[easytag] Avoid crash when saving audioless ID3v2.4 tags

[David King <davidk src gnome org>]

commit f144e6a0cdfae35a4e3f5034b229174fa16ed1a5
Author: David King <amigadave amigadave com>
Date:   Tue Jun 7 05:51:27 2016 +0100

    Avoid crash when saving audioless ID3v2.4 tags
    
    In the case where an ID3v2.4 tag was written that differed in size to
    the previous tag, audio was assumed to exist after the tag. This
    assumption failed if the file consisted solely of the ID3 tag and
    nothing else. Avoid the crash by skipping the audio reading and writing
    if there is none to copy.
    
    https://mail.gnome.org/archives/easytag-list/2016-June/msg00002.html

 src/tags/id3v24_tag.c |   36 ++++++++++++++++++++++--------------
 1 files changed, 22 insertions(+), 14 deletions(-)
---
diff --git a/src/tags/id3v24_tag.c b/src/tags/id3v24_tag.c
index f2f35c2..1c6c9c4 100644
--- a/src/tags/id3v24_tag.c
+++ b/src/tags/id3v24_tag.c
@@ -1584,8 +1584,7 @@ etag_write_tags (const gchar *filename,
     GInputStream *istream;
     GOutputStream *ostream;
     long filev2size;
-    gsize ctxsize;
-    gchar *ctx = NULL;
+    gchar *audio_buffer = NULL;
     gboolean success = TRUE;
     gsize bytes_read;
     gsize bytes_written;
@@ -1792,6 +1791,7 @@ etag_write_tags (const gchar *filename,
 
     if (filev2size == (long)v2size)
     {
+        /* New and old tag are the same length, so no need to handle audio. */
         if (!g_seekable_seek (seekable, 0, G_SEEK_SET, NULL, error))
         {
             goto err;
@@ -1805,26 +1805,30 @@ etag_write_tags (const gchar *filename,
     }
     else
     {
-        /* XXX */
-        /* Size of audio data (tags at the end were already removed) */
+        gsize audio_length;
+
+        /* New and old tag differ in length, so copy the audio data to after
+         * the new tag. */
         if (!g_seekable_seek (seekable, 0, G_SEEK_END, NULL, error))
         {
             goto err;
         }
 
-        ctxsize = g_seekable_tell (seekable) - filev2size;
-
-        ctx = g_malloc (ctxsize);
+        audio_length = g_seekable_tell (seekable) - filev2size;
+        audio_buffer = g_malloc (audio_length);
 
         if (!g_seekable_seek (seekable, filev2size, G_SEEK_SET, NULL, error))
         {
             goto err;
         }
 
-        if (!g_input_stream_read_all (istream, ctx, ctxsize, &bytes_read, NULL,
-                                      error))
+        if (audio_length != 0)
         {
-            goto err;
+            if (!g_input_stream_read_all (istream, audio_buffer, audio_length,
+                                          &bytes_read, NULL, error))
+            {
+                goto err;
+            }
         }
         
         /* Return to the beginning of the file. */
@@ -1844,10 +1848,14 @@ etag_write_tags (const gchar *filename,
         }
 
         /* Write audio data. */
-        if (!g_output_stream_write_all (ostream, ctx, ctxsize, &bytes_written,
-                                        NULL, error))
+        if (audio_length != 0)
         {
-            goto err;
+            if (!g_output_stream_write_all (ostream, audio_buffer,
+                                            audio_length, &bytes_written, NULL,
+                                            error))
+            {
+                goto err;
+            }
         }
 
         if (!g_seekable_truncate (seekable, g_seekable_tell (seekable), NULL,
@@ -1860,7 +1868,7 @@ etag_write_tags (const gchar *filename,
     success = TRUE;
 
 err:
-    g_free (ctx);
+    g_free (audio_buffer);
     g_object_unref (file);
     g_clear_object (&iostream);
     g_free (v1buf);