Better flac metadata handling (wrong fields sizes array out of bounds crash fix) (!3) · Merge requests · Nanling Zheng / G4Music

Geoffrey Coulaud requested to merge GeoffreyCoulaud/g4music:master into master Jun 15, 2022

In parse_flac_tags we read arbitrary data for the image mimetype length and image description length then use these values as array indexes. This can lead to out of array bouds reads that crash the app, so we always need to check before trying to access.

This check was done only for the image data, but it also needs to be done for all the arbitrary length metadata.

If you have questions, feel free to ask.

Edit: Fix for #11 (closed)

Edited Jun 15, 2022 by Geoffrey Coulaud

Better flac metadata handling (wrong fields sizes array out of bounds crash fix)

Merge request reports