Add some tests for huge memory allocation due to bad ID3v2 frame header flags.

The tests covers #466 and #486.
Also fixes a compilation error on some compilers.

diff --git a/taglib/mpeg/id3v2/id3v2frame.cpp b/taglib/mpeg/id3v2/id3v2frame.cpp
index bb251d1853aea9b76947778c84cc7e88dfbaee2d..5dc84971221804219f81993663644f2e715931e7 100644 (file)
--- a/taglib/mpeg/id3v2/id3v2frame.cpp
+++ b/taglib/mpeg/id3v2/id3v2frame.cpp
@@ -32,6 +32,7 @@
 #endif
 
 #include <bitset>
+#include <cstring>
 
 #include <tdebug.h>
 #include <tstringlist.h>
@@ -255,7 +256,7 @@ ByteVector Frame::fieldData(const ByteVector &frameData) const
      !d->header->encryption())
   {
     z_stream stream;
-    memset(&stream, 0, sizeof(z_stream));
+    ::memset(&stream, 0, sizeof(z_stream));
 
     if(inflateInit(&stream) != Z_OK)
       return ByteVector();

diff --git a/tests/data/excessive_alloc.aif b/tests/data/excessive_alloc.aif
new file mode 100644 (file)
index 0000000..9cb3a6e
Binary files /dev/null and b/tests/data/excessive_alloc.aif differ

diff --git a/tests/data/excessive_alloc.mp3 b/tests/data/excessive_alloc.mp3
new file mode 100644 (file)
index 0000000..cd8aa2a
Binary files /dev/null and b/tests/data/excessive_alloc.mp3 differ

diff --git a/tests/test_aiff.cpp b/tests/test_aiff.cpp
index a99b2350521375901bddaa3c60efd922f9f3f92e..495049b232489798785cdc2192eff4d375142470 100644 (file)
--- a/tests/test_aiff.cpp
+++ b/tests/test_aiff.cpp
@@ -1,9 +1,9 @@
-#include <cppunit/extensions/HelperMacros.h>
 #include <string>
 #include <stdio.h>
 #include <tag.h>
 #include <tbytevectorlist.h>
 #include <aifffile.h>
+#include <cppunit/extensions/HelperMacros.h>
 #include "utils.h"
 
 using namespace std;
@@ -14,7 +14,8 @@ class TestAIFF : public CppUnit::TestFixture
   CPPUNIT_TEST_SUITE(TestAIFF);
   CPPUNIT_TEST(testReading);
   CPPUNIT_TEST(testAiffCProperties);
-  CPPUNIT_TEST(testReading);
+  CPPUNIT_TEST(testFuzzedFile1);
+  CPPUNIT_TEST(testFuzzedFile2);
   CPPUNIT_TEST_SUITE_END();
 
 public:
@@ -33,12 +34,18 @@ public:
     CPPUNIT_ASSERT(f.audioProperties()->compressionName() == "SGI CCITT G.711 A-law");
   }
 
-  void testFuzzedFiles()
+  void testFuzzedFile1()
   {
     RIFF::AIFF::File f(TEST_FILE_PATH_C("segfault.aif"));
     CPPUNIT_ASSERT(!f.isValid());
   }
 
+  void testFuzzedFile2()
+  {
+    RIFF::AIFF::File f(TEST_FILE_PATH_C("excessive_alloc.aif"));
+    CPPUNIT_ASSERT(!f.isValid());
+  }
+
 };
 
 CPPUNIT_TEST_SUITE_REGISTRATION(TestAIFF);

diff --git a/tests/test_mpeg.cpp b/tests/test_mpeg.cpp
index 024da6a05a5f7849c8f4d0f6566451d1e1320afd..07b970ee0223749e4fd6f29bf3cba111ad1abe88 100644 (file)
--- a/tests/test_mpeg.cpp
+++ b/tests/test_mpeg.cpp
@@ -17,6 +17,7 @@ class TestMPEG : public CppUnit::TestFixture
   CPPUNIT_TEST(testSaveID3v24WrongParam);
   CPPUNIT_TEST(testSaveID3v23);
   CPPUNIT_TEST(testDuplicateID3v2);
+  CPPUNIT_TEST(testFuzzedFile);
   CPPUNIT_TEST_SUITE_END();
 
 public:
@@ -106,6 +107,12 @@ public:
     CPPUNIT_ASSERT_EQUAL(44100, f.audioProperties()->sampleRate());
   }
 
+  void testFuzzedFile()
+  {
+    MPEG::File f(TEST_FILE_PATH_C("excessive_alloc.mp3"));
+    CPPUNIT_ASSERT(f.isValid());
+  }
+
 };
 
 CPPUNIT_TEST_SUITE_REGISTRATION(TestMPEG);