[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [libextractor] branch master updated (25da5822 -> 38e89335)
|
From: |
gnunet |
|
Subject: |
[GNUnet-SVN] [libextractor] branch master updated (25da5822 -> 38e89335) |
|
Date: |
Fri, 13 Oct 2017 12:37:40 +0200 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a change to branch master
in repository libextractor.
from 25da5822 disting, updates po files
new f813535d fix integer overflow in PNG plugin as reported by Leon Zhao
on the mailinglist
new 2878429d eliminate compiler warning
new 0c03299c eliminate compiler warning
new 1ff778f3 modify gitignore
new ffab889c fix looping in nsfe extractor for problematic chunksize in
input file
new 38e89335 fix for NSF plugin's NPE reported by Leon Zhao
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitignore | 1 +
ChangeLog | 9 ++++++
src/include/extractor.h | 2 +-
src/plugins/flac_extractor.c | 5 +---
src/plugins/nsf_extractor.c | 32 ++++++++++++----------
src/plugins/nsfe_extractor.c | 65 ++++++++++++++++++++++----------------------
src/plugins/png_extractor.c | 30 +++++++++++---------
7 files changed, 79 insertions(+), 65 deletions(-)
diff --git a/.gitignore b/.gitignore
index ed1a2f40..a5882a23 100644
--- a/.gitignore
+++ b/.gitignore
@@ -364,3 +364,4 @@ stamp-h1
test-driver
nothing added to commit but untracked files present (use "git add" to track)
+src/plugins/test_thumbnailffmpeg
diff --git a/ChangeLog b/ChangeLog
index fa69e6c4..78e5e3b0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Fri Oct 13 12:30:37 CEST 2017
+ Properly check read error in NSF plugin (from signedness confusion)
found by Leon Zhao. -CG
+
+Fri Oct 13 12:27:38 CEST 2017
+ Protect against problematic integer offset in NSFE plugin found by Leon
Zhao. -CG
+
+Fri Oct 13 12:15:35 CEST 2017
+ Protect against integer overflows in PNG plugin found by Leon Zhao. -CG
+
Wed Oct 11 20:14:12 CEST 2017
Releasing GNU libextractor 1.5. -CG
diff --git a/src/include/extractor.h b/src/include/extractor.h
index 4bb1217f..fe0d1ce8 100644
--- a/src/include/extractor.h
+++ b/src/include/extractor.h
@@ -35,7 +35,7 @@ extern "C" {
* 0.2.6-1 => 0x00020601
* 4.5.2-0 => 0x04050200
*/
-#define EXTRACTOR_VERSION 0x01050000
+#define EXTRACTOR_VERSION 0x01050001
#include <stdio.h>
diff --git a/src/plugins/flac_extractor.c b/src/plugins/flac_extractor.c
index 0136fc4c..7f04df36 100644
--- a/src/plugins/flac_extractor.c
+++ b/src/plugins/flac_extractor.c
@@ -409,10 +409,7 @@ flac_metadata (const FLAC__StreamDecoder *decoder,
metadata->data.picture.data_length);
break;
}
- case FLAC__METADATA_TYPE_PADDING:
- case FLAC__METADATA_TYPE_SEEKTABLE:
- case FLAC__METADATA_TYPE_CUESHEET:
- case FLAC__METADATA_TYPE_UNDEFINED:
+ default:
break;
}
}
diff --git a/src/plugins/nsf_extractor.c b/src/plugins/nsf_extractor.c
index c0945700..a02aaeeb 100644
--- a/src/plugins/nsf_extractor.c
+++ b/src/plugins/nsf_extractor.c
@@ -51,7 +51,7 @@ struct header
* Magic code.
*/
char magicid[5];
-
+
/**
* NSF version number.
*/
@@ -86,9 +86,9 @@ struct header
* Album title.
*/
char title[32];
-
+
/**
- * Artist name.
+ * Artist name.
