ref: 5e7d1c7c613f0d46b9266a43b941d33ea8d88d32
parent: c7a0c41e289892e039f4da3b37568142964620c0
author: Sigrid Solveig Haflínudóttir <sigrid@ftrv.se>
date: Tue Mar 5 20:29:51 EST 2024
id3v2: deal with invalid text tag sizes
--- a/id3v2.c
+++ b/id3v2.c
@@ -214,7 +214,9 @@
{char *b, *tag;
- if(ctx->bufsz >= tsz+1){+ if(tsz < 0)
+ return -1;
+ if(ctx->bufsz > tsz){/* place the data at the end to make best effort at charset conversion */
tag = &ctx->buf[ctx->bufsz - tsz - 1];
if(ctx->read(ctx, tag, tsz) != tsz)