shithub: riscv

Download patch

ref: 4882f18a593355d94cf0e5ebe0735fb7f5d9a580
parent: f6a6ccb1d56c0f6cf3677b6d7f31da0c8c362510
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Mon Feb 19 13:07:04 EST 2024

libtags/wav: respect buffer size when reading tag value

--- a/sys/src/cmd/audio/libtags/wav.c
+++ b/sys/src/cmd/audio/libtags/wav.c
@@ -67,13 +67,13 @@
 		}else if(memcmp(d, "LIST", 4) == 0){
 			sz = csz - 4;
 			continue;
-		}else if(info){
+		}else if(info && csz < (u32int)ctx->bufsz){
 			for(n = 0; n < nelem(t); n++){
 				if(memcmp(d, t[n].s, 4) == 0 || t[n].type == Tunknown){
 					if(ctx->read(ctx, d+5, csz) != (int)csz)
 						return -1;
 					d[4] = 0;
-					d[5+csz-1] = 0;
+					d[5+csz] = 0;
 					txtcb(ctx, t[n].type, t[n].type == Tunknown ? (char*)d : "", d+5);
 					csz = 0;
 					break;