search

h2non / filetype

Fast, dependency-free Go package to infer binary file types based on the magic numbers header signature
https://pkg.go.dev/github.com/h2non/filetype?tab=doc
MIT License
2.1k stars 175 forks source link

Buffer overrun in matchers.Mp4() #4

Closed unclebadtouches closed 8 years ago

unclebadtouches commented 8 years ago

Mp4() function needs additional parenthesis in order to evaluate correctly. Diff included below:

$ git diff -w
diff --git a/matchers/video.go b/matchers/video.go
index bb5ba26..e135b76 100644
--- a/matchers/video.go
+++ b/matchers/video.go
@@ -86,7 +86,7 @@ func Flv(buf []byte) bool {

 func Mp4(buf []byte) bool {
        return len(buf) > 27 &&
-               (buf[0] == 0x0 && buf[1] == 0x0 && buf[2] == 0x0 &&
+               ((buf[0] == 0x0 && buf[1] == 0x0 && buf[2] == 0x0 &&
                        (buf[3] == 0x18 || buf[3] == 0x20) && buf[4] == 0x66 &&
                        buf[5] == 0x74 && buf[6] == 0x79 && buf[7] == 0x70) ||
                        (buf[0] == 0x33 && buf[1] == 0x67 && buf[2] == 0x70 && buf[3] == 0x35) ||
@@ -95,5 +95,5 @@ func Mp4(buf []byte) bool {
                                buf[8] == 0x6D && buf[9] == 0x70 && buf[10] == 0x34 && buf[11] == 0x32 &&
                                buf[16] == 0x6D && buf[17] == 0x70 && buf[18] == 0x34 && buf[19] == 0x31 &&
                                buf[20] == 0x6D && buf[21] == 0x70 && buf[22] == 0x34 && buf[23] == 0x32 &&
-                       buf[24] == 0x69 && buf[25] == 0x73 && buf[26] == 0x6F && buf[27] == 0x6D)
+                               buf[24] == 0x69 && buf[25] == 0x73 && buf[26] == 0x6F && buf[27] == 0x6D))
 }
unclebadtouches commented 8 years ago

Same issue in Mp3(), M4a(), and Tiff()

h2non commented 8 years ago

Fixed. I've also added real file tests to cover it.