chore(mp3info): apply upstream patch for parsing on short frames

Signed-off-by: grnd-alt <[email protected]> Signed-off-by: Daniel Kesselberg <[email protected]>
nextcloud · kesselb · Nov 25, 2025 · Nov 10, 2025 · Nov 10, 2025 · Nov 20, 2025
commit c1ec6234ec4290b6db4ac4a07dc21adc522bdb23
diff --git a/.patches/mp3info-break-frame-parsing.patch b/.patches/mp3info-break-frame-parsing.patch
@@ -0,0 +1,26 @@
+From 186b99ac4a57d091e9414c0944524a9e098835f3 Mon Sep 17 00:00:00 2001
+From: grnd-alt <[email protected]>
+Date: Mon, 13 Oct 2025 12:18:37 +0200
+Subject: [PATCH] fix: break frame parsing on short frame
+
+Signed-off-by: grnd-alt <[email protected]>
+---
+ src/Mp3Info.php | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/Mp3Info.php b/src/Mp3Info.php
+index ccf97f4..24781d7 100644
+--- a/src/Mp3Info.php
++++ b/src/Mp3Info.php
+@@ -584,6 +584,11 @@ protected function parseId3v23Body($fp, $lastByte) {
+             $raw = fread($fp, 10);
+             $frame_id = substr($raw, 0, 4);
+
++            if (strlen($raw) < 10) {
++                fseek($fp, $lastByte);
++                break;
++            }
++
+             if ($frame_id == str_repeat(chr(0), 4)) {
+                 fseek($fp, $lastByte);
+                 break;
diff --git a/composer.patches.json b/composer.patches.json
@@ -1,3 +1,7 @@
 {
-	"patches": {}
+	"patches": {
+		"wapmorgan/mp3info": {
+			"Break frame parsing on invalid frame": ".patches/mp3info-break-frame-parsing.patch"
+		}
+	}
 }
diff --git a/composer/installed.json b/composer/installed.json
@@ -6259,6 +6259,11 @@
                 "bin/mp3scan"
             ],
             "type": "library",
+            "extra": {
+                "patches_applied": {
+                    "Break frame parsing on invalid frame": ".patches/mp3info-break-frame-parsing.patch"
+                }
+            },
             "installation-source": "dist",
             "autoload": {
                 "psr-4": {

diff --git a/wapmorgan/mp3info/PATCHES.txt b/wapmorgan/mp3info/PATCHES.txt
@@ -0,0 +1,7 @@
+This file was automatically generated by Composer Patches (https://github.com/cweagans/composer-patches)
+Patches applied to this directory:
+
+Break frame parsing on invalid frame
+Source: .patches/mp3info-break-frame-parsing.patch
+
+
diff --git a/wapmorgan/mp3info/src/Mp3Info.php b/wapmorgan/mp3info/src/Mp3Info.php
@@ -585,6 +585,11 @@ protected function parseId3v23Body($fp, $lastByte) {
             $raw = fread($fp, 10);
             $frame_id = substr($raw, 0, 4);
 
+            if (strlen($raw) < 10) {
+                fseek($fp, $lastByte);
+                break;
+            }
+
             if ($frame_id == str_repeat(chr(0), 4)) {
                 fseek($fp, $lastByte);
                 break;