From e2600f54e4ec8abe55b5e95fb338b5eb11b5db9a Mon Sep 17 00:00:00 2001
From: ByteHamster <info@bytehamster.com>
Date: Sun, 21 Nov 2021 18:49:50 +0100
Subject: [PATCH] Stop parsing if we encounter an unrealistically long comment

---
 .../antennapod/parser/media/vorbis/VorbisCommentReader.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java b/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
index 37ea14c65..b4f87bd70 100644
--- a/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
+++ b/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
@@ -75,10 +75,14 @@ public abstract class VorbisCommentReader {
     private void readUserComment(InputStream input) throws VorbisCommentReaderException {
         try {
             long vectorLength = EndianUtils.readSwappedUnsignedInteger(input);
+            if (vectorLength > 20 * 1024 * 1024) {
+                // Avoid reading entire file if it is encoded incorrectly
+                throw new VorbisCommentReaderException("User comment unrealistically long: " + vectorLength);
+            }
             String key = readContentVectorKey(input, vectorLength).toLowerCase(Locale.US);
             boolean readValue = onContentVectorKey(key);
             if (readValue) {
-                String value = readUtf8String(input, (int) (vectorLength - key.length() - 1));
+                String value = readUtf8String(input, vectorLength - key.length() - 1);
                 onContentVectorValue(key, value);
             } else {
                 IOUtils.skipFully(input, vectorLength - key.length() - 1);