From 90f62a3c9464d42030558cce35204da0705f99b8 Mon Sep 17 00:00:00 2001
From: Urs Fleisch <ufleisch@users.sourceforge.net>
Date: Thu, 14 Nov 2024 17:43:18 +0100
Subject: [PATCH] Do not store too large FLAC metadata blocks (#1249) (#1250)

The size of FLAC metadata blocks is stored in only 24 bits. Remove
blocks exceeding this limit when saving FLAC and Ogg FLAC files.
---
 taglib/flac/flacfile.cpp        | 13 ++++++++++---
 taglib/ogg/flac/oggflacfile.cpp | 11 +++++++++++
 2 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/taglib/flac/flacfile.cpp b/taglib/flac/flacfile.cpp
index c890a9a5..f0d93bd4 100644
--- a/taglib/flac/flacfile.cpp
+++ b/taglib/flac/flacfile.cpp
@@ -265,12 +265,19 @@ bool FLAC::File::save()
   // Render data for the metadata blocks
 
   ByteVector data;
-  for(const auto &block : std::as_const(d->blocks)) {
-    ByteVector blockData = block->render();
+  for(auto it = d->blocks.begin(); it != d->blocks.end();) {
+    ByteVector blockData = (*it)->render();
     ByteVector blockHeader = ByteVector::fromUInt(blockData.size());
-    blockHeader[0] = block->code();
+    if(blockHeader[0] != 0) {
+      debug("FLAC::File::save() -- Removing too large block.");
+      delete *it;
+      it = d->blocks.erase(it);
+      continue;
+    }
+    blockHeader[0] = (*it)->code();
     data.append(blockHeader);
     data.append(blockData);
+    ++it;
   }
 
   // Compute the amount of padding, and append that to data.
diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
index 58a96956..c283eddf 100644
--- a/taglib/ogg/flac/oggflacfile.cpp
+++ b/taglib/ogg/flac/oggflacfile.cpp
@@ -113,6 +113,17 @@ bool Ogg::FLAC::File::save()
   // Put the size in the first 32 bit (I assume no more than 24 bit are used)
 
   ByteVector v = ByteVector::fromUInt(d->xiphCommentData.size());
+  if(v[0] != 0) {
+    // Block size uses more than 24 bits, try again with pictures removed.
+    d->comment->removeAllPictures();
+    d->xiphCommentData = d->comment->render(false);
+    v = ByteVector::fromUInt(d->xiphCommentData.size());
+    if(v[0] != 0) {
+      debug("Ogg::FLAC::File::save() -- Invalid, metadata block is too large.");
+      return false;
+    }
+    debug("Ogg::FLAC::File::save() -- Metadata block is too large, pictures removed.");
+  }
 
   // Set the type of the metadata-block to be a Xiph / Vorbis comment