tags: Don't allow image tags with G_MAXUINT32 length

This will cause an integer overflow a little bit further down because we
allocate a bit more memory to allow for a NUL-terminator.

The caller should've avoided passing that much data in already as it's
not going to be a valid image and there's likely not even that much data
available.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/4897>

diff --git a/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c b/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
index 73e6bb4..d38a0c9 100644 (file)
--- a/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
+++ b/subprojects/gst-plugins-base/gst-libs/gst/tag/tags.c
@@ -530,7 +530,8 @@ gst_tag_image_data_to_image_sample (const guint8 * image_data,
   GstStructure *image_info = NULL;
 
   g_return_val_if_fail (image_data != NULL, NULL);
-  g_return_val_if_fail (image_data_len > 0, NULL);
+  g_return_val_if_fail (image_data_len > 0
+      || image_data_len == G_MAXUINT32, NULL);
   g_return_val_if_fail (gst_tag_image_type_is_valid (image_type), NULL);
 
   GST_DEBUG ("image data len: %u bytes", image_data_len);