You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know, I know. This is an old code, non-critical and generally useless. AND that is why this becomes interesting, why in 16 years so many people missed such nuances.
I mean findframe function from checkframe.c. We try some tag headers to skip them AND collecting alient garbage. Lets take tag TAG. Imagine we have some macros with obvious functionality
#define READ_NEXT(bytes) res = cfread(++ptr, bytes, file->fp); if (res < bytes) continue; #define ALIEN(bytes) alienbytes(file, bytes);
Now we get the following snippet of code
} else if (*ptr == 'T') { /* TAG -> ID3v1 tag */ READ_NEXT(2) if (*ptr++ == 'A' && *ptr++ == 'G') { skip_id3v1_tag(file); } else ALIEN(3);
}`
First what we do wrong is ALIEN(3); We miss a case then after 'T' we have something pretty valid, like {'T', 0xFF, 0xFE} or {'T', 0, 0xFF}. So we have to rewind pointer for 2 and alientize by 1.
Second. We pretty sure in success of our skip. No any doubts. However it is very vain. It may be better to chain skip to be sure all bytes of tag is correct and consistent, not only TAG. Probably it can be written like that
I know, I know. This is an old code, non-critical and generally useless. AND that is why this becomes interesting, why in 16 years so many people missed such nuances.
I mean
findframe
function fromcheckframe.c
. We try some tag headers to skip them AND collecting alient garbage. Lets take tag TAG. Imagine we have some macros with obvious functionality#define READ_NEXT(bytes) res = cfread(++ptr, bytes, file->fp); if (res < bytes) continue;
#define ALIEN(bytes) alienbytes(file, bytes);
Now we get the following snippet of code
} else if (*ptr == 'T') { /* TAG -> ID3v1 tag */
READ_NEXT(2)
if (*ptr++ == 'A' && *ptr++ == 'G') {
skip_id3v1_tag(file);
} else ALIEN(3);
}`
First what we do wrong is ALIEN(3); We miss a case then after 'T' we have something pretty valid, like {'T', 0xFF, 0xFE} or {'T', 0, 0xFF}. So we have to rewind pointer for 2 and alientize by 1.
#define ALIEN(bytes) *ptr-=(bytes-1); alienbytes(file, 1);
Second. We pretty sure in success of our
skip
. No any doubts. However it is very vain. It may be better to chainskip
to be sure all bytes of tag is correct and consistent, not only TAG. Probably it can be written like thatThe text was updated successfully, but these errors were encountered: