From ca295709d5bb59793e747487bcb562c4b055c2b9 Mon Sep 17 00:00:00 2001
From: Noah Crocker <necrocke@umich.edu>
Date: Tue, 2 Jun 2015 21:20:53 -0400
Subject: [PATCH 1/3] Fix parsing of long frame lengths

---
 src/ch/blinkenlights/bastp/ID3v2File.java | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/ch/blinkenlights/bastp/ID3v2File.java b/src/ch/blinkenlights/bastp/ID3v2File.java
index d0a10bed..8b97dfc8 100644
--- a/src/ch/blinkenlights/bastp/ID3v2File.java
+++ b/src/ch/blinkenlights/bastp/ID3v2File.java
@@ -45,10 +45,7 @@ public class ID3v2File extends Common {
 		
 		int id3v   = ((b2be32(v2hdr,0))) & 0xFF;   // swapped ID3\04 -> ver. ist the first byte
 		int v3len  = ((b2be32(v2hdr,6)));          // total size EXCLUDING the this 10 byte header
-		v3len      = ((v3len & 0x7f000000) >> 3) | // for some funky reason, this is encoded as 7*4 bits
-		             ((v3len & 0x007f0000) >> 2) |
-		             ((v3len & 0x00007f00) >> 1) |
-		             ((v3len & 0x0000007f) >> 0) ;
+		v3len      = unsyncsafe(v3len);
 		
 		// debug(">> tag version ID3v2."+id3v);
 		// debug(">> LEN= "+v3len+" // "+v3len);
@@ -59,6 +56,17 @@ public class ID3v2File extends Common {
 		tags.put("_hdrlen", v3len+v2hdr_len);
 		return tags;
 	}
+
+    /*
+    **  converts syncsafe integer to Java integer
+    */
+	private int unsyncsafe(int x) {
+		x     = ((x & 0x7f000000) >> 3) |
+				((x & 0x007f0000) >> 2) |
+				((x & 0x00007f00) >> 1) |
+				((x & 0x0000007f) >> 0) ;
+		return x;
+	}
 	
 	/* Parses all ID3v2 frames at the current position up until payload_len
 	** bytes were read
@@ -72,6 +80,7 @@ public class ID3v2File extends Common {
 			bread += s.read(frame);
 			String framename = new String(frame, 0, 4);
 			int slen = b2be32(frame, 4);
+            slen = unsyncsafe(slen);
 			
 			/* Abort on silly sizes */
 			if(slen < 1 || slen > 524288)

From 73fb47f2e502d587c35724feb6af8d583238234c Mon Sep 17 00:00:00 2001
From: Noah Crocker <necrocke@umich.edu>
Date: Tue, 2 Jun 2015 21:30:45 -0400
Subject: [PATCH 2/3] Converted spaces to tabs to match formatting of existing
 code

---
 src/ch/blinkenlights/bastp/ID3v2File.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ch/blinkenlights/bastp/ID3v2File.java b/src/ch/blinkenlights/bastp/ID3v2File.java
index 8b97dfc8..b40989f5 100644
--- a/src/ch/blinkenlights/bastp/ID3v2File.java
+++ b/src/ch/blinkenlights/bastp/ID3v2File.java
@@ -80,7 +80,7 @@ public class ID3v2File extends Common {
 			bread += s.read(frame);
 			String framename = new String(frame, 0, 4);
 			int slen = b2be32(frame, 4);
-            slen = unsyncsafe(slen);
+			slen = unsyncsafe(slen);
 			
 			/* Abort on silly sizes */
 			if(slen < 1 || slen > 524288)

From add143bccc317260b288fd5bf41276f9a0d659db Mon Sep 17 00:00:00 2001
From: Noah Crocker <necrocke@umich.edu>
Date: Thu, 4 Jun 2015 15:48:03 -0400
Subject: [PATCH 3/3] Changed "silly frame size" to be something more
 reasonable for ID3v2

Attached album art (APIC) can be quite large
---
 src/ch/blinkenlights/bastp/ID3v2File.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/ch/blinkenlights/bastp/ID3v2File.java b/src/ch/blinkenlights/bastp/ID3v2File.java
index b40989f5..fdd727bc 100644
--- a/src/ch/blinkenlights/bastp/ID3v2File.java
+++ b/src/ch/blinkenlights/bastp/ID3v2File.java
@@ -75,7 +75,7 @@ public class ID3v2File extends Common {
 		HashMap tags = new HashMap();
 		byte[] frame   = new byte[10]; // a frame header is always 10 bytes
 		long bread     = 0;            // total amount of read bytes
-		
+
 		while(bread < payload_len) {
 			bread += s.read(frame);
 			String framename = new String(frame, 0, 4);
@@ -83,7 +83,8 @@ public class ID3v2File extends Common {
 			slen = unsyncsafe(slen);
 			
 			/* Abort on silly sizes */
-			if(slen < 1 || slen > 524288)
+			long bytesRemaining = payload_len - bread;
+			if(slen < 1 || slen > (bytesRemaining))
 				break;
 			
 			byte[] xpl = new byte[slen];