shithub: libtags

Download patch

ref: f6b8f1a943b8c23d1a8252ed055bc71567a29b96
parent: 7fcd37916f92e56bd945af0496287b5db8cc8756
author: Sigrid Solveig Haflínudóttir <ftrvxmtrx@gmail.com>
date: Wed Mar 30 18:28:46 EDT 2022

id3v2: make sure extra id3 tag does not cause infinite loop

--- a/id3v2.c
+++ b/id3v2.c
@@ -366,6 +366,7 @@
 {
 	int sz, exsz, framesz;
 	int ver, unsync, offset;
+	int newpos, oldpos;
 	uchar d[10], *b;
 
 	if(ctx->read(ctx, d, sizeof(d)) != sizeof(d))
@@ -378,6 +379,7 @@
 		return 0;
 	}
 
+	oldpos = 0;
 header:
 	ver = d[3];
 	unsync = d[5] & (1<<7);
@@ -449,11 +451,13 @@
 		if(ctx->read(ctx, ctx->buf, sz) != sz)
 			break;
 		for(b = (uchar*)ctx->buf; (b = memchr(b, 'I', sz - 1 - ((char*)b - ctx->buf))) != nil; b++){
-			ctx->seek(ctx, (char*)b - ctx->buf + offset + exsz, 0);
+			newpos = ctx->seek(ctx, (char*)b - ctx->buf + offset + exsz, 0);
 			if(ctx->read(ctx, d, sizeof(d)) != sizeof(d))
 				return 0;
-			if(isid3(d))
+			if(isid3(d) && newpos != oldpos){
+				oldpos = newpos;
 				goto header;
+			}
 		}
 		for(b = (uchar*)ctx->buf; (b = memchr(b, 0xff, sz-3)) != nil; b++){
 			if((b[1] & 0xe0) == 0xe0){