File 0003-extractor-Check-for-buffer-boundaries-extracting-MP3.patch of Package localsearch

From 79f47309bad068ff0c19c1431abab6766edc687f Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Thu, 15 Jan 2026 11:14:49 +0100
Subject: [PATCH 3/6] extractor: Check for buffer boundaries extracting MP3
 TXXX tags

This code could be tricked into reading out of bounds, add a check
to ensure this does not happen.

Closes: https://gitlab.gnome.org/GNOME/localsearch/-/issues/427
---
 src/extractor/tracker-extract-mp3.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/extractor/tracker-extract-mp3.c b/src/extractor/tracker-extract-mp3.c
index 81150e6fb..e469550b1 100644
--- a/src/extractor/tracker-extract-mp3.c
+++ b/src/extractor/tracker-extract-mp3.c
@@ -1485,8 +1485,12 @@ extract_txxx_tags (id3v2tag *tag, const gchar *data, guint pos, size_t csize, id
 	text_desc     = &data[pos + 4]; /* <text string according to encoding> $00 (00) */
 	text_desc_len = id3v2_strlen (text_encode, text_desc, csize - 4);
 
-	offset        = 4 + text_desc_len + id3v2_nul_size (text_encode);
-	text          = &data[pos + offset]; /* <full text string according to encoding> */
+	offset = 4 + text_desc_len + id3v2_nul_size (text_encode);
+
+	if (pos + offset >= csize)
+		return;
+
+	text = &data[pos + offset]; /* <full text string according to encoding> */
 
 	if (version == 2.3f) {
 		description = id3v2_text_to_utf8 (data[pos], &data[pos + 1], csize - 1, info);
-- 
2.52.0