Software
 » 
Audio Software
 » 
MAD
 » 
Mad - Dev

Initite loop bug in libid3tag-0.15.0b

View: New views
3 Messages — Rating Filter:   Alert me  

Initite loop bug in libid3tag-0.15.0b

by Kentaro Oda :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi, for the maintainer libid3tag.

I found an infinite loop bug in libid3tag-0.15.0b library, which
causes memory overflow.

The problem occurs when parsing an ID3_FIELD_TYPE_STRINGLIST field,
specifically when data to be parsed is ended with '\0'.
In this case, **ptr == 0, but the condition end - *ptr is 1 so loop
continues infinitely.


*** field.c 2003-04-19 09:14:33.000000000 +0900
--- field-patched.c 2008-01-13 16:08:22.000000000 +0900
***************
*** 291,297 ****

        end = *ptr + length;

!       while (end - *ptr > 0) {
  ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
  if (ucs4 == 0)
   goto fail;
--- 291,297 ----

        end = *ptr + length;

!       while (end - *ptr > 0 && **ptr != '\0') {
  ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
  if (ucs4 == 0)
   goto fail;


--
Kentaro Oda

Re: Initite loop bug in libid3tag-0.15.0b

by Rahul Banerjee-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,
 
I am new to the usage of this mad library. I have a question regarding this. Is the fast forward playback of mp3 is supported with this library?
 
Thanks and Regards,
Rahul Banerjee

 
On 1/13/08, Kentaro Oda <odaken@...> wrote:
Hi, for the maintainer libid3tag.

I found an infinite loop bug in libid3tag-0.15.0b library, which
causes memory overflow.

The problem occurs when parsing an ID3_FIELD_TYPE_STRINGLIST field,
specifically when data to be parsed is ended with '\0'.
In this case, **ptr == 0, but the condition end - *ptr is 1 so loop
continues infinitely.


*** field.c     2003-04-19 09:14:33.000000000 +0900
--- field-patched.c     2008-01-13 16:08:22.000000000 +0900
***************
*** 291,297 ****

       end = *ptr + length;

!       while (end - *ptr > 0) {
       ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
       if (ucs4 == 0)
         goto fail;
--- 291,297 ----

       end = *ptr + length;

!       while (end - *ptr > 0 && **ptr != '\0') {
       ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
       if (ucs4 == 0)
         goto fail;


--
Kentaro Oda

Re: Initite loop bug in libid3tag-0.15.0b

by john cooper-4 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Rahul Banerjee wrote:
> Hi,
>  
> I am new to the usage of this mad library. I have a question regarding
> this. Is the fast forward playback of mp3 is supported with this library?

Well yes, sort of.  libmad will simply decode a stream.
The burden is placed on the user however to direct the
decoder to whatever bits you'd like to decode.  So to
implement fast fwd, trick play, etc.. you'll need to
point the decoder at the bits you'd like to render which
say constitute snippets of audio to be rendered from a
stream in fast forward.

This requires repositioning the stream pointer ahead in
the stream and rendering frames until you have an
error free decode and are synchronized.  Render as much
of decoded output to the audio device for a single hop,
reposition the decoder in the stream and repeat.

-john

--
john.cooper@...
LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help