While they're technically invalid, it's better to skip them and try to
read the rest of the tag.
---
libavformat/id3v2.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 68c1709..8a9a4fa 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -401,13 +401,18 @@ static void ff_id3v2_parse(AVFormatContext *s, int len,
uint8_t version, uint8_t
tag[3] = 0;
tlen = avio_rb24(s->pb);
}
- if (tlen <= 0 || tlen > len - taghdrlen) {
+ if (tlen < 0 || tlen > len - taghdrlen) {
av_log(s, AV_LOG_WARNING, "Invalid size in frame %s, skipping the
rest of tag.\n", tag);
break;
}
len -= taghdrlen + tlen;
next = avio_tell(s->pb) + tlen;
+ if (!tlen) {
+ av_log(s, AV_LOG_DEBUG, "Invalid empty frame %s, skipping.\n",
tag);
+ continue;
+ }
+
if (tflags & ID3v2_FLAG_DATALEN) {
avio_rb32(s->pb);
tlen -= 4;
--
1.7.6
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
