Here’s a change to dynamically allocate the DSD ID3 tag buffer. Pretty much
anything with cover art
is going to exceed the existing, static 4k limit... Here’s a change to
dynamically allocate the buffer and
sanity check it at some upper limit. I rather arbitrarily pulled 256k out of
thin air just to keep a corrupt
file from causing it to trying to allocate a buffer larger than available
memory.
diff --git a/src/decoder/plugins/DsdLib.cxx b/src/decoder/plugins/DsdLib.cxx
index 13f6bc8..9ac986b 100644
--- a/src/decoder/plugins/DsdLib.cxx
+++ b/src/decoder/plugins/DsdLib.cxx
@@ -29,6 +29,7 @@
#include "input/InputStream.hxx"
#include "tag/TagId3.hxx"
#include "util/Error.hxx"
+#include "util/Alloc.hxx"
#include <string.h>
@@ -123,22 +124,27 @@ dsdlib_tag_id3(InputStream &is,
const id3_length_t count = size - offset;
- /* Check and limit id3 tag size to prevent a stack overflow */
- id3_byte_t dsdid3[4096];
- if (count == 0 || count > sizeof(dsdid3))
+ if (count < 10 || count > 256*1024)
return;
- if (!decoder_read_full(nullptr, is, dsdid3, count))
+ id3_byte_t *const id3_buf = static_cast<id3_byte_t*>(xalloc(count));
+
+ if (!decoder_read_full(nullptr, is, id3_buf, count)) {
+ free(id3_buf);
return;
+ }
- struct id3_tag *id3_tag = id3_tag_parse(dsdid3, count);
- if (id3_tag == nullptr)
+ struct id3_tag *id3_tag = id3_tag_parse(id3_buf, count);
+ if (id3_tag == nullptr) {
+ free(id3_buf);
return;
+ }
scan_id3_tag(id3_tag, handler, handler_ctx);
id3_tag_delete(id3_tag);
+ free(id3_buf);
return;
}
#endif
_______________________________________________
mpd-devel mailing list
[email protected]
http://mailman.blarg.de/listinfo/mpd-devel
