From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
Date: Tue, 23 Dec 2014 06:44:17 +0000 (+0900)
Subject: Fix an infinite loop when parsing an INFO tag.
X-Git-Tag: v1.10beta~131^2~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3170d47ec331fc778431f920903a1c0a56a4a14f;p=taglib

Fix an infinite loop when parsing an INFO tag.
---

diff --git a/taglib/riff/wav/infotag.cpp b/taglib/riff/wav/infotag.cpp
index 7cd2a192..050ff37c 100644
--- a/taglib/riff/wav/infotag.cpp
+++ b/taglib/riff/wav/infotag.cpp
@@ -258,9 +258,15 @@ void RIFF::Info::Tag::parse(const ByteVector &data)
   uint p = 4;
   while(p < data.size()) {
     const uint size = data.toUInt(p + 4, false);
-    d->fieldListMap[data.mid(p, 4)] = TagPrivate::stringHandler->parse(data.mid(p + 8, size));
+    if(size > data.size() - p - 8)
+      break;
+
+    const ByteVector id = data.mid(p, 4);
+    if(isValidChunkID(id)) {
+      const String text = TagPrivate::stringHandler->parse(data.mid(p + 8, size));
+      d->fieldListMap[id] = text;
+    }
 
     p += ((size + 1) & ~1) + 8;
   }
 }
-