
More information about the taglib-devel
mailing list