*/
char artist[32];
@@ -152,13 +152,15 @@ EXTRACTOR_nsf_extract_method (struct
EXTRACTOR_ExtractContext *ec)
char nsfversion[32];
const struct header *head;
void *data;
+ ssize_t ds;
- if (sizeof (struct header) >
- ec->read (ec->cls,
- &data,
- sizeof (struct header)))
+ ds = ec->read (ec->cls,
+ &data,
+ sizeof (struct header));
+ if ( (-1 == ds) ||
+ (sizeof (struct header) > ds) )
return;
- head = data;
+ head = data;
/* Check "magic" id bytes */
if (memcmp (head->magicid, "NESM\x1a", 5))
@@ -166,17 +168,17 @@ EXTRACTOR_nsf_extract_method (struct
EXTRACTOR_ExtractContext *ec)
ADD ("audio/x-nsf", EXTRACTOR_METATYPE_MIMETYPE);
snprintf (nsfversion,
sizeof(nsfversion),
- "%d",
+ "%d",
head->nsfversion);
ADD (nsfversion, EXTRACTOR_METATYPE_FORMAT_VERSION);
- snprintf (songs,
+ snprintf (songs,
sizeof(songs),
"%d",
(int) head->songs);
ADD (songs, EXTRACTOR_METATYPE_SONG_COUNT);
- snprintf (startingsong,
+ snprintf (startingsong,
sizeof(startingsong),
- "%d",
+ "%d",
(int) head->firstsong);
ADD (startingsong, EXTRACTOR_METATYPE_STARTING_SONG);
memcpy (&album, head->title, 32);
@@ -196,14 +198,14 @@ EXTRACTOR_nsf_extract_method (struct
EXTRACTOR_ExtractContext *ec)
else
{
if (0 != (head->tvflags & PAL_FLAG))
- ADD ("PAL", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
+ ADD ("PAL", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
else
- ADD ("NTSC", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
+ ADD ("NTSC", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
}
/* Detect Extra Sound Chips needed to play the files */
if (0 != (head->chipflags & VRCVI_FLAG))
- ADD ("VRCVI", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
+ ADD ("VRCVI", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (head->chipflags & VRCVII_FLAG))
ADD ("VRCVII", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (head->chipflags & FDS_FLAG))
diff --git a/src/plugins/nsfe_extractor.c b/src/plugins/nsfe_extractor.c
index 02e376f5..6a8be86e 100644
--- a/src/plugins/nsfe_extractor.c
+++ b/src/plugins/nsfe_extractor.c
@@ -1,17 +1,17 @@
/*
* This file is part of libextractor.
* Copyright (C) 2007, 2009, 2012 Toni Ruottu and Christian Grothoff
- *
+ *
* libextractor is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published
* by the Free Software Foundation; either version 3, or (at your
* option) any later version.
- *
+ *
* libextractor is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with libextractor; see the file COPYING. If not, write to the
* Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
@@ -52,17 +52,16 @@ struct header
/**
* Read an unsigned integer at the current offset.
- *
+ *
* @param data input data to parse
* @return parsed integer
- */
+ */
static uint32_t
nsfeuint (const char *data)
{
- int i;
uint32_t value = 0;
- for (i = 3; i > 0; i--)
+ for (int i = 3; i > 0; i--)
{
value += (unsigned char) data[i];
value *= 0x100;
@@ -81,7 +80,7 @@ nsfeuint (const char *data)
* @return copy of the string at data
*/
static char *
-nsfestring (const char *data,
+nsfestring (const char *data,
size_t size)
{
char *s;
@@ -181,7 +180,7 @@ info_extract (struct EXTRACTOR_ExtractContext *ec,
&data,
size))
return 1;
- ichunk = data;
+ ichunk = data;
if (0 != (ichunk->tvflags & DUAL_FLAG))
{
@@ -192,7 +191,7 @@ info_extract (struct EXTRACTOR_ExtractContext *ec,
if (0 != (ichunk->tvflags & PAL_FLAG))
ADD ("PAL", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
else
- ADD ("NTSC", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
+ ADD ("NTSC", EXTRACTOR_METATYPE_BROADCAST_TELEVISION_SYSTEM);
