Castopod
/
AntennaPod
mirror of https://github.com/AntennaPod/AntennaPod.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Stop parsing if we encounter an unrealistically long comment

This commit is contained in:
ByteHamster 2021-11-21 18:49:50 +01:00
parent d94bfd80b7
commit e2600f54e4
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
View File

@ -75,10 +75,14 @@ public abstract class VorbisCommentReader {
private void readUserComment(InputStream input) throws VorbisCommentReaderException { private void readUserComment(InputStream input) throws VorbisCommentReaderException {
try { try {
long vectorLength = EndianUtils.readSwappedUnsignedInteger(input); long vectorLength = EndianUtils.readSwappedUnsignedInteger(input);
if (vectorLength > 20 * 1024 * 1024) {
// Avoid reading entire file if it is encoded incorrectly
throw new VorbisCommentReaderException("User comment unrealistically long: " + vectorLength);
}
String key = readContentVectorKey(input, vectorLength).toLowerCase(Locale.US); String key = readContentVectorKey(input, vectorLength).toLowerCase(Locale.US);
boolean readValue = onContentVectorKey(key); boolean readValue = onContentVectorKey(key);
if (readValue) { if (readValue) {
String value = readUtf8String(input, (int) (vectorLength - key.length() - 1)); String value = readUtf8String(input, vectorLength - key.length() - 1);
onContentVectorValue(key, value); onContentVectorValue(key, value);
} else { } else {
IOUtils.skipFully(input, vectorLength - key.length() - 1); IOUtils.skipFully(input, vectorLength - key.length() - 1);