ref: f6b8f1a943b8c23d1a8252ed055bc71567a29b96
parent: 7fcd37916f92e56bd945af0496287b5db8cc8756
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Wed Mar 30 18:28:46 EDT 2022
id3v2: make sure extra id3 tag does not cause infinite loop
--- a/id3v2.c
+++ b/id3v2.c
@@ -366,6 +366,7 @@
{
int sz, exsz, framesz;
int ver, unsync, offset;
+ int newpos, oldpos;
uchar d[10], *b;
if(ctx->read(ctx, d, sizeof(d)) != sizeof(d))
@@ -378,6 +379,7 @@
return 0;
}
+ oldpos = 0;
header:
ver = d[3];
unsync = d[5] & (1<<7);
@@ -449,11 +451,13 @@
if(ctx->read(ctx, ctx->buf, sz) != sz)
break;
for(b = (uchar*)ctx->buf; (b = memchr(b, 'I', sz - 1 - ((char*)b - ctx->buf))) != nil; b++){
- ctx->seek(ctx, (char*)b - ctx->buf + offset + exsz, 0);
+ newpos = ctx->seek(ctx, (char*)b - ctx->buf + offset + exsz, 0);
if(ctx->read(ctx, d, sizeof(d)) != sizeof(d))
return 0;
- if(isid3(d))
+ if(isid3(d) && newpos != oldpos){
+ oldpos = newpos;
goto header;
+ }
}
for(b = (uchar*)ctx->buf; (b = memchr(b, 0xff, sz-3)) != nil; b++){
if((b[1] & 0xe0) == 0xe0){