[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[elpa] externals/emms 52dac8ccc4 41/42: Remove most length limits from V
|
From: |
ELPA Syncer |
|
Subject: |
[elpa] externals/emms 52dac8ccc4 41/42: Remove most length limits from Vorbis bindat specs |
|
Date: |
Wed, 1 Nov 2023 15:58:02 -0400 (EDT) |
branch: externals/emms
commit 52dac8ccc47e6040d33045e8df989a09270d3bdb
Author: Petteri Hintsanen <petterih@iki.fi>
Commit: Petteri Hintsanen <petterih@iki.fi>
Remove most length limits from Vorbis bindat specs
Many of the field length limits were arbitrarily chosen and even too
strict in practice. It is better to check against the length of input
data, which forms trivially an upper bound for the length of any
field.
Do still keep maximum metadata peek sizes to limit reading of
excessive amounts of data, but increase the limit to 16 MB.
---
emms-info-native-flac.el | 12 +++++++-----
emms-info-native-ogg.el | 12 ++++++------
emms-info-native-opus.el | 11 ++++++-----
emms-info-native-vorbis.el | 39 +++++++--------------------------------
4 files changed, 26 insertions(+), 48 deletions(-)
diff --git a/emms-info-native-flac.el b/emms-info-native-flac.el
index 132ee33bd9..2315bb7fbe 100644
--- a/emms-info-native-flac.el
+++ b/emms-info-native-flac.el
@@ -34,7 +34,9 @@
(require 'emms-info-native-vorbis)
(require 'bindat)
-(defconst emms-info-native-flac--max-peek-size (* 2048 1024)
+(defvar bindat-raw)
+
+(defconst emms-info-native-flac--max-peek-size (* 16 1024 1024)
"Maximum buffer size for metadata decoding.
Functions in `emms-info-native-flac' read certain amounts of data
into a temporary buffer while decoding metadata. This variable
@@ -82,22 +84,22 @@ exhaustion in case of garbled or malicious inputs.")
(if (eval-when-compile (fboundp 'bindat-type))
(bindat-type
(vendor-length uintr 32)
- (_ unit (when (> vendor-length
emms-info-native-vorbis--max-vendor-length)
+ (_ unit (when (> vendor-length (length bindat-raw))
(error "FLAC vendor length %s is too long"
vendor-length)))
(vendor-string str vendor-length)
(user-comments-list-length uintr 32)
- (_ unit (when (> user-comments-list-length
emms-info-native-vorbis--max-comments)
+ (_ unit (when (> user-comments-list-length (length bindat-raw))
(error "FLAC user comment list length %s is too long"
user-comments-list-length)))
(user-comments repeat user-comments-list-length
type
emms-info-native-vorbis--comment-field-bindat-spec))
'((vendor-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-vendor-length)
+ (eval (when (> last (length bindat-raw))
(error "FLAC vendor length %s is too long" last)))
(vendor-string str (vendor-length))
(user-comments-list-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-comments)
+ (eval (when (> last (length bindat-raw))
(error "FLAC user comment list length %s is too long"
last)))
(user-comments repeat
diff --git a/emms-info-native-ogg.el b/emms-info-native-ogg.el
index 457dc696f7..89c309e85f 100644
--- a/emms-info-native-ogg.el
+++ b/emms-info-native-ogg.el
@@ -47,13 +47,13 @@
(defconst emms-info-native-ogg--page-size 65307
"Maximum size for a single Ogg container page.")
-(defconst emms-info-native-ogg--max-peek-size (* 2048 1024)
+(defconst emms-info-native-ogg--max-peek-size (* 16 1024 1024)
"Maximum buffer size for metadata decoding.
-Functions in `emms-info-native-ogg' read certain amounts of data into a
-temporary buffer while decoding metadata. This variable controls
-the maximum size of that buffer: if more than
-`emms-info-native-ogg--max-peek-size' bytes are needed, an error is
-signaled.
+Functions in `emms-info-native-ogg' read certain amounts of data
+into a temporary buffer while decoding metadata. This variable
+controls the maximum size of that buffer: if more than
+`emms-info-native-ogg--max-peek-size' bytes are needed, an error
+is signaled.
Technically metadata blocks can have almost arbitrary lengths,
but in practice processing must be constrained to prevent memory
diff --git a/emms-info-native-opus.el b/emms-info-native-opus.el
index efec5e9033..15f0aa487f 100644
--- a/emms-info-native-opus.el
+++ b/emms-info-native-opus.el
@@ -31,6 +31,8 @@
(require 'emms-info-native-vorbis)
(require 'bindat)
+(defvar bindat-raw)
+
(defvar emms-info-native-opus--channel-count 0
"Last decoded Opus channel count.")
@@ -101,13 +103,12 @@
emms-info-native-opus--tags-magic-pattern
opus-tags)))
(vendor-length uintr 32)
- (_ unit (when (> vendor-length
emms-info-native-vorbis--max-vendor-length)
+ (_ unit (when (> vendor-length (length bindat-raw))
(error "Opus vendor length %s is too long"
vendor-length)))
(vendor-string str vendor-length)
(user-comments-list-length uintr 32)
- (_ unit (when (> user-comments-list-length
- emms-info-native-vorbis--max-comments)
+ (_ unit (when (> user-comments-list-length (length bindat-raw))
(error "Opus user comment list length %s is too long"
user-comments-list-length)))
(user-comments repeat user-comments-list-length
@@ -118,11 +119,11 @@
emms-info-native-opus--tags-magic-pattern
last)))
(vendor-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-vendor-length)
+ (eval (when (> last (length bindat-raw))
(error "Opus vendor length %s is too long" last)))
(vendor-string str (vendor-length))
(user-comments-list-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-comments)
+ (eval (when (> last (length bindat-raw))
(error "Opus user comment list length %s is too long"
last)))
(user-comments repeat
diff --git a/emms-info-native-vorbis.el b/emms-info-native-vorbis.el
index 77a49a7f32..7a8ccc6239 100644
--- a/emms-info-native-vorbis.el
+++ b/emms-info-native-vorbis.el
@@ -29,32 +29,7 @@
(require 'bindat)
-(defconst emms-info-native-vorbis--max-comments 1024
- "Maximum number of Vorbis comment fields in a stream.
