Bug 283412 - scan of wav file consumes 2 GB RAM and causes SIGABRT - infinite loop in RIFF::File::read()
Summary: scan of wav file consumes 2 GB RAM and causes SIGABRT - infinite loop in RIFF...
Status: RESOLVED FIXED
Alias: None
Product: taglib
Classification: Frameworks and Libraries
Component: general (show other bugs)
Version: 1.7
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Scott Wheeler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-05 19:13 UTC by Jens Nachtigall
Modified: 2011-10-08 16:44 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Jens Nachtigall 2011-10-05 19:13:30 UTC 
Version:           1.7
OS:                Linux

This wav file causes tagreader to allocate about 2GB of memory until it
causes a SIGABRT

There is an ininite loop in void RIFF::File::read() in taglib/riff/rifffile.cpp
More precisely, 
uint chunkSize = readBlock(4).toUInt(bigEndian);
at line 208 of this file always return 0 for this file.

PS the bug was originally filed against the dj software mixxx (mixxx.org)
https://bugs.launchpad.net/mixxx/+bug/851737



Reproducible: Always

Steps to Reproduce:
run taglib-1.7/examples/tagreader 09_15_2011-21h_14m_33s.wav
or taglib-1.7/examples/tagreader_c 09_15_2011-21h_14m_33s.wav

The file can be found here:
http://www2.informatik.hu-berlin.de/~nachtiga/09_15_2011-21h_14m_33s.wav



Actual Results:  
infinite loop and SIGABRT causing the DJ software mixxx and amarok to crash when they try to scan that file. 

Expected Results:  
maybe simply a message, that this is not a valid wav/music file, i.e. handle it like any other invalid file.
Comment 1 Jens Nachtigall 2011-10-07 11:26:44 UTC 
maybe this is related to #273756 (because also infinite loop and memory problems, but I do not know for sure)