From 9d91610fc0b978d6d34061bb1046317e087dc30a Mon Sep 17 00:00:00 2001
From: Tsuda Kageyu <tsuda.kageyu@gmail.com>
Date: Tue, 6 Jan 2015 17:20:03 +0900
Subject: [PATCH] Fix a wrong parameter for zlib.

z_stream.avail_in has to be the length of the input buffer.
It will fail when frameDataLength is smaller than the actual compressed data size.
---
 taglib/mpeg/id3v2/id3v2frame.cpp    |  11 +++++++----
 tests/data/compressed_id3_frame.mp3 | Bin 5000 -> 5000 bytes
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/taglib/mpeg/id3v2/id3v2frame.cpp b/taglib/mpeg/id3v2/id3v2frame.cpp
index 5dc84971..bee5375a 100644
--- a/taglib/mpeg/id3v2/id3v2frame.cpp
+++ b/taglib/mpeg/id3v2/id3v2frame.cpp
@@ -32,7 +32,6 @@
 #endif
 
 #include <bitset>
-#include <cstring>
 
 #include <tdebug.h>
 #include <tstringlist.h>
@@ -255,13 +254,17 @@ ByteVector Frame::fieldData(const ByteVector &frameData) const
   if(d->header->compression() &&
      !d->header->encryption())
   {
-    z_stream stream;
-    ::memset(&stream, 0, sizeof(z_stream));
+    if(frameData.size() <= frameDataOffset) {
+      debug("Compressed frame doesn't have enough data to decode");
+      return ByteVector();
+    }
+
+    z_stream stream = {};
 
     if(inflateInit(&stream) != Z_OK)
       return ByteVector();
 
-    stream.avail_in = (uLongf) frameDataLength;
+    stream.avail_in = (uLongf) frameData.size() - frameDataOffset;
     stream.next_in = (Bytef *) frameData.data() + frameDataOffset;
 
     static const uint chunkSize = 1024;
diff --git a/tests/data/compressed_id3_frame.mp3 b/tests/data/compressed_id3_frame.mp3
index 60bc895633b1ce32894e54800f6aa65d4e2cb546..824d036fa4459e57ad671a8c3bb910e384b94ff2 100644
GIT binary patch
delta 13
UcmeBB?@*s0%EZ91QM^zX02%88QUCw|

delta 13
UcmeBB?@*s0%ETDBQM^zX02_t_qyPW_