From c92a02b0d7db4a98e6a1931d8fba2936e09c66d8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Luk=C3=A1=C5=A1=20Lalinsk=C3=BD?= Date: Fri, 10 Jul 2009 14:43:15 +0000 Subject: [PATCH] One more check for invalid frame in AttachedPictureFrame::parseFields Patch by Mook BUG:168382 git-svn-id: svn://anonsvn.kde.org/home/kde/trunk/kdesupport/taglib@994361 283d02a7-25f6-0310-bc7c-ecb5cbfe19da --- taglib/mpeg/id3v2/frames/attachedpictureframe.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp index 8a88253f..3ad71557 100644 --- a/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp +++ b/taglib/mpeg/id3v2/frames/attachedpictureframe.cpp @@ -136,6 +136,12 @@ void AttachedPictureFrame::parseFields(const ByteVector &data) int pos = 1; d->mimeType = readStringField(data, String::Latin1, &pos); + /* Now we need at least two more bytes available */ + if (pos + 1 >= data.size()) { + debug("Truncated picture frame."); + return; + } + d->type = (TagLib::ID3v2::AttachedPictureFrame::Type)data[pos++]; d->description = readStringField(data, d->textEncoding, &pos); -- 2.50.1