}
if (0 != (ichunk->chipflags & VRCVI_FLAG))
@@ -200,25 +199,25 @@ info_extract (struct EXTRACTOR_ExtractContext *ec,
if (0 != (ichunk->chipflags & VRCVII_FLAG))
ADD ("VRCVII", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (ichunk->chipflags & FDS_FLAG))
- ADD ("FDS Sound", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
+ ADD ("FDS Sound", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (ichunk->chipflags & MMC5_FLAG))
- ADD ("MMC5 audio", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
+ ADD ("MMC5 audio", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (ichunk->chipflags & NAMCO_FLAG))
ADD ("Namco 106", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (0 != (ichunk->chipflags & SUNSOFT_FLAG))
- ADD ("Sunsoft FME-07", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
+ ADD ("Sunsoft FME-07", EXTRACTOR_METATYPE_TARGET_ARCHITECTURE);
if (size < sizeof (struct infochunk))
{
ADD ("1", EXTRACTOR_METATYPE_SONG_COUNT);
return 0;
}
- snprintf (songs,
+ snprintf (songs,
sizeof (songs),
"%d",
ichunk->songs);
ADD (songs, EXTRACTOR_METATYPE_SONG_COUNT);
- snprintf (songs,
+ snprintf (songs,
sizeof (songs),
"%d",
ichunk->firstsong);
@@ -249,14 +248,14 @@ tlbl_extract (struct EXTRACTOR_ExtractContext *ec,
&data,
size))
return 1;
- cdata = data;
+ cdata = data;
- left = size;
+ left = size;
while (left > 0)
{
title = nsfestring (&cdata[size - left], left);
if (NULL == title)
- return 0;
+ return 0;
length = strlen (title) + 1;
ADDF (title, EXTRACTOR_METATYPE_TITLE);
left -= length;
@@ -291,15 +290,15 @@ auth_extract (struct EXTRACTOR_ExtractContext *ec,
&data,
size))
return 1;
- cdata = data;
+ cdata = data;
album = nsfestring (&cdata[size - left], left);
if (NULL != album)
{
left -= (strlen (album) + 1);
ADDF (album, EXTRACTOR_METATYPE_ALBUM);
- if (left < 1)
- return 0;
+ if (left < 1)
+ return 0;
}
artist = nsfestring (&cdata[size - left], left);
@@ -307,7 +306,7 @@ auth_extract (struct EXTRACTOR_ExtractContext *ec,
{
left -= (strlen (artist) + 1);
ADDF (artist, EXTRACTOR_METATYPE_ARTIST);
- if (left < 1)
+ if (left < 1)
return 0;
}
@@ -342,24 +341,24 @@ EXTRACTOR_nsfe_extract_method (struct
EXTRACTOR_ExtractContext *ec)
uint64_t off;
uint32_t chunksize;
int ret;
-
+
if (sizeof (struct header) >
ec->read (ec->cls,
&data,
sizeof (struct header)))
return;
- head = data;
+ head = data;
if (0 != memcmp (head->magicid, "NSFE", 4))
return;
- if (0 != ec->proc (ec->cls,
+ if (0 != ec->proc (ec->cls,
"nsfe",
EXTRACTOR_METATYPE_MIMETYPE,
- EXTRACTOR_METAFORMAT_UTF8,
- "text/plain",
- "audio/x-nsfe",
+ EXTRACTOR_METAFORMAT_UTF8,
+ "text/plain",
+ "audio/x-nsfe",
strlen ("audio/x-nsfe") + 1))
- return;
+ return;
off = sizeof (struct header);
ret = 0;
while (0 == ret)
@@ -374,11 +373,13 @@ EXTRACTOR_nsfe_extract_method (struct
EXTRACTOR_ExtractContext *ec)
8))
break;
chunksize = nsfeuint (data);
- off += 8 + chunksize;
+ if (off + chunksize + 8LLU <= off)
+ break; /* protect against looping */
+ off += 8LLU + chunksize;
if (0 == memcmp (data + 4, "INFO", 4))
- ret = info_extract (ec, chunksize);
+ ret = info_extract (ec, chunksize);
else if (0 == memcmp (data + 4, "auth", 4))
- ret = auth_extract (ec, chunksize);
+ ret = auth_extract (ec, chunksize);
else if (0 == memcmp (data + 4, "tlbl", 4))
ret = tlbl_extract (ec, chunksize);
/* Ignored chunks: DATA, NEND, plst, time, fade, BANK */
diff --git a/src/plugins/png_extractor.c b/src/plugins/png_extractor.c
index 6195d0ae..add1fde3 100644
--- a/src/plugins/png_extractor.c
