Hi, for the maintainer libid3tag.
I found an infinite loop bug in libid3tag-0.15.0b library, which causes memory overflow.
The problem occurs when parsing an ID3_FIELD_TYPE_STRINGLIST field, specifically when data to be parsed is ended with '\0'. In this case, **ptr == 0, but the condition end - *ptr is 1 so loop continues infinitely.
*** field.c 2003-04-19 09:14:33.000000000 +0900 --- field-patched.c 2008-01-13 16:08:22.000000000 +0900 *************** *** 291,297 ****
end = *ptr + length;
! while (end - *ptr > 0) { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; --- 291,297 ----
end = *ptr + length;
! while (end - *ptr > 0 && **ptr != '\0') { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail;
Hi,
I am new to the usage of this mad library. I have a question regarding this. Is the fast forward playback of mp3 is supported with this library?
Thanks and Regards, Rahul Banerjee
On 1/13/08, Kentaro Oda odaken@gmail.com wrote:
Hi, for the maintainer libid3tag.
I found an infinite loop bug in libid3tag-0.15.0b library, which causes memory overflow.
The problem occurs when parsing an ID3_FIELD_TYPE_STRINGLIST field, specifically when data to be parsed is ended with '\0'. In this case, **ptr == 0, but the condition end - *ptr is 1 so loop continues infinitely.
*** field.c 2003-04-19 09:14:33.000000000 +0900 --- field-patched.c 2008-01-13 16:08:22.000000000 +0900
*** 291,297 ****
end = *ptr + length;! while (end - *ptr > 0) { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail; --- 291,297 ----
end = *ptr + length;! while (end - *ptr > 0 && **ptr != '\0') { ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); if (ucs4 == 0) goto fail;
-- Kentaro Oda
Rahul Banerjee wrote:
Hi,
I am new to the usage of this mad library. I have a question regarding this. Is the fast forward playback of mp3 is supported with this library?
Well yes, sort of. libmad will simply decode a stream. The burden is placed on the user however to direct the decoder to whatever bits you'd like to decode. So to implement fast fwd, trick play, etc.. you'll need to point the decoder at the bits you'd like to render which say constitute snippets of audio to be rendered from a stream in fast forward.
This requires repositioning the stream pointer ahead in the stream and rendering frames until you have an error free decode and are synchronized. Render as much of decoded output to the audio device for a single hop, reposition the decoder in the stream and repeat.
-john
-
john cooper -
Kentaro Oda -
Rahul Banerjee