diff options
author | Philip Withnall <withnall@endlessm.com> | 2017-02-05 16:07:26 +0100 |
---|---|---|
committer | Philip Withnall <withnall@endlessm.com> | 2017-02-05 16:14:27 +0100 |
commit | 397883a2128ef2099bbad9da75d213f4724db277 (patch) | |
tree | 827cf0d1b58a597d903da62b6296ca388d2fbd0b | |
parent | 35c739862e5ba232b8e364653e8dc92683f242e6 (diff) | |
download | tracker-397883a2128ef2099bbad9da75d213f4724db277.tar.gz |
tracker-extract: Clarify untrusted value checks
When validating the values of csize and tsize (as they are read from a
potentially untrusted MP3 file), put them as the left-hand operand in
the comparison by themselves, without adding anything which:
• confuses Coverity;
• potentially overflows.
Coverity ID: 1399652
https://bugzilla.gnome.org/show_bug.cgi?id=778206
-rw-r--r-- | src/tracker-extract/tracker-extract-mp3.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/tracker-extract/tracker-extract-mp3.c b/src/tracker-extract/tracker-extract-mp3.c index 6be6e71ed..3a6b1d32e 100644 --- a/src/tracker-extract/tracker-extract-mp3.c +++ b/src/tracker-extract/tracker-extract-mp3.c @@ -2221,7 +2221,7 @@ parse_id3v20 (const gchar *data, unsync = (data[5] & 0x80) > 0; tsize = extract_uint32_7bit (&data[6]); - if (tsize + header_size > size) { + if (tsize > size - header_size) { g_message ("[v20] Expected MP3 tag size and header size to be within file size boundaries"); return; } @@ -2251,7 +2251,7 @@ parse_id3v20 (const gchar *data, csize = (size_t) extract_uint32_3byte (&data[pos + 3]); - if (pos + frame_size + csize > size) { + if (csize > size - pos - frame_size) { g_debug ("[v20] Size of current frame '%s' (%" G_GSIZE_FORMAT ") " "exceeds file boundaries (%" G_GSIZE_FORMAT "), " "not processing any more frames", |