shithub: libtags

Download patch

ref: 261e90c554eb95fa25079f08d4f1ae3691efdc87
parent: 8600912ac8ed58ff54406aaa8cb41856dc54ee69
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Mon Mar 4 14:23:36 EST 2024

m4a: make sure to not seek in an infinite loop with broken files

--- a/m4a.c
+++ b/m4a.c
@@ -19,7 +19,7 @@
 	sz = beuint(d) - 4; /* already have 8 bytes */
 
 	for(;;){
-		if(ctx->seek(ctx, sz, 1) < 0)
+		if(sz < 0 || ctx->seek(ctx, sz, 1) < 0)
 			return -1;
 		if(ctx->read(ctx, d, 4) != 4) /* size */
 			break;
@@ -58,6 +58,8 @@
 					return -1;
 				sz -= 8;
 				skip = beuint(d) - 8;
+				if(skip < 0)
+					return -1;
 
 				if(memcmp(&d[4], "mp4a", 4) == 0){ /* audio */
 					n = 6+2 + 2+4+2 + 2+2 + 2+2 + 4; /* read a bunch at once */