metadata: mp3: Limit utf-8 buffer stack allocation to prevent stack overflow

Fixes FS#13518 Change-Id: I549ecb21c3dbaba580c13a6a155559585f0aa08e
2024-11-25 12:48:26 +02:00 · 2024-11-25 12:48:26 +02:00 · f7d5da6b2f
commit f7d5da6b2f
parent 18520c27a5
1 changed files with 8 additions and 1 deletions
--- a/lib/rbcodec/metadata/id3tags.c
+++ b/lib/rbcodec/metadata/id3tags.c
@ -1116,7 +1116,14 @@ retry_with_limit:
                    {
                        /* UTF-8 could potentially be 3 times larger */
                        /* so we need to create a new buffer         */
-                        char utf8buf[(3 * bytesread) + 1];
+                        int utf8_size = (3 * bytesread);
+                        if (utf8_size > ID3V2_BUF_SIZE)
+                        {
+                            //limit stack allocation to avoid stack overflow
+                            utf8_size = ID3V2_BUF_SIZE;
+                            bytesread = ID3V2_BUF_SIZE/3;
+                        }
+                        char utf8buf[utf8_size + 1];
                        unicode_munge( tag, utf8buf, &bytesread);
                        if(bytesread >= buffersize - bufferpos)
                            bytesread = buffersize - bufferpos - 1;