OOM when reading tag from fuzzed file

saecki / mp4ameta

A library for reading and writing iTunes style MPEG-4 audio metadata

Apache License 2.0

35 stars 5 forks source link

OOM when reading tag from fuzzed file #25

Open 5225225 opened 2 years ago

5225225 commented 2 years ago

Reproduction code

fn main() {
    let data = [0, 0, 0, 1, 102, 116, 121, 112, 0, 132, 255, 255, 255, 255, 0, 132];
    let mut data = std::io::Cursor::new(data);
    let tag = mp4ameta::Tag::read_from(&mut data);
}

Results in

memory allocation of 37436171902451828 bytes failed
zsh: abort (core dumped)  cargo run

saecki commented 2 years ago

Oh, there should be some sort of sanity check.