diff options
| author | Ralph Giles <giles@thaumas.net> | 2015-10-13 15:32:59 -0700 |
|---|---|---|
| committer | Ralph Giles <giles@thaumas.net> | 2015-10-13 15:56:02 -0700 |
| commit | c75b3b1282de1010883aa1391bc8ea31dc8ac98e (patch) | |
| tree | be06c7da62c5edf131ce11ef11cf910f52e7ba0e | |
| parent | 6a7c80bd6054207f53771f75f44caae88305fe4b (diff) | |
| download | libvorbis-git-c75b3b1282de1010883aa1391bc8ea31dc8ac98e.tar.gz | |
Allocate comment temporaries on the heap.
Use malloc/free instead of the more convenient alloca for
comment data. Album art can easily be larger than the local
stack limit and crash the process.
Thanks to Robert Kausch for the suggestion.
| -rw-r--r-- | lib/info.c | 18 |
1 files changed, 12 insertions, 6 deletions
@@ -65,11 +65,13 @@ void vorbis_comment_add(vorbis_comment *vc,const char *comment){ } void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *contents){ - char *comment=alloca(strlen(tag)+strlen(contents)+2); /* +2 for = and \0 */ + /* Length for key and value +2 for = and \0 */ + char *comment=_ogg_malloc(strlen(tag)+strlen(contents)+2); strcpy(comment, tag); strcat(comment, "="); strcat(comment, contents); vorbis_comment_add(vc, comment); + _ogg_free(comment); } /* This is more or less the same as strncasecmp - but that doesn't exist @@ -88,27 +90,30 @@ char *vorbis_comment_query(vorbis_comment *vc, const char *tag, int count){ long i; int found = 0; int taglen = strlen(tag)+1; /* +1 for the = we append */ - char *fulltag = alloca(taglen+ 1); + char *fulltag = _ogg_malloc(taglen+1); strcpy(fulltag, tag); strcat(fulltag, "="); for(i=0;i<vc->comments;i++){ if(!tagcompare(vc->user_comments[i], fulltag, taglen)){ - if(count == found) + if(count == found) { /* We return a pointer to the data, not a copy */ - return vc->user_comments[i] + taglen; - else + _ogg_free(fulltag); + return vc->user_comments[i] + taglen; + } else { found++; + } } } + _ogg_free(fulltag); return NULL; /* didn't find anything */ } int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){ int i,count=0; int taglen = strlen(tag)+1; /* +1 for the = we append */ - char *fulltag = alloca(taglen+1); + char *fulltag = _ogg_malloc(taglen+1); strcpy(fulltag,tag); strcat(fulltag, "="); @@ -117,6 +122,7 @@ int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){ count++; } + _ogg_free(fulltag); return count; } |