Security flaws in FAPG 0.41 and related patches

[FAPG] / fapg.c

diff --git a/fapg.c b/fapg.c
index 176c495..0c72af8 100644 (file)
--- a/fapg.c
+++ b/fapg.c
@@ -43,7 +43,7 @@
 
 #define MP3_BASE 1024
 #define OGG_BASE 1024*10
-#define MAX 1024*200            /* 200ko for ID3 with JPEG images in it */
+#define MAX 1024*250            /* 250ko for ID3 with JPEG images in it */
 
 #define FORMAT_M3U 0
 #define FORMAT_PLS 1
@@ -425,7 +425,7 @@ void print_webpath(const char *path)
 {
     const char *c = path;
 
-    printf(prefix);             /* we must not modify this part */
+    printf("%s", prefix);             /* we must not modify this part */
     if(*c == '.' && c[1] == '/') {      /* remove leading "./" when parsing current directory */
         c += 2;
         /* maybe there follow many slashes */
@@ -443,7 +443,7 @@ void print_webpath(const char *path)
 void print_path(const char *path)
 {
     const char *c = path;
-    printf(prefix);
+    printf("%s", prefix);
     /* skip leading "./" when parsing current directory */
     if(*c == '.' && *(c + 1) == '/') {
         c += 2;
@@ -500,7 +500,6 @@ void reference(const char *title)
     pipe = popen(command, "r");
     if(pipe == NULL) {
         fprintf(stderr, "Warning >> can't open pipe >%s< !\n", command);
-        free(command);
         return;
     }
     fgets(buffer, 1020, pipe);
@@ -862,6 +861,13 @@ void parse_ogg(unsigned char *file)
             title[size - 6] = '\0';
             c += size;
         }
+        if(strncasecmp(c, "ALBUM ARTIST=", 13) == 0) {
+            // ignore tag
+            size =
+                *(c - 4) + (*(c - 3) << 8) + (*(c - 2) << 16) +
+                (*(c - 1) << 24);
+            c += size;
+        }
         if(strncasecmp(c, "ARTIST=", 7) == 0) {
             size =
                 *(c - 4) + (*(c - 3) << 8) + (*(c - 2) << 16) +