Error while parsing FLAC, crashes
Hello, I just tested tag 0.6 and it crashes on my machine.
The crash occurs on versions after commit d9a5f095b8901003b8d07b250dd3b1fbc0adef5b
"parse flac tags directly".
After some debugging, I've found that the crash seems to happen in parse_flac_tags
, line 183
var data = new uint8[size];
if (stream.read_all (data, out n)) {
uint pos = 0;
var img_type = read_uint32_be (data, pos);
pos += 4;
var img_mimetype_len = read_uint32_be (data, pos);
pos += 4 + img_mimetype_len;
var img_description_len = read_uint32_be (data, pos); // Crashes after this, pos is way out of arr's bounds
pos += 4 + img_description_len;
pos += 4 * 4; // image properties
var img_len = read_uint32_be (data, pos);
pos += 4;
if (pos + img_len <= n) {
if (tags == null)
tags = new Gst.TagList.empty ();
Gst.Tag.List.add_id3_image ((!)tags, data[pos:pos+img_len], img_type);
} else {
break;
}
} else {
break;
}
We should catch this and just ignore the id3 image in that case maybe ?
Or just check that pos will no be out of arr's bounds when reading uint32, that is more elegant.
Feel free to ask for more info if needed.
Edited by Geoffrey Coulaud