[issue2649] Invalid id3v2 header causes infinite loop in ff_id3v2_parse
2011-03-07 16:14:47 UTC
New submission from yoav:

The attached file has an invalid id3v2 header (or there might be a bug in
ff_id3v2_parse which reads it incorrectly).
In any case while running over the tags: "while (len >= taghdrlen)" we update
len in each iteration like this: "len -= taghdrlen + tlen;" if the "tlen" read
from the file is corrupt and negative it causes a very large len, leading to an
infinite loop. (File isn't playable, ffmpeg freezes).
See attached file.

Output from ffmpeg -i is:

File 'fff.mp3' not attached - you can download it from https://roundup.ffmpeg.org/file1362.

Anton Khirnov
2011-03-25 06:42:41 UTC
Anton Khirnov added the comment:

fixed in c5f4c0fd5c791ba97eb266cc30ae2172c10feb20
the file is broken -- APIC frame size is wrong, but the parser skips it now

