One more check for invalid frame in AttachedPictureFrame::parseFields

Patch by Mook
BUG:168382

git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@994361 283d02a7-25f6-0310-bc7c-ecb5cbfe19da

diff --git a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
index 8a88253f5cadc7339bae7bd08a2d80ac8d5a8d2b..3ad71557c8dcc3990950f15caf435fffb949a265 100644 (file)
--- a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
+++ b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
@@ -136,6 +136,12 @@ void AttachedPictureFrame::parseFields(const ByteVector &data)
   int pos = 1;
 
   d->mimeType = readStringField(data, String::Latin1, &pos);
+  /* Now we need at least two more bytes available */  
+  if (pos + 1 >= data.size()) {
+    debug("Truncated picture frame.");
+    return;
+  }
+
   d->type = (TagLib::ID3v2::AttachedPictureFrame::Type)data[pos++];
   d->description = readStringField(data, d->textEncoding, &pos);