+++ b/src/plugins/png_extractor.c
@@ -42,11 +42,13 @@
* @return n-bytes from str followed by 0-termination, NULL on error
*/
static char *
-stndup (const char *str,
+stndup (const char *str,
size_t n)
{
char *tmp;
+ if (n + 1 < n)
+ return NULL;
if (NULL == (tmp = malloc (n + 1)))
return NULL;
tmp[n] = '\0';
@@ -64,7 +66,7 @@ stndup (const char *str,
* @return first position of 0-terminator in str, or maxlen
*/
static size_t
-stnlen (const char *str,
+stnlen (const char *str,
size_t maxlen)
{
size_t ret;
@@ -171,7 +173,7 @@ processtEXt (struct EXTRACTOR_ExtractContext *ec,
if (off >= length)
return 0; /* failed to find '\0' */
if (NULL == (keyword = EXTRACTOR_common_convert_to_utf8 ((char*) &data[off],
- length - off,
+ length - off,
"ISO-8859-1")))
return 0;
ret = 0;
@@ -221,6 +223,8 @@ processiTXt (struct EXTRACTOR_ExtractContext *ec,
compressed = data[pos++];
if (compressed && (0 != data[pos++]))
return 0; /* bad compression method */
+ if (pos > length)
+ return 0;
language = (char *) &data[pos];
ret = 0;
if ( (stnlen (language, length - pos) > 0) &&
@@ -255,7 +259,7 @@ processiTXt (struct EXTRACTOR_ExtractContext *ec,
/* printf("out of memory"); */
return 0; /* out of memory */
}
- if (Z_OK ==
+ if (Z_OK ==
(zret = uncompress ((Bytef *) buf,
&bufLen,
(const Bytef *) &data[pos], length - pos)))
@@ -367,10 +371,10 @@ processzTXt (struct EXTRACTOR_ExtractContext *ec,
/* printf("out of memory"); */
return 0; /* out of memory */
}
- if (Z_OK ==
+ if (Z_OK ==
(zret = uncompress ((Bytef *) buf,
&bufLen,
- (const Bytef *) &data[off],
+ (const Bytef *) &data[off],
length - off)))
{
/* printf("zlib ok"); */
@@ -380,8 +384,8 @@ processzTXt (struct EXTRACTOR_ExtractContext *ec,
if (Z_BUF_ERROR != zret)
return 0; /* unknown error, abort */
}
- keyword = EXTRACTOR_common_convert_to_utf8 (buf,
- bufLen,
+ keyword = EXTRACTOR_common_convert_to_utf8 (buf,
+ bufLen,
"ISO-8859-1");
free (buf);
for (i = 0; NULL != tagmap[i].name; i++)
@@ -432,9 +436,9 @@ processtIME (struct EXTRACTOR_ExtractContext *ec,
h = (unsigned char) data[8];
m = (unsigned char) data[9];
s = (unsigned char) data[10];
- snprintf (val,
+ snprintf (val,
sizeof (val),
- "%04u-%02u-%02u %02d:%02d:%02d",
+ "%04u-%02u-%02u %02d:%02d:%02d",
year, mo, day, h, m, s);
ADD (EXTRACTOR_METATYPE_MODIFICATION_DATE, val);
FINISH:
@@ -443,7 +447,7 @@ FINISH:
/**
- * Main entry method for the 'image/png' extraction plugin.
+ * Main entry method for the 'image/png' extraction plugin.
*
* @param ec extraction context provided to the plugin
*/
@@ -465,8 +469,8 @@ EXTRACTOR_png_extract_method (struct
EXTRACTOR_ExtractContext *ec)
ret = 0;
while (0 == ret)
{
- if (sizeof (uint32_t) + 4 != ec->read (ec->cls,
- &data,
+ if (sizeof (uint32_t) + 4 != ec->read (ec->cls,
+ &data,
sizeof (uint32_t) + 4))
break;
length = get_int_at (data);
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [libextractor] branch master updated (25da5822 -> 38e89335),
gnunet <=
- [GNUnet-SVN] [libextractor] 01/06: fix integer overflow in PNG plugin as reported by Leon Zhao on the mailinglist, gnunet, 2017/10/13
- [GNUnet-SVN] [libextractor] 04/06: modify gitignore, gnunet, 2017/10/13
- [GNUnet-SVN] [libextractor] 03/06: eliminate compiler warning, gnunet, 2017/10/13
- [GNUnet-SVN] [libextractor] 06/06: fix for NSF plugin's NPE reported by Leon Zhao, gnunet, 2017/10/13
- [GNUnet-SVN] [libextractor] 02/06: eliminate compiler warning, gnunet, 2017/10/13
- [GNUnet-SVN] [libextractor] 05/06: fix looping in nsfe extractor for problematic chunksize in input file, gnunet, 2017/10/13