Bug 150250 - Empty APE tag crashes TagLib
Summary: Empty APE tag crashes TagLib
Status: RESOLVED FIXED
Alias: None
Product: taglib
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: unspecified
Platform: Compiled Sources Microsoft Windows
: NOR crash
Target Milestone: ---
Assignee: Scott Wheeler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-27 06:24 UTC by Gabriel Levy
Modified: 2007-09-27 22:52 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriel Levy 2007-09-27 06:24:21 UTC
Version:            (using KDE Devel)
Installed from:    Compiled sources
Compiler:          MSVC++ 2005 
OS:                MS Windows

I have an mp3 file with an empty APE tag. That is, there are 0 bytes between the APE header and footer at the end of the file. When parsing this file's tags, TagLib crashes with a failed assertion here:

 Tests.exe!std::vector<char,std::allocator<char> >::operator[](unsigned int _Pos=0x00000000)  Line 756 + 0x14 bytes	C++
 Tests.exe!TagLib::ByteVector::data()  Line 337 + 0x30 bytes	C++
 Tests.exe!TagLib::File::readBlock(unsigned long length=0x00000000)  Line 207 + 0x71 bytes	C++
 Tests.exe!TagLib::APE::Tag::read()  Line 216 + 0x69 bytes	C++
 Tests.exe!TagLib::APE::Tag::Tag(TagLib::File * file=0x00c85370, long tagOffset=0x0067a455)  Line 64	C++
 Tests.exe!TagLib::MPEG::File::read(bool readProperties=true, TagLib::AudioProperties::ReadStyle propertiesStyle=Average)  Line 564 + 0x9d bytes	C++
 Tests.exe!TagLib::MPEG::File::File(const char * file=0x00c87ff0, bool readProperties=true, TagLib::AudioProperties::ReadStyle 
...

In tbytevector.cpp lie 337,
 
 return DATA(d); // [ Macro evaluates to(&(d->data[0])) ]

fails because d->data.size() == 0 and so the subscript is out of range.

Changing apetag.cpp line 211 from

    if(d->footer.tagSize() == 0 || 

to

    if(d->footer.tagSize() == 0 || d->footer.tagSize() == Footer::size() ||

solved the problem for me.
Comment 1 Scott Wheeler 2007-09-27 22:52:54 UTC
SVN commit 717984 by wheeler:

Add a few checks to make sure that we don't blow up when trying to read zero-byte
values.

BUG:150250


 M  +1 -1      ape/apetag.cpp  
 M  +5 -3      toolkit/tbytevector.cpp  
 M  +3 -0      toolkit/tfile.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=717984