Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: Re: Tracknum
From: Magnus Holmgren (lear_at_algonet.se)
Date: 2002-08-18


Magnus Holmgren wrote:
>
> Den 16 Aug 2002 skrev Daniel Stenberg:
>
> > > An easy fix (that seems to work) is to remove the size check in id3.c at
> > > line 605, that is, the "entry->id3v2len <= sizeof( entry->id3v2buf )" part.
> > > The ID3V2 loader will only read up to the size of the buffer anyway.
> >
> > The buffer it stores the data in is only sizeof(entry->id3v2buf) bytes large,
> > if you remove the check it means it'll do a buffer overflow. Won't it?
>
> The ID3V2 code will not read more than fits in the buffer (check the
> read statement). Thus, there should be no buffer overflow. But there
> might be problems during parse... (I do have problems with a few
> files, but I don't know why yet; will take a look at it later
> today.)

Typical. Each and every recognized tag contains this code snippet:

  if(headerlen > (size - readsize))
      headerlen = (size - readsize);

However, unknown tags do not get this treatment. Hence, if there is tag
data - with an unsupported frame at the end of the buffer - there will
be problems due to a wraparound (in the while loop). Easy to fix; added
the above snippet to the "unknown tag" case (might be a good idea to
make the while loop a bit more robust though).

-- 
Magnus Holmgren



Page was last modified "Jan 10 2012" The Rockbox Crew
aaa