From 976fdd76c1c2213ed89e69d3b1ef8378f1cacbf5 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Sun, 6 Mar 2016 23:26:48 +0100 Subject: [PATCH] decoder/opus: limit tag size to 64 kB --- NEWS | 2 ++ src/decoder/plugins/OpusReader.hxx | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index cf3e788fc..416af1159 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,6 @@ ver 0.19.14 (not yet released) +* decoder + - opus: limit tag size to 64 kB * fix build failures on non-glibc builds due to constexpr Mutex ver 0.19.13 (2016/02/23) diff --git a/src/decoder/plugins/OpusReader.hxx b/src/decoder/plugins/OpusReader.hxx index c5b8e9107..219f3f42a 100644 --- a/src/decoder/plugins/OpusReader.hxx +++ b/src/decoder/plugins/OpusReader.hxx @@ -85,7 +85,7 @@ public: char *ReadString() { uint32_t length; - if (!ReadWord(length)) + if (!ReadWord(length) || length >= 65536) return nullptr; const char *src = (const char *)Read(length);