Invalid ogg file causes infinite loop

[Frank Lai]

Sorry for the wording. I am running taglib on a much slower machine. A large
loop count like it would never stop.

The attached patch has added checks from the suggestion.

Best Regards,
Frank Lai

2011/6/8 Lukáš Lalinský <lalinsky at gmail.com>

> On Tue, Jun 7, 2011 at 6:09 PM, Frank Lai <frank.franklai at gmail.com>
> wrote:
> > Hi all,
> > I got an invalid ogg file causes infinite loop. The reason is xiph
> comment
> > field count is very large (of course wrong value). The attached patch
> adds a
> > check before parse loop (comment count cannot > data size).
> > If the comment count just less than data size but a large value, the loop
> > still takes a little time to finish. Wondering if there is a better
> > solution.
>
> I wondering how can this cause an infinite loop. From what I see, each
> iteration increases the i variable, so it should read commentFields
> eventually.
>
> Anyway, to filter out obviously wrong comments, you can use
> "(data.size() - 8) / 4" to further restrict the value, which is the
> minimal required size if all the fields are empty. The rest of the
> code pretty much the data is correct too, so there are other checks
> that could be added inside the loop:
>
>  - Check if pos < data.size().
>  - Check if commentSeparatorPosition is not -1.
>
> Lukas
> _______________________________________________
> taglib-devel mailing list
> taglib-devel at kde.org
> https://mail.kde.org/mailman/listinfo/taglib-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.kde.org/pipermail/taglib-devel/attachments/20110609/77e25fe4/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: xiphcomment-patch2.diff
Type: application/octet-stream
Size: 978 bytes
Desc: not available
Url : http://mail.kde.org/pipermail/taglib-devel/attachments/20110609/77e25fe4/attachment.dll