ref: f618f1d98ceef22c163ad210167f2a02c5916e17
parent: 977514a6dfc4960d819a103f43b358e58ac6c28f
author: lieff <lieff@users.noreply.github.com>
date: Fri Oct 25 08:18:38 EDT 2019
check id3v2size exceeds input buffer size
--- a/minimp3_ex.h
+++ b/minimp3_ex.h
@@ -73,6 +73,8 @@
{size_t id3v2size = (((buf[6] & 0x7f) << 21) | ((buf[7] & 0x7f) << 14) |
((buf[8] & 0x7f) << 7) | (buf[9] & 0x7f)) + 10;
+ if (id3v2size >= buf_size)
+ id3v2size = buf_size;
buf += id3v2size;
buf_size -= id3v2size;
}