Rockbox mail archiveSubject: Re: Tracknum
From: Magnus Holmgren <lear_at_algonet.se>
Date: Sun, 18 Aug 2002 20:27:45 +0200
Magnus Holmgren wrote:
> Den 16 Aug 2002 skrev Daniel Stenberg:
> > > An easy fix (that seems to work) is to remove the size check in id3.c at
> > > line 605, that is, the "entry->id3v2len <= sizeof( entry->id3v2buf )" part.
> > > The ID3V2 loader will only read up to the size of the buffer anyway.
> > The buffer it stores the data in is only sizeof(entry->id3v2buf) bytes large,
> > if you remove the check it means it'll do a buffer overflow. Won't it?
> The ID3V2 code will not read more than fits in the buffer (check the
> read statement). Thus, there should be no buffer overflow. But there
> might be problems during parse... (I do have problems with a few
> files, but I don't know why yet; will take a look at it later
Typical. Each and every recognized tag contains this code snippet:
if(headerlen > (size - readsize))
headerlen = (size - readsize);
However, unknown tags do not get this treatment. Hence, if there is tag
data - with an unsupported frame at the end of the buffer - there will
be problems due to a wraparound (in the while loop). Easy to fix; added
the above snippet to the "unknown tag" case (might be a good idea to
make the while loop a bit more robust though).
-- Magnus HolmgrenReceived on 2002-08-18