From 6b18201aa5c5535511802ddfb4e4117686b4866d Mon Sep 17 00:00:00 2001
From: David Howden <dhowden@gmail.com>
Date: Fri, 20 Nov 2020 06:25:35 +1100
Subject: [PATCH] check bounds in readPICFrame

Fixes #77
---
 id3v2frames.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/id3v2frames.go b/id3v2frames.go
index 569a609..ff5bc09 100644
--- a/id3v2frames.go
+++ b/id3v2frames.go
@@ -564,6 +564,10 @@ func (p Picture) String() string {
 // Description        <textstring> $00 (00)
 // Picture data       <binary data>
 func readPICFrame(b []byte) (*Picture, error) {
+	if len(b) < 5 {
+		return nil, errors.New("invalid PIC frame")
+	}
+
 	enc := b[0]
 	ext := string(b[1:4])
 	picType := b[4]