Bug 175781

Summary: riff file tagging interprets trailing garbage as chunks
Product: [Frameworks and Libraries] taglib Reporter: Marc Halbruegge <marc.halbruegge>
Component: generalAssignee: Scott Wheeler <wheeler>
Status: RESOLVED FIXED    
Severity: normal    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Microsoft Windows   
Latest Commit: Version Fixed In:
Attachments: do extra range checking

Description Marc Halbruegge 2008-11-21 17:04:04 UTC 
Version:            (using Devel)
OS:                MS Windows
Installed from:    Compiled sources

especially nasty:
- read tags from a file (including some trailing bytes 
  of garbage)
- append some tag data
- write file: the garbage stays between old and 
  new tag data

-> during the next read of the file, taglib will 
   misinterpret everything behind the former garbage
Comment 1 Marc Halbruegge 2008-11-21 17:06:33 UTC 
Created attachment 28733 [details]
do extra range checking

this one goes into directory taglib/riff

patch idea: data portions smaller than 8 bytes cannot be chunks
Comment 2 Marc Halbruegge 2008-12-15 19:58:54 UTC 
please use the cumulative patch added to Bug 171957 (taglib corrupts ogg files) instead
Comment 3 Lukáš Lalinský 2009-07-28 20:29:42 UTC 
SVN commit 1003745 by lalinsky:

Handle RIFF chunk padding and ignore trailing garbage

This is based on patches by Marc Halbruegge, but those only deal with
read-only cases. The code now also correctly adds padding to RIFF
chunks, and calculates offsets in chunkData taking the padding into
account.

BUG:171957
BUG:175781


 M  +34 -4     taglib/riff/rifffile.cpp  
 M  +4 -0      tests/CMakeLists.txt  
 AM            tests/data/empty.aiff  
 AM            tests/test_aiff.cpp   [License: UNKNOWN]
 AM            tests/test_riff.cpp   [License: UNKNOWN]


WebSVN link: http://websvn.kde.org/?view=rev&revision=1003745