[issue2649] Invalid id3v2 header causes infinite loop in ff_id3v2_parse
(too old to reply)
2011-03-07 16:14:47 UTC
New submission from yoav <***@monfort.co.il>:

The attached file has an invalid id3v2 header (or there might be a bug in
ff_id3v2_parse which reads it incorrectly).
In any case while running over the tags: "while (len >= taghdrlen)" we update
len in each iteration like this: "len -= taghdrlen + tlen;" if the "tlen" read
from the file is corrupt and negative it causes a very large len, leading to an
infinite loop. (File isn't playable, ffmpeg freezes).
See attached file.

Output from ffmpeg -i is:

FFmpeg version git-e519753, Copyright (c) 2000-2011 the FFmpeg developers
built on Mar 7 2011 18:02:05 with gcc 4.4.5
configuration: --enable-memalign-hack --extra-cflags=-fno-common
--extra-cflags=-ggdb --extra-ldflags=-ggdb --extra-cflags=-I.
--extra-cflags=-I/opt/lame/include --extra-cflags=-DUNICODE
--extra-ldflags=-L/opt/lame/lib --disable-devices --disable-filters
--disable-protocols --enable-protocol=file --disable-muxers --enable-muxer=mp3
--disable-encoders --enable-libmp3lame --enable-encoder=libmp3lame
--disable-network --disable-decoders --disable-demuxers --enable-decoder=aac
--enable-demuxer=aac --enable-demuxer=mov --enable-decoder=mp3
--enable-demuxer=mp3 --enable-decoder=vorbis --enable-demuxer=ogg
--enable-decoder=flac --enable-demuxer=flac --enable-decoder=ape
--enable-demuxer=ape --enable-decoder=wmav1 --enable-demuxer=asf
--enable-decoder=wmav2 --enable-decoder=alac --disable-parsers
--enable-parser=aac --enable-parser=mpegaudio --enable-parser=flac
--disable-bsfs --disable-ffserver --disable-ffplay --enable-static
--enable-shared --prefix=/opt/ffmpeg_git --enable-debug --disable-optimizations
--extra-cflags=-DDEBUG --disable-stripping
libavutil 50. 39. 0 / 50. 39. 0
libavcodec 52.113. 2 / 52.113. 2
libavformat 52.102. 0 / 52.102. 0
libavdevice 52. 2. 3 / 52. 2. 3
libavfilter 1. 76. 0 / 1. 76. 0
libswscale 0. 12. 0 / 0. 12. 0
File 'fff.mp3' not attached - you can download it from https://roundup.ffmpeg.org/file1362.

files: fff.mp3
messages: 13823
priority: normal
status: new
substatus: new
title: Invalid id3v2 header causes infinite loop in ff_id3v2_parse
topic: avformat
type: bug

FFmpeg issue tracker <***@roundup.ffmpeg.org>
Anton Khirnov
2011-03-25 06:42:41 UTC
Anton Khirnov <***@khirnov.net> added the comment:

fixed in c5f4c0fd5c791ba97eb266cc30ae2172c10feb20
the file is broken -- APIC frame size is wrong, but the parser skips it now

status: new -> closed
substatus: new -> fixed
topic: -avformat

Libav issue tracker <***@roundup.libav.org>