summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog2
-rw-r--r--src/demuxers/demux_mpgaudio.c5
2 files changed, 4 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 5cbde5090..02634b43d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,8 @@ xine-lib (1.1.10.1) unreleased
arbitrary code via a crafted FLAC tag, causing a stack buffer overflow.
(CVE-2008-0486)
* Fix a RealPlayer codec detection bug.
+ * Improve detection of MP3 streams with ID3v2 tags. Don't trust the tag
+ size.
xine-lib (1.1.10) 2008-01-26
* Security fixes:
diff --git a/src/demuxers/demux_mpgaudio.c b/src/demuxers/demux_mpgaudio.c
index 1bea02302..82a7dd7ab 100644
--- a/src/demuxers/demux_mpgaudio.c
+++ b/src/demuxers/demux_mpgaudio.c
@@ -807,7 +807,6 @@ static int demux_mpgaudio_read_head(input_plugin_t *input, uint8_t *buf) {
* return 1 if detected, 0 otherwise
*/
static int detect_mpgaudio_file(input_plugin_t *input) {
- mpg_audio_frame_t frame;
uint8_t buf[MAX_PREVIEW_SIZE];
int preview_len;
uint32_t head;
@@ -838,8 +837,8 @@ static int detect_mpgaudio_file(input_plugin_t *input) {
lprintf("cannot read mp3 frame header\n");
return 0;
}
- if (!parse_frame_header(&frame, &buf[10 + tag_size])) {
- lprintf ("invalid mp3 frame header\n");
+ if (!sniff_buffer_looks_like_mp3(&buf[10 + tag_size], preview_len - 10 - tag_size)) {
+ lprintf ("sniff_buffer_looks_like_mp3 failed\n");
return 0;
} else {
lprintf ("a valid mp3 frame follows the id3v2 tag\n");
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-22 05:39:05 +0000