modify id3 tag parser (extended header exception handing)

Change-Id: I04e2cf9f77d4a56bdc511649077ba6e89a490176
Signed-off-by: Minje Ahn <minje.ahn@samsung.com>

diff --git a/packaging/libmm-fileinfo.spec b/packaging/libmm-fileinfo.spec
index c73e05f..8d5ca3e 100755 (executable)
--- a/packaging/libmm-fileinfo.spec
+++ b/packaging/libmm-fileinfo.spec
@@ -1,6 +1,6 @@
 Name:      libmm-fileinfo
 Summary:    Media Fileinfo
-Version:    0.6.41
+Version:    0.6.42
 Release:    0
 Group:      System/Libraries
 License:    Apache-2.0

diff --git a/utils/mm_file_util_tag.c b/utils/mm_file_util_tag.c
index 8376c9d..b85f80e 100755 (executable)
--- a/utils/mm_file_util_tag.c
+++ b/utils/mm_file_util_tag.c
@@ -2135,8 +2135,12 @@ bool mm_file_id3tag_parse_v223(AvFileContentInfo *pInfo, unsigned char *buffer)
                debug_msg("--------------- extendedHeaderLen = %d\n", extendedHeaderLen);
 #endif
 
-               curPos += extendedHeaderLen;
-               curPos += 4;
+               if (extendedHeaderLen > (int)(taglen - curPos)) {
+                       debug_error("extended header too long.\n");
+               } else {
+                       curPos += extendedHeaderLen;
+                       curPos += 4;
+               }
        }
 
        if (needToloopv2taglen - MP3_TAGv2_23_TXT_HEADER_LEN > MP3_TAGv2_23_TXT_HEADER_LEN) {
@@ -2870,7 +2874,11 @@ bool mm_file_id3tag_parse_v224(AvFileContentInfo *pInfo, unsigned char *buffer)
                debug_msg("--------------- extendedHeaderLen = %d\n", extendedHeaderLen);
 #endif
 
-               curPos += extendedHeaderLen;
+               if (extendedHeaderLen > (int)(taglen - curPos)) {
+                       debug_error("extended header too long.\n");
+               } else {
+                       curPos += extendedHeaderLen;
+               }
        }
 
        if (needToloopv2taglen - MP3_TAGv2_23_TXT_HEADER_LEN > MP3_TAGv2_23_TXT_HEADER_LEN) {