FLAC: Return early when encountering invalid zero-sized blocks

CHANGELOG.md

@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **MP3/APE**: Stop trusting the lengths of APE tag items (Fixes OOM)
 - **PictureInformation**: Fix potential overflow on an invalid picture
 - **MP4**: The parser has received a major facelift, and shouldn't be so eager to allocate or trust user data (Fixes OOM)
+- **FLAC**: Return early when encountering invalid zero-sized blocks
 
 ## [0.7.1] - 2022-07-08
 

src/flac/block.rs

@@ -25,7 +25,7 @@ impl Block {
 		let last = (byte & 0x80) != 0;
 		let ty = byte & 0x7F;
 
-		let size = data.read_uint::<BigEndian>(3)? as u32;
+		let size = data.read_u24::<BigEndian>()?;
 
 		let mut content = try_vec![0; size as usize];
 		data.read_exact(&mut content)?;

src/flac/read.rs

@@ -87,6 +87,14 @@ where
 		let block = Block::read(data)?;
 		last_block = block.last;
 
+		if block.content.is_empty() && (block.ty != 1 && block.ty != 3) {
+			return Err(FileDecodingError::new(
+				FileType::FLAC,
+				"Encountered a zero-sized metadata block",
+			)
+			.into());
+		}
+
 		match block.ty {
 			#[cfg(feature = "vorbis_comments")]
 			4 => read_comments(&mut &*block.content, &mut tag)?,

tests/fuzz/flacfile_read_from.rs

@@ -1 +1,7 @@
-// TODO
+use crate::oom_test;
+use lofty::flac::FlacFile;
+
+#[test]
+fn oom1() {
+	oom_test::<FlacFile>("flacfile_read_from/oom-9268264e9bc5e2124e4d63cbff8cff0b0dec6644");
+}