From 51ae5748cb790fa07cd4fd0ef55112dcc0338b52 Mon Sep 17 00:00:00 2001 From: bobsayshilol Date: Sun, 25 Apr 2021 12:34:23 +0100 Subject: [PATCH] ID3v2: Return early from decode() on invalid data The while loop in this function assumes that `data.end() - 1` is less than `data.end()`, which isn't the case if `data` is empty since `data.end()` can be a nullptr. --- taglib/mpeg/id3v2/id3v2synchdata.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/taglib/mpeg/id3v2/id3v2synchdata.cpp b/taglib/mpeg/id3v2/id3v2synchdata.cpp index 2aa99999..ba848dec 100644 --- a/taglib/mpeg/id3v2/id3v2synchdata.cpp +++ b/taglib/mpeg/id3v2/id3v2synchdata.cpp @@ -74,6 +74,10 @@ ByteVector SynchData::fromUInt(unsigned int value) ByteVector SynchData::decode(const ByteVector &data) { + if (data.size() == 0) { + return ByteVector(); + } + // We have this optimized method instead of using ByteVector::replace(), // since it makes a great difference when decoding huge unsynchronized frames.