-Technically a single Vorbis stream may have up to 2^32 comments,
-but in practice processing must be constrained to prevent memory
-exhaustion in case of garbled or malicious inputs.
-
-This limit is used with Opus and FLAC streams as well, since
-their comments have almost the same format as Vorbis.")
-
-(defconst emms-info-native-vorbis--max-comment-size (* 64 1024)
- "Maximum length for a single Vorbis comment field.
-Technically a single Vorbis comment may have a length up to 2^32
-bytes, but in practice processing must be constrained to prevent
-memory exhaustion in case of garbled or malicious inputs.
-
-This limit is used with Opus and FLAC streams as well, since
-their comments have almost the same format as Vorbis.")
-
-(defconst emms-info-native-vorbis--max-vendor-length 1024
- "Maximum length of Vorbis vendor string.
-Technically a vendor string can be up to 2^32 bytes long, but in
-practice processing must be constrained to prevent memory
-exhaustion in case of garbled or malicious inputs.
-
-This limit is used with Opus and FLAC streams as well, since
-their comments have almost the same format as Vorbis.")
+(defvar bindat-raw)
(defconst emms-info-native-vorbis--accepted-fields
'("album"
@@ -136,12 +111,12 @@ their comments have almost the same format as Vorbis.")
(if (eval-when-compile (fboundp 'bindat-type))
(bindat-type
(length uintr 32)
- (_ unit (when (> length emms-info-native-vorbis--max-comment-size)
+ (_ unit (when (> length (length bindat-raw))
(error "Vorbis comment length %s is too long"
length)))
(user-comment str length))
'((length u32r)
- (eval (when (> last emms-info-native-vorbis--max-comment-size)
+ (eval (when (> last (length bindat-raw))
(error "Vorbis comment length %s is too long" last)))
(user-comment str (length))))
"Vorbis comment field specification.")
@@ -159,12 +134,12 @@ their comments have almost the same format as Vorbis.")
emms-info-native-vorbis--header-magic-pattern
vorbis)))
(vendor-length uintr 32)
- (_ unit (when (> vendor-length
emms-info-native-vorbis--max-vendor-length)
+ (_ unit (when (> vendor-length (length bindat-raw))
(error "Vorbis vendor length %s is too long"
vendor-length)))
(vendor-string str vendor-length)
(user-comments-list-length uintr 32)
- (_ unit (when (> user-comments-list-length
emms-info-native-vorbis--max-comments)
+ (_ unit (when (> user-comments-list-length (length bindat-raw))
(error "Vorbis user comment list length %s is too long"
user-comments-list-length)))
(user-comments repeat user-comments-list-length
@@ -183,11 +158,11 @@ their comments have almost the same format as Vorbis.")
emms-info-native-vorbis--header-magic-pattern
last)))
(vendor-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-vendor-length)
+ (eval (when (> last (length bindat-raw))
(error "Vorbis vendor length %s is too long" last)))
(vendor-string str (vendor-length))
(user-comments-list-length u32r)
- (eval (when (> last emms-info-native-vorbis--max-comments)
+ (eval (when (> last (length bindat-raw))
(error "Vorbis user comment list length %s is too long"
last)))
(user-comments repeat
- [elpa] externals/emms 9db19a5abd 31/42: Remove emms--use-bindat-type, (continued)
- [elpa] externals/emms 9db19a5abd 31/42: Remove emms--use-bindat-type, ELPA Syncer, 2023/11/01
- [elpa] externals/emms c848c18727 33/42: Change to emms-info-native- prefix, ELPA Syncer, 2023/11/01
- [elpa] externals/emms 342c44103a 35/42: Fix multi-channel mapping in Opus identification header, ELPA Syncer, 2023/11/01
- [elpa] externals/emms b3c2f9cf09 39/42: Use uintr for little-endian unsigned integer fields, ELPA Syncer, 2023/11/01
- [elpa] externals/emms c96afb7687 40/42: Use eval-when-compile with subr-x, ELPA Syncer, 2023/11/01
- [elpa] externals/emms 2852a8f61b 10/42: Add tests for emms-info-native, ELPA Syncer, 2023/11/01
- [elpa] externals/emms e1f2810f39 13/42: Use string instead of vector as Ogg page payload type, ELPA Syncer, 2023/11/01
- [elpa] externals/emms dd72caba90 37/42: Doc fixes, ELPA Syncer, 2023/11/01
- [elpa] externals/emms f594f7edac 15/42: Use strings instead of vectors for passing data, ELPA Syncer, 2023/11/01
- [elpa] externals/emms 2749fdb998 30/42: Allow empty metadata blocks, ELPA Syncer, 2023/11/01
- [elpa] externals/emms 52dac8ccc4 41/42: Remove most length limits from Vorbis bindat specs,
ELPA Syncer <=
- [elpa] externals/emms 32fd570ed7 42/42: Merge branch 'info-native', ELPA Syncer, 2023/11/01