Mercurial > audlegacy-plugins

diff src/aac/mp4ff/mp4meta.c @ 451:5826c77f4acf trunk
[svn] - various overflow and security-related fixes from XMMS2 (mainly Juho Vaha-Herttua, et al)
author: nenolod
date: Wed, 17 Jan 2007 00:56:53 -0800
parents: 3da1b8942b8b
children: 22a470857579
--- a/src/aac/mp4ff/mp4meta.c	Wed Jan 17 00:29:28 2007 -0800
+++ b/src/aac/mp4ff/mp4meta.c	Wed Jan 17 00:56:53 2007 -0800
@@ -32,7 +32,7 @@
 #include <string.h>
 #include "mp4ffint.h"
 
-int32_t mp4ff_tag_add_field(mp4ff_metadata_t *tags, const char *item, const char *value)
+int32_t mp4ff_tag_add_field_len(mp4ff_metadata_t *tags, const char *item, const char *value, uint32_t valuelen)
 {
     void *backup = (void *)tags->tags;
 
@@ -45,7 +45,13 @@
         return 0;
     } else {
         tags->tags[tags->count].item = strdup(item);
-        tags->tags[tags->count].value = strdup(value);
+
+	/* ugly hack to make covers work */	
+        tags->tags[tags->count].value = malloc(valuelen+1);
+	memcpy(tags->tags[tags->count].value, value, valuelen);
+        tags->tags[tags->count].value[valuelen] = '\0';
+
+	tags->tags[tags->count].value_length = valuelen;
 
         if (!tags->tags[tags->count].item || !tags->tags[tags->count].value)
         {
@@ -53,6 +59,7 @@
             if (!tags->tags[tags->count].value) free (tags->tags[tags->count].value);
             tags->tags[tags->count].item = NULL;
             tags->tags[tags->count].value = NULL;
+            tags->tags[tags->count].value_length = 0;
             return 0;
         }
 
@@ -61,6 +68,11 @@
     }
 }
 
+int32_t mp4ff_tag_add_field(mp4ff_metadata_t *tags, const char *item, const char *value)
+{
+	return mp4ff_tag_add_field_len(tags, item, value, strlen(value));
+}
+
 int32_t mp4ff_tag_set_field(mp4ff_metadata_t *tags, const char *item, const char *value)
 {
     unsigned int i;
@@ -73,6 +85,7 @@
         {
 			free(tags->tags[i].value);
 			tags->tags[i].value = strdup(value);
+			tags->tags[i].value_length = strlen(value);
             return 1;
         }
     }
@@ -198,6 +211,7 @@
     uint64_t subsize, sumsize = 0;
     unsigned char * name = NULL;
     unsigned char * data = NULL;
+    uint32_t datalen = 0;
     uint32_t done = 0;
 
     while (sumsize < size)
@@ -259,6 +273,7 @@
 				{
 					if (data) {free(data);data = NULL;}
 					data = mp4ff_read_string(f,(uint32_t)(subsize-(header_size+8)));
+					datalen = (uint32_t)(subsize-(header_size+8));
 				}
 			} else if (atom_type == ATOM_NAME) {
 				if (!done)
@@ -279,7 +294,7 @@
 		if (!done)
 		{
 			if (name == NULL) mp4ff_set_metadata_name(f, parent_atom_type, &name);
-			if (name) mp4ff_tag_add_field(&(f->tags), (char*)name, (char*)data);
+			if (name) mp4ff_tag_add_field_len(&(f->tags), name, data, datalen);
 		}
 
 		free(data);
@@ -314,8 +329,13 @@
     {
         if (!stricmp(f->tags.tags[i].item, item))
         {
-			*value = strdup(f->tags.tags[i].value);
-            return 1;
+	    uint32_t value_length = f->tags.tags[i].value_length;
+	    
+	    if (value_length > 0) {
+		    *value = malloc(value_length+1);
+		    memcpy(*value, f->tags.tags[i].value, value_length+1);
+		    return value_length;
+	    }
         }
     }
author	nenolod
date	Wed, 17 Jan 2007 00:56:53 -0800
parents	3da1b8942b8b
children	22a470857579