dev builds
themes manual
device status forums
mailing lists
IRC bugs
dev guide

Rockbox mail archive

Subject: Re: Tracknum
From: Magnus Holmgren (
Date: 2002-08-18

Magnus Holmgren wrote:
> Den 16 Aug 2002 skrev Daniel Stenberg:
> > > An easy fix (that seems to work) is to remove the size check in id3.c at
> > > line 605, that is, the "entry->id3v2len <= sizeof( entry->id3v2buf )" part.
> > > The ID3V2 loader will only read up to the size of the buffer anyway.
> >
> > The buffer it stores the data in is only sizeof(entry->id3v2buf) bytes large,
> > if you remove the check it means it'll do a buffer overflow. Won't it?
> The ID3V2 code will not read more than fits in the buffer (check the
> read statement). Thus, there should be no buffer overflow. But there
> might be problems during parse... (I do have problems with a few
> files, but I don't know why yet; will take a look at it later
> today.)

Typical. Each and every recognized tag contains this code snippet:

  if(headerlen > (size - readsize))
      headerlen = (size - readsize);

However, unknown tags do not get this treatment. Hence, if there is tag
data - with an unsupported frame at the end of the buffer - there will
be problems due to a wraparound (in the while loop). Easy to fix; added
the above snippet to the "unknown tag" case (might be a good idea to
make the while loop a bit more robust though).

Magnus Holmgren

Page was last modified "Jan 10 2012" The Rockbox Crew