From 247731fe8c1bdf8c18605ba0844072ed0c5568da Mon Sep 17 00:00:00 2001
From: William Wilgus <wilgus.william@gmail.com>
Date: Sun, 1 Aug 2021 22:26:05 -0400
Subject: [PATCH] id3tags.c check for buffer overrun

Change-Id: I74fde8e234fe85abfabefddcea7f10038167c715
---
 lib/rbcodec/metadata/id3tags.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/rbcodec/metadata/id3tags.c b/lib/rbcodec/metadata/id3tags.c
index c3a0473e7e..458e24cf61 100644
--- a/lib/rbcodec/metadata/id3tags.c
+++ b/lib/rbcodec/metadata/id3tags.c
@@ -970,6 +970,9 @@ void setid3v2title(int fd, struct mp3entry *entry)
                 if((tr->tag_length == 4 && !memcmp( header, "COMM", 4)) ||
                    (tr->tag_length == 3 && !memcmp( header, "COM", 3))) {
                     int offset;
+                    if (buffersize - bufferpos <= 4)
+                        return; /* Error ?? */
+
                     if(bytesread >= 8 && !strncmp(tag+4, "iTun", 4)) {
                         /* check for iTunes gapless information */
                         if(bytesread >= 12 && !strncmp(tag+4, "iTunSMPB", 8))