Overview

File 0001-extractor-Check-for-valid-offsets-extracting-MP3-per.patch of Package localsearch

From 5337e2977f159c29e2b8af575e56866862af241b Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Thu, 15 Jan 2026 11:09:07 +0100
Subject: [PATCH 1/6] extractor: Check for valid offsets extracting MP3
 performer tags

This could be tricked to run out of bounds, add some check to ensure
it does not happen.

Closes: https://gitlab.gnome.org/GNOME/localsearch/-/issues/425
---
 src/extractor/tracker-extract-mp3.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/extractor/tracker-extract-mp3.c b/src/extractor/tracker-extract-mp3.c
index 0f13ad758..3d3abf8e8 100644
--- a/src/extractor/tracker-extract-mp3.c
+++ b/src/extractor/tracker-extract-mp3.c
@@ -1438,6 +1438,10 @@ extract_performers_tags (id3v2tag *tag, const gchar *data, guint pos, size_t csi
 		text_instrument = &data[pos];
 		text_instrument_len = id3v2_strlen (text_encode, text_instrument, csize - 1);
 		offset = text_instrument_len + id3v2_nul_size (text_encode);
+
+		if (pos + offset >= csize)
+			break;
+
 		text_performer = &data[pos + offset];
 
 		if (version == 2.4f) {
-- 
2.52.0
openSUSE Build Service is sponsored by
Places