src · 913028a780707543a2eca0dcca61a0e8eb6b6167 · Иван Мажукин / mpd

mp3: fix buffer overflow when max_frames is too large · 913028a7

authored Sep 17, 2008

The function decodeFirstFrame() allocates memory based on data from
the mp3 header. This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer. Cap this buffer at 8
million frames, which should really be enough for reasonable files.

913028a7

Name	Last commit	Last update
..
audioOutputs		Loading commit data...
inputPlugins		Loading commit data...
mp4ff		Loading commit data...
Makefile.am		Loading commit data...
ack.h		Loading commit data...
audio.c		Loading commit data...
audio.h		Loading commit data...
audioOutput.c		Loading commit data...
audioOutput.h		Loading commit data...
audio_format.h		Loading commit data...
buffer2array.c		Loading commit data...
buffer2array.h		Loading commit data...
charConv.c		Loading commit data...
charConv.h		Loading commit data...
client.c		Loading commit data...
client.h		Loading commit data...
command.c		Loading commit data...
command.h		Loading commit data...
compress.c		Loading commit data...
compress.h		Loading commit data...
condition.c		Loading commit data...
condition.h		Loading commit data...
conf.c		Loading commit data...
conf.h		Loading commit data...
crossfade.c		Loading commit data...
crossfade.h		Loading commit data...
dbUtils.c		Loading commit data...
dbUtils.h		Loading commit data...
decoder_api.c		Loading commit data...
decoder_api.h		Loading commit data...
decoder_control.c		Loading commit data...
decoder_control.h		Loading commit data...
decoder_internal.h		Loading commit data...
decoder_list.c		Loading commit data...
decoder_list.h		Loading commit data...
decoder_thread.c		Loading commit data...
decoder_thread.h		Loading commit data...
directory.c		Loading commit data...
directory.h		Loading commit data...
dlist.h		Loading commit data...
gcc.h		Loading commit data...
inputStream.c		Loading commit data...
inputStream.h		Loading commit data...
inputStream_file.c		Loading commit data...
inputStream_file.h		Loading commit data...
inputStream_http.c		Loading commit data...
inputStream_http.h		Loading commit data...
inputStream_http_auth.h		Loading commit data...
ioops.c		Loading commit data...
ioops.h		Loading commit data...
list.c		Loading commit data...
list.h		Loading commit data...
listen.c		Loading commit data...
listen.h		Loading commit data...
locate.c		Loading commit data...
locate.h		Loading commit data...
log.c		Loading commit data...
log.h		Loading commit data...
ls.c		Loading commit data...
ls.h		Loading commit data...
main.c		Loading commit data...
main_notify.c		Loading commit data...
main_notify.h		Loading commit data...
metadataChunk.c		Loading commit data...
metadataChunk.h		Loading commit data...
mpd_types.h		Loading commit data...
normalize.c		Loading commit data...
normalize.h		Loading commit data...
notify.c		Loading commit data...
notify.h		Loading commit data...
os_compat.h		Loading commit data...
outputBuffer.c		Loading commit data...
outputBuffer.h		Loading commit data...
output_api.h		Loading commit data...
output_control.c		Loading commit data...
output_control.h		Loading commit data...
output_init.c		Loading commit data...
output_list.c		Loading commit data...
output_list.h		Loading commit data...
path.c		Loading commit data...
path.h		Loading commit data...
pcm_utils.c		Loading commit data...
pcm_utils.h		Loading commit data...
permission.c		Loading commit data...
permission.h		Loading commit data...
playerData.c		Loading commit data...
playerData.h		Loading commit data...
player_control.c		Loading commit data...
player_control.h		Loading commit data...
player_thread.c		Loading commit data...
player_thread.h		Loading commit data...
playlist.c		Loading commit data...
playlist.h		Loading commit data...
replayGain.c		Loading commit data...
replayGain.h		Loading commit data...
ringbuf.c		Loading commit data...
ringbuf.h		Loading commit data...
sig_handlers.c		Loading commit data...
sig_handlers.h		Loading commit data...
signal_check.c		Loading commit data...
signal_check.h		Loading commit data...
sllist.c		Loading commit data...
sllist.h		Loading commit data...
song.c		Loading commit data...
song.h		Loading commit data...
song_print.c		Loading commit data...
song_print.h		Loading commit data...
song_save.c		Loading commit data...
song_save.h		Loading commit data...
state_file.c		Loading commit data...
state_file.h		Loading commit data...
stats.c		Loading commit data...
stats.h		Loading commit data...
storedPlaylist.c		Loading commit data...
storedPlaylist.h		Loading commit data...
strset.c		Loading commit data...
strset.h		Loading commit data...
tag.c		Loading commit data...
tag.h		Loading commit data...
tag_id3.c		Loading commit data...
tag_id3.h		Loading commit data...
tag_internal.h		Loading commit data...
tag_pool.c		Loading commit data...
tag_pool.h		Loading commit data...
tag_print.c		Loading commit data...
tag_print.h		Loading commit data...
tag_save.c		Loading commit data...
tag_save.h		Loading commit data...
timer.c		Loading commit data...
timer.h		Loading commit data...
utf8.c		Loading commit data...
utf8.h		Loading commit data...
utils.c		Loading commit data...
utils.h		Loading commit data...
volume.c		Loading commit data...
volume.h		Loading commit data...
zeroconf.c		Loading commit data...
zeroconf.h		Loading commit data...