Do bounds checking before assuming that just because we've been told that

there are actually more items that there actually are.

BUG:92028

git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@359382 283d02a7-25f6-0310-bc7c-ecb5cbfe19da

diff --git a/ape/ape-tag-format.txt b/ape/ape-tag-format.txt
index 135438e0ec57a6a6030639e4947fe82e118e05b2..21ff1c8617d382cf3662c47722649b835f7889c3 100644 (file)
--- a/ape/ape-tag-format.txt
+++ b/ape/ape-tag-format.txt
@@ -87,7 +87,7 @@ Member of APE Tag 2.0
 |                |         | items excluding the header (for 1.000          |
 |                |         | compatibility)                                 |
 |----------------|---------|------------------------------------------------|
-|Item Count      | 4 bytes | Number of items in the tag                     |
+| Item Count     | 4 bytes | Number of items in the tag                     |
 |----------------|---------|------------------------------------------------|
 | Tag Flags      | 4 bytes | Global flags                                   |
 |----------------|---------|------------------------------------------------|
@@ -167,4 +167,4 @@ bitrate demands to avoid unnecessary drop-outs.
 
 Sections 5 - 7 haven't yet been converted from:
 
-http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html
\ No newline at end of file
+http://www.personal.uni-jena.de/~pfk/mpp/sv8/apetag.html

diff --git a/ape/apeitem.cpp b/ape/apeitem.cpp
index b245cac042e174cf6b9228935480f7b186585ba3..1f8c4ba3981ad2fb562339f924a10d9a3846f4a6 100644 (file)
--- a/ape/apeitem.cpp
+++ b/ape/apeitem.cpp
@@ -126,7 +126,9 @@ bool APE::Item::isEmpty() const
 
 void APE::Item::parse(const ByteVector &data)
 {
-  if(data.size() < 10) {
+  // 11 bytes is the minimum size for an APE item
+
+  if(data.size() < 11) {
     debug("APE::Item::parse() -- no data in item");
     return;
   }

diff --git a/ape/apetag.cpp b/ape/apetag.cpp
index 9b63b435214342b155d70bfc410deeecba1ab6b2..492601575d99972718e46e2b818f91dd0271ea5b 100644 (file)
--- a/ape/apetag.cpp
+++ b/ape/apetag.cpp
@@ -213,7 +213,7 @@ void APE::Tag::read()
       return;
 
     d->file->seek(d->tagOffset + Footer::size() - d->footer.tagSize());
-    parse(d->file->readBlock(d->footer.tagSize() - Footer::size()), d->footer.itemCount());
+    parse(d->file->readBlock(d->footer.tagSize() - Footer::size()));
   }
 }
 
@@ -238,17 +238,23 @@ ByteVector APE::Tag::render() const
   return d->footer.renderHeader() + data + d->footer.renderFooter();
 }
 
-void APE::Tag::parse(const ByteVector &data, uint count)
+void APE::Tag::parse(const ByteVector &data, uint)
+{
+  parse(data);
+}
+
+void APE::Tag::parse(const ByteVector &data)
 {
   uint pos = 0;
 
-  while(count > 0) {
+  // 11 bytes is the minimum size for an APE item
+
+  for(uint i = 0; i < d->footer.itemCount() && pos <= data.size() - 11; i++) {
     APE::Item item;
     item.parse(data.mid(pos));
 
     d->itemListMap.insert(item.key().upper(), item);
 
     pos += item.size();
-    count--;
   }
 }

diff --git a/ape/apetag.h b/ape/apetag.h
index 37f433380f175244a55d2a36352d518cadb681cd..d715e64d678742e9aeebf9e44b64a6d780735b17 100644 (file)
--- a/ape/apetag.h
+++ b/ape/apetag.h
@@ -142,9 +142,15 @@ namespace TagLib {
       void read();
       /*!
        * Parses the body of the tag in \a data with \a count items.
+       * \deprecated Please use the version that doesn't require an item count.
        */
       void parse(const ByteVector &data, uint count);
 
+      /*!
+       * Parses the body of the tag in \a data.
+       */
+      void parse(const ByteVector &data);
+
     private:
       Tag(const Tag &);
       Tag &operator=(const Tag &);