Stop parsing if we encounter an unrealistically long comment

1 files changed, 5 insertions, 1 deletions

diff --git a/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java b/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
index 37ea14c65..b4f87bd70 100644
--- a/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
+++ b/parser/media/src/main/java/de/danoeh/antennapod/parser/media/vorbis/VorbisCommentReader.java
@@ -75,10 +75,14 @@ public abstract class VorbisCommentReader {
     private void readUserComment(InputStream input) throws VorbisCommentReaderException {
         try {
             long vectorLength = EndianUtils.readSwappedUnsignedInteger(input);
+            if (vectorLength > 20 * 1024 * 1024) {
+                // Avoid reading entire file if it is encoded incorrectly
+                throw new VorbisCommentReaderException("User comment unrealistically long: " + vectorLength);
+            }
             String key = readContentVectorKey(input, vectorLength).toLowerCase(Locale.US);
             boolean readValue = onContentVectorKey(key);
             if (readValue) {
-                String value = readUtf8String(input, (int) (vectorLength - key.length() - 1));
+                String value = readUtf8String(input, vectorLength - key.length() - 1);
                 onContentVectorValue(key, value);
             } else {
                 IOUtils.skipFully(input, vectorLength - key.length() - 1);