Use malloc/free instead of the more convenient alloca for
comment data. Album art can easily be larger than the local
stack limit and crash the process.
Thanks to Robert Kausch for the suggestion.
}
void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *contents){
}
void vorbis_comment_add_tag(vorbis_comment *vc, const char *tag, const char *contents){
- char *comment=alloca(strlen(tag)+strlen(contents)+2); /* +2 for = and \0 */
+ /* Length for key and value +2 for = and \0 */
+ char *comment=_ogg_malloc(strlen(tag)+strlen(contents)+2);
strcpy(comment, tag);
strcat(comment, "=");
strcat(comment, contents);
vorbis_comment_add(vc, comment);
strcpy(comment, tag);
strcat(comment, "=");
strcat(comment, contents);
vorbis_comment_add(vc, comment);
}
/* This is more or less the same as strncasecmp - but that doesn't exist
}
/* This is more or less the same as strncasecmp - but that doesn't exist
long i;
int found = 0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
long i;
int found = 0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
- char *fulltag = alloca(taglen+ 1);
+ char *fulltag = _ogg_malloc(taglen+1);
strcpy(fulltag, tag);
strcat(fulltag, "=");
for(i=0;i<vc->comments;i++){
if(!tagcompare(vc->user_comments[i], fulltag, taglen)){
strcpy(fulltag, tag);
strcat(fulltag, "=");
for(i=0;i<vc->comments;i++){
if(!tagcompare(vc->user_comments[i], fulltag, taglen)){
/* We return a pointer to the data, not a copy */
/* We return a pointer to the data, not a copy */
- return vc->user_comments[i] + taglen;
- else
+ _ogg_free(fulltag);
+ return vc->user_comments[i] + taglen;
+ } else {
return NULL; /* didn't find anything */
}
int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){
int i,count=0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
return NULL; /* didn't find anything */
}
int vorbis_comment_query_count(vorbis_comment *vc, const char *tag){
int i,count=0;
int taglen = strlen(tag)+1; /* +1 for the = we append */
- char *fulltag = alloca(taglen+1);
+ char *fulltag = _ogg_malloc(taglen+1);
strcpy(fulltag,tag);
strcat(fulltag, "=");
strcpy(fulltag,tag);
strcat(fulltag, "=");