[easytag] Check for an invalid field when reading Vorbis art

[David King <davidk src gnome org>]

commit 2024a4be439afd9cdf1b897e72bbda7b76052fdb
Author: David King <amigadave amigadave com>
Date:   Sun Jan 4 10:41:11 2015 +0000

    Check for an invalid field when reading Vorbis art
    
    When reading cover art from Vorbis comments, check that the
    Base64-decoded data is at least long enough to hold the
    METADATA_BLOCK_PICTURE fields. Mark any invalid files as modified, so
    that the invalid field is removed upon saving.
    
    https://retrace.fedoraproject.org/faf2/problems/516585/

 src/tags/ogg_tag.c |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)
---
diff --git a/src/tags/ogg_tag.c b/src/tags/ogg_tag.c
index 948e30c..0038ec8 100644
--- a/src/tags/ogg_tag.c
+++ b/src/tags/ogg_tag.c
@@ -548,6 +548,19 @@ et_add_file_tags_from_vorbis_comments (vorbis_comment *vc,
 
         /* Decode picture data. */
         decoded_ustr = g_base64_decode (string, &decoded_size);
+
+        /* Check that the comment decoded to a long enough string to hold the
+         * whole structure (8 fields of 4 bytes each). */
+        if (decoded_size < 8 * 4)
+        {
+            /* Mark the file as modified, so that the invalid field is removed
+             * upon saving. */
+            FileTag->saved = FALSE;
+
+            g_free (decoded_ustr);
+            continue;
+        }
+
         bytes = g_bytes_new_take (decoded_ustr, decoded_size);
 
         /* Reading picture type. */