shithub: libtags

Download patch

ref: 3c03147592b56d3dd87fdc3539fff6a2025a6fab
parent: 9fd9c7b9e579e2ce4de4ee63a28c0ab04459ca13
author: Sigrid Solveig Haflínudóttir <[email protected]>
date: Tue Mar 5 22:10:59 EST 2024

m4a: ignore tags of nonsensical sizes

--- a/m4a.c
+++ b/m4a.c
@@ -124,7 +124,7 @@
 		if(type < 0)
 			continue;
 
-		if(ctx->seek(ctx, 8, 1) < 0) /* skip size and "data" */
+		if(sz < 16 || ctx->seek(ctx, 8, 1) < 0) /* skip size and "data" */
 			return -1;
 		sz -= 8;
 		if(ctx->read(ctx, d, 8) != 8) /* read data type and 4 bytes of whatever else */
@@ -148,7 +148,7 @@
 		}else if(dtype == 1){ /* text */
 			if(sz >= ctx->bufsz) /* skip tags that can't fit into memory. ">=" because of '\0' */
 				continue;
-			if(ctx->read(ctx, d, sz) != sz)
+			if(sz < 0 || ctx->read(ctx, d, sz) != sz)
 				return -1;
 			d[sz] = 0;
 			txtcb(ctx, type, "", d);