diff options
author | Hubert Figuiere <hub@figuiere.net> | 2008-11-17 23:42:00 -0500 |
---|---|---|
committer | Hubert Figuiere <hub@figuiere.net> | 2008-11-17 23:42:00 -0500 |
commit | 88af812fde414aca8f9add90bc800ea3d8e9a281 (patch) | |
tree | 0403dd1897c0b287d4d710dd422827683c59dfcb /source/XMPFiles/FormatSupport/ID3_Support.cpp | |
parent | 9d7d7c3caac05db240692ad7e9196fcb7f5a1ce5 (diff) |
upgrade to XMP-SDK 4.4.2
Diffstat (limited to 'source/XMPFiles/FormatSupport/ID3_Support.cpp')
-rw-r--r-- | source/XMPFiles/FormatSupport/ID3_Support.cpp | 37 |
1 files changed, 28 insertions, 9 deletions
diff --git a/source/XMPFiles/FormatSupport/ID3_Support.cpp b/source/XMPFiles/FormatSupport/ID3_Support.cpp index 793f925..ee8c008 100644 --- a/source/XMPFiles/FormatSupport/ID3_Support.cpp +++ b/source/XMPFiles/FormatSupport/ID3_Support.cpp @@ -1,6 +1,6 @@ // ================================================================================================= // ADOBE SYSTEMS INCORPORATED -// Copyright 2002-2007 Adobe Systems Incorporated +// Copyright 2002-2008 Adobe Systems Incorporated // All Rights Reserved // // NOTICE: Adobe permits you to use, modify, and distribute this file in accordance with the terms @@ -8,6 +8,8 @@ // ================================================================================================= #include "XMP_Environment.h" // ! This must be the first include. +#if ! XMP_UNIXBuild // Closes at very bottom. Disabled on UNIX until legacy-as-local is fixed. + #include "XMP_Const.h" #include "ID3_Support.hpp" @@ -15,6 +17,8 @@ #include "UnicodeConversions.hpp" #include "Reconcile_Impl.hpp" +#include <stdio.h> + #if XMP_WinBuild #pragma warning ( disable : 4996 ) // '...' was declared deprecated #endif @@ -164,7 +168,7 @@ namespace ID3_Support { static bool GetFrameInfo(LFA_FileRef inFileRef, XMP_Uns8 bVersion, char *strFrameID, XMP_Uns8 &cflag1, XMP_Uns8 &cflag2, unsigned long &dwSize); static bool ReadSize(LFA_FileRef inFileRef, XMP_Uns8 bVersion, unsigned long &dwSize); static unsigned long CalculateSize(XMP_Uns8 bVersion, unsigned long dwSizeIn); - static bool LoadTagHeaderAndUnknownFrames(LFA_FileRef inFileRef, char *strBuffer, bool fRecon, unsigned long &posPad); + static bool LoadTagHeaderAndUnknownFrames(LFA_FileRef inFileRef, char *strBuffer, size_t strBufferLen, bool fRecon, unsigned long &posPad); #define GetFilePosition(file) LFA_Seek ( file, 0, SEEK_CUR ) @@ -293,6 +297,8 @@ bool FindFrame ( LFA_FileRef inFileRef, char* strFrame, XMP_Int64 & posFrame, un while ( posCur < posEnd ) { + if ( (posEnd - posCur) < k_dwTagHeaderSize ) break; // Not enough room for a header, must be padding. + char szFrameID[5] = {"xxxx"}; unsigned long dwFrameSize = 0; XMP_Uns8 cflag1 = 0, cflag2 = 0; @@ -380,7 +386,7 @@ bool GetFrameData ( LFA_FileRef inFileRef, char* strFrame, char* buffer, unsigne unsigned long dwOffset = 3; // Skip the 3 byte language code. if ( (bEncoding == 0) || (bEncoding == 3) ) { - dwOffset += (strlen ( &strData[3] ) + 1); // Skip the descriptor and nul. + dwOffset += (unsigned long)(strlen ( &strData[3] ) + 1); // Skip the descriptor and nul. } else { UTF16Unit* u16Ptr = (UTF16Unit*) (&strData[3]); for ( ; *u16Ptr != 0; ++u16Ptr ) dwOffset += 2; // Skip the descriptor. @@ -518,7 +524,7 @@ bool AddXMPTagToID3Buffer ( char * strCur, unsigned long * pdwCurOffset, unsigne snprintf ( strGenre, sizeof(strGenre), "(%d)", iFound ); // AUDIT: Using sizeof(strGenre) is safe. strXMPTag = strGenre; - dwXMPLength = strlen(strXMPTag); + dwXMPLength = (long)strlen(strXMPTag); } @@ -535,13 +541,13 @@ bool AddXMPTagToID3Buffer ( char * strCur, unsigned long * pdwCurOffset, unsigne bEncoding = 1; // Will convert to UTF-16 later. } else { strXMPTag = tempLatin1.c_str(); // Use the Latin-1 encoding for output. - dwXMPLength = tempLatin1.size(); + dwXMPLength = (long)tempLatin1.size(); } std::string strUTF16; if ( bEncoding == 1 ) { ToUTF16 ( (UTF8Unit*)strXMPTag, dwXMPLength, &strUTF16, false /* little endian */ ); - dwXMPLength = strUTF16.size() + 2; // ! Include the (to be inserted) BOM in the count. + dwXMPLength = (long)strUTF16.size() + 2; // ! Include the (to be inserted) BOM in the count. } // Frame Structure @@ -737,7 +743,7 @@ bool SetMetaData ( LFA_FileRef inFileRef, char* strXMPPacket, unsigned long dwXM return false; } - LoadTagHeaderAndUnknownFrames ( inFileRef, szID3Buffer, fRecon, id3BufferLen ); + LoadTagHeaderAndUnknownFrames ( inFileRef, szID3Buffer, sizeof(szID3Buffer), fRecon, id3BufferLen ); unsigned long spareLen = (k_dwFrameHeaderSize + dwOldID3ContentSize) - id3BufferLen; @@ -812,7 +818,7 @@ bool SetMetaData ( LFA_FileRef inFileRef, char* strXMPPacket, unsigned long dwXM // ================================================================================================= -bool LoadTagHeaderAndUnknownFrames ( LFA_FileRef inFileRef, char * strBuffer, bool fRecon, unsigned long & posPad ) +bool LoadTagHeaderAndUnknownFrames ( LFA_FileRef inFileRef, char * strBuffer, size_t strBufferLen, bool fRecon, unsigned long & posPad ) { LFA_Seek ( inFileRef, 3ULL, SEEK_SET ); // Point after the "ID3" @@ -826,6 +832,7 @@ bool LoadTagHeaderAndUnknownFrames ( LFA_FileRef inFileRef, char * strBuffer, bo unsigned long dwExtendedTag = SkipExtendedHeader ( inFileRef, v1, flags ); LFA_Seek ( inFileRef, 0ULL, SEEK_SET ); + XMP_Assert ( strBufferLen >= k_dwTagHeaderSize ); LFA_Read ( inFileRef, strBuffer, k_dwTagHeaderSize ); dwOffset += k_dwTagHeaderSize; @@ -841,6 +848,9 @@ bool LoadTagHeaderAndUnknownFrames ( LFA_FileRef inFileRef, char * strBuffer, bo XMP_Int64 posEnd = posCur + dwTagSize; while ( posCur < posEnd ) { + + XMP_Assert ( k_dwTagHeaderSize == 10 ); + if ( (posEnd - posCur) < k_dwTagHeaderSize ) break; // Not enough room for a header, must be padding. char szFrameID[5] = {"xxxx"}; unsigned long dwFrameSize = 0; @@ -890,7 +900,10 @@ bool LoadTagHeaderAndUnknownFrames ( LFA_FileRef inFileRef, char * strBuffer, bo } else { // Unknown frame, let's copy it LFA_Seek ( inFileRef, -(long)k_dwFrameHeaderSize, SEEK_CUR ); - LFA_Read ( inFileRef, strBuffer+dwOffset, dwFrameSize+k_dwFrameHeaderSize ); + if ( (dwOffset > strBufferLen) || ((dwFrameSize + k_dwFrameHeaderSize) > (strBufferLen - dwOffset)) ) { + XMP_Throw ( "Avoiding I/O buffer overflow", kXMPErr_InternalFailure ); + } + LFA_Read ( inFileRef, (strBuffer + dwOffset), (dwFrameSize + k_dwFrameHeaderSize) ); dwOffset += dwFrameSize+k_dwFrameHeaderSize; } @@ -984,6 +997,8 @@ static bool FindXMPFrame ( LFA_FileRef inFileRef, XMP_Int64 & posXMP, XMP_Int64 while ( posCur < posEnd ) { + if ( (posEnd - posCur) < k_dwTagHeaderSize ) break; // Not enough room for a header, must be padding. + char szFrameID[5] = {"xxxx"}; unsigned long dwFrameSize = 0; XMP_Uns8 cflag1 = 0, cflag2 = 0; @@ -1135,3 +1150,7 @@ static unsigned long CalculateSize ( XMP_Uns8 bVersion, unsigned long dwSizeIn ) } } // namespace ID3_Support + +// ================================================================================================= + +#endif // XMP_UNIXBuild |