From 3170d47ec331fc778431f920903a1c0a56a4a14f Mon Sep 17 00:00:00 2001
From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
Date: Tue, 23 Dec 2014 15:44:17 +0900
Subject: [PATCH] Fix an infinite loop when parsing an INFO tag.

---
 taglib/riff/wav/infotag.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/taglib/riff/wav/infotag.cpp b/taglib/riff/wav/infotag.cpp
index 7cd2a192..050ff37c 100644
--- a/taglib/riff/wav/infotag.cpp
+++ b/taglib/riff/wav/infotag.cpp
@@ -258,9 +258,15 @@ void RIFF::Info::Tag::parse(const ByteVector &data)
   uint p = 4;
   while(p < data.size()) {
     const uint size = data.toUInt(p + 4, false);
-    d->fieldListMap[data.mid(p, 4)] = TagPrivate::stringHandler->parse(data.mid(p + 8, size));
+    if(size > data.size() - p - 8)
+      break;
+
+    const ByteVector id = data.mid(p, 4);
+    if(isValidChunkID(id)) {
+      const String text = TagPrivate::stringHandler->parse(data.mid(p + 8, size));
+      d->fieldListMap[id] = text;
+    }
 
     p += ((size + 1) & ~1) + 8;
   }
 }
-