shithub: libtags

Download patch

ref: 090895882eb536348924cbbedf59b1fc22e8658e
parent: 7e151f2b35585bd69900da623a12c80f3e20a6cf
author: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se>
date: Tue Mar 5 18:09:53 EST 2024 

id3v2: extended header size includes 'size' bytes and is 6 bytes minimum, respect that


--- a/id3v2.c
+++ b/id3v2.c
@@ -403,7 +403,7 @@
 			if(ctx->read(ctx, d, 4) != 4)
 				return -1;
 			exsz = (ver >= 3) ? beuint(d) : synchsafe(d);
-			if(ctx->seek(ctx, exsz, 1) < 0)
+			if(exsz < 6 || ctx->seek(ctx, exsz-4, 1) < 0)
 				return -1;
 			sz -= exsz;
 		}