Fix crashes due to wrong parameter passing

The refactoring to use `std::string_view`
(see 64d98f5530) caused this regression
(see https://github.com/Martchus/tageditor/issues/75). We must specify the
size because the buffers used here are not null-terminated.
This commit is contained in:
Martchus 2021-10-26 15:54:30 +02:00
parent 0ebad97a6d
commit fd5e9bf950
4 changed files with 17 additions and 14 deletions

View File

@ -10,7 +10,7 @@ set(META_APP_URL "https://github.com/${META_APP_AUTHOR}/${META_PROJECT_NAME}")
set(META_APP_DESCRIPTION "C++ library for reading and writing MP4 (iTunes), ID3, Vorbis, Opus, FLAC and Matroska tags")
set(META_VERSION_MAJOR 10)
set(META_VERSION_MINOR 3)
set(META_VERSION_PATCH 0)
set(META_VERSION_PATCH 1)
set(META_REQUIRED_CPP_UNIT_VERSION 1.14.0)
set(META_ADD_DEFAULT_CPP_UNIT_TEST_APPLICATION ON)

View File

@ -72,7 +72,8 @@ void FlacStream::internalParseHeader(Diagnostics &diag, AbortableProgressFeedbac
}
m_istream->seekg(static_cast<streamoff>(m_startOffset), ios_base::beg);
char buffer[0x22];
constexpr auto bufferSize = 0x22;
char buffer[bufferSize];
// check signature
if (m_reader.readUInt32BE() != 0x664C6143) {
@ -85,7 +86,7 @@ void FlacStream::internalParseHeader(Diagnostics &diag, AbortableProgressFeedbac
for (FlacMetaDataBlockHeader header; !header.isLast();) {
// parse block header
m_istream->read(buffer, 4);
header.parseHeader(buffer);
header.parseHeader(std::string_view(buffer, 4));
// remember start offset
const auto startOffset = m_istream->tellg();
@ -93,10 +94,10 @@ void FlacStream::internalParseHeader(Diagnostics &diag, AbortableProgressFeedbac
// parse relevant meta data
switch (static_cast<FlacMetaDataBlockType>(header.type())) {
case FlacMetaDataBlockType::StreamInfo:
if (header.dataSize() >= 0x22) {
m_istream->read(buffer, 0x22);
if (header.dataSize() >= bufferSize) {
m_istream->read(buffer, bufferSize);
FlacMetaDataBlockStreamInfo streamInfo;
streamInfo.parse(buffer);
streamInfo.parse(std::string_view(buffer, bufferSize));
m_channelCount = streamInfo.channelCount();
m_samplingFrequency = streamInfo.samplingFrequency();
m_sampleCount = streamInfo.totalSampleCount();

View File

@ -24,8 +24,9 @@ namespace TagParser {
void FlacToOggMappingHeader::parseHeader(OggIterator &iterator)
{
// prepare parsing
char buff[0x0D + 0x04 + 0x22 - 0x05];
iterator.read(buff, 5);
constexpr auto idSize = 0x05, mappingHeaderSize = 0x0D, blockHeaderSize = 0x04, streamInfoSize = 0x22;
char buff[mappingHeaderSize + blockHeaderSize + streamInfoSize - idSize];
iterator.read(buff, idSize);
if (*buff != 0x7Fu || BE::toUInt32(buff + 1) != 0x464C4143u) {
throw InvalidDataException(); // not FLAC-to-Ogg mapping header
}
@ -41,16 +42,16 @@ void FlacToOggMappingHeader::parseHeader(OggIterator &iterator)
// parse "METADATA_BLOCK_HEADER"
FlacMetaDataBlockHeader header;
header.parseHeader(buff + 0x0D - 0x05);
header.parseHeader(std::string_view(buff + mappingHeaderSize - idSize, blockHeaderSize));
if (header.type() != FlacMetaDataBlockType::StreamInfo) {
throw InvalidDataException(); // "METADATA_BLOCK_STREAMINFO" expected
}
if (header.dataSize() < 0x22) {
if (header.dataSize() < streamInfoSize) {
throw TruncatedDataException(); // "METADATA_BLOCK_STREAMINFO" is truncated
}
// parse "METADATA_BLOCK_STREAMINFO"
m_streamInfo.parse(buff + 0x0D + 0x04 - 0x05);
m_streamInfo.parse(std::string_view(buff + mappingHeaderSize + blockHeaderSize - idSize, streamInfoSize));
}
} // namespace TagParser

View File

@ -207,10 +207,11 @@ void OggStream::internalParseHeader(Diagnostics &diag, AbortableProgressFeedback
if (!hasCommentHeader) {
// a Vorbis comment should be following
if (++iterator) {
char buff[4];
iterator.read(buff, 4);
constexpr auto headerSize = 4;
char buff[headerSize];
iterator.read(buff, headerSize);
FlacMetaDataBlockHeader header;
header.parseHeader(buff);
header.parseHeader(std::string_view(buff, headerSize));
if (header.type() == FlacMetaDataBlockType::VorbisComment) {
m_container.announceComment(
iterator.currentPageIndex(), iterator.currentSegmentIndex(), header.isLast(), GeneralMediaFormat::Flac);