shithub: libtags

Download patch

ref: 2386ab2c67bb2a680a669322f80921fd362f1b90
parent: 3bc7b61cb1c7c34b4f1ad39771febe6ea61b5094
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Tue Mar 5 20:26:05 EST 2024

wav: fix a buffer overflow (offset forgotten)

--- a/wav.c
+++ b/wav.c
@@ -64,9 +64,11 @@
 				return -1;
 			ctx->duration = sz*1000 / x;
 		}else if(memcmp(d, "LIST", 4) == 0){
+			if(csz < 4)
+				return -1;
 			sz = csz - 4;
 			continue;
-		}else if(info && csz < ctx->bufsz){
+		}else if(info && csz < ctx->bufsz-5){
 			for(n = 0; n < nelem(t); n++){
 				if(memcmp(d, t[n].s, 4) == 0 || t[n].type == Tunknown){
 					if(ctx->read(ctx, d+5, csz) != csz)