Invalid ogg file causes infinite loop
Lukáš Lalinský
lalinsky at gmail.com
Tue Jun 7 18:26:06 CEST 2011
On Tue, Jun 7, 2011 at 6:09 PM, Frank Lai <frank.franklai at gmail.com> wrote:
> Hi all,
> I got an invalid ogg file causes infinite loop. The reason is xiph comment
> field count is very large (of course wrong value). The attached patch adds a
> check before parse loop (comment count cannot > data size).
> If the comment count just less than data size but a large value, the loop
> still takes a little time to finish. Wondering if there is a better
> solution.
I wondering how can this cause an infinite loop. From what I see, each
iteration increases the i variable, so it should read commentFields
eventually.
Anyway, to filter out obviously wrong comments, you can use
"(data.size() - 8) / 4" to further restrict the value, which is the
minimal required size if all the fields are empty. The rest of the
code pretty much the data is correct too, so there are other checks
that could be added inside the loop:
- Check if pos < data.size().
- Check if commentSeparatorPosition is not -1.
Lukas
More information about the taglib-devel
mailing list