diff options
author | bobsayshilol <bobsayshilol@live.co.uk> | 2021-04-24 17:03:28 +0100 |
---|---|---|
committer | Urs Fleisch <ufleisch@users.sourceforge.net> | 2021-05-02 12:14:27 +0200 |
commit | f2eb33169649b3b3a9a97bf8f51c4d3f774bfb4e (patch) | |
tree | 1b965dfe694f6d83b2030b94cdfc47caa613b321 /taglib/mpc | |
parent | 5f6bbb20e775e86b9aba3deb86751299dac3dd65 (diff) |
MPC: Fix heap-buffer-overflow in readSV7()
If `data` is an allocation of only 3 bytes (MP+) then `data[3]` is a
read past the end of the buffer.
Diffstat (limited to 'taglib/mpc')
-rw-r--r-- | taglib/mpc/mpcproperties.cpp | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/taglib/mpc/mpcproperties.cpp b/taglib/mpc/mpcproperties.cpp index 21de6d49..1e1e4b7c 100644 --- a/taglib/mpc/mpcproperties.cpp +++ b/taglib/mpc/mpcproperties.cpp @@ -298,6 +298,9 @@ void MPC::Properties::readSV8(File *file, long streamLength) void MPC::Properties::readSV7(const ByteVector &data, long streamLength) { if(data.startsWith("MP+")) { + if(data.size() < 4) + return; + d->version = data[3] & 15; if(d->version < 7) return; |