From: Lukáš Lalinský <lalinsky@gmail.com>
Date: Fri, 10 Jul 2009 14:43:15 +0000 (+0000)
Subject: One more check for invalid frame in AttachedPictureFrame::parseFields
X-Git-Tag: v1.6rc1~20
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=c92a02b0d7db4a98e6a1931d8fba2936e09c66d8;p=taglib

One more check for invalid frame in AttachedPictureFrame::parseFields

Patch by Mook
BUG:168382


git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@994361 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
---

diff --git a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
index 8a88253f..3ad71557 100644
--- a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
+++ b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp
@@ -136,6 +136,12 @@ void AttachedPictureFrame::parseFields(const ByteVector &data)
   int pos = 1;
 
   d->mimeType = readStringField(data, String::Latin1, &pos);
+  /* Now we need at least two more bytes available */	
+  if (pos + 1 >= data.size()) {
+    debug("Truncated picture frame.");
+    return;
+  }
+
   d->type = (TagLib::ID3v2::AttachedPictureFrame::Type)data[pos++];
   d->description = readStringField(data, d->textEncoding, &pos);