oysteikt/mpd
0
0
Fork 0
Code Issues Pull Requests Releases Activity

tag/ApeLoader: fix buffer overflow after unterminated key

Browse Source
This commit is contained in:
Max Kellermann
2015-10-16 14:40:46 +02:00
parent a9bcf8d50d
commit 205fba74cf
2 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/tag/ApeLoader.cxx
View File

@@ -78,12 +78,12 @@ ape_scan_internal(FILE *fp, ApeTagCallback callback)
/* get the key */
const char *key = p;
while (remaining > size && *p != '\0') {
p++;
remaining--;
}
p++;
remaining--;
const char *key_end = (const char *)memchr(p, '\0', remaining);
if (key_end == nullptr)
break;
p = key_end + 1;
remaining -= p - key;
/* get the value */
if (remaining < size)