From b963ce0873d17afb23776cc212625e9e2b15ae4a Mon Sep 17 00:00:00 2001 From: Martijn van Beurden Date: Fri, 17 Jun 2022 21:00:13 +0200 Subject: Check chain length Ogg FLAC file When a metadata chain was read from an Ogg FLAC file containing no metadata (but otherwise valid), an empty chain could be returned, leading to null derefencing on trying to manipulate it. This commit adds a check for the chain length --- src/libFLAC/metadata_iterators.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src') diff --git a/src/libFLAC/metadata_iterators.c b/src/libFLAC/metadata_iterators.c index 7f019d72..55562b43 100644 --- a/src/libFLAC/metadata_iterators.c +++ b/src/libFLAC/metadata_iterators.c @@ -1360,6 +1360,12 @@ static FLAC__bool chain_read_ogg_cb_(FLAC__Metadata_Chain *chain, FLAC__IOHandle chain->initial_length = chain_calculate_length_(chain); + if(chain->initial_length == 0) { + /* Ogg FLAC file must have at least streaminfo and vorbis comment */ + chain->status = FLAC__METADATA_CHAIN_STATUS_BAD_METADATA; + return false; + } + return true; } -- cgit v1.2.1