From a92213460e4838490ce3066ef11dc823cdc1740e Mon Sep 17 00:00:00 2001
From: David Howden <dhowden@gmail.com>
Date: Fri, 20 Nov 2020 06:32:00 +1100
Subject: [PATCH] check bounds in readAPICFrame

Fixes #80
---
 id3v2frames.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/id3v2frames.go b/id3v2frames.go
index ff5bc09..f0c363e 100644
--- a/id3v2frames.go
+++ b/id3v2frames.go
@@ -608,8 +608,15 @@ func readPICFrame(b []byte) (*Picture, error) {
 // Description     <text string according to encoding> $00 (00)
 // Picture data    <binary data>
 func readAPICFrame(b []byte) (*Picture, error) {
+	if len(b) == 0 {
+		return nil, errors.New("error decoding APIC: invalid encoding")
+	}
 	enc := b[0]
 	mimeDataSplit := bytes.SplitN(b[1:], singleZero, 2)
+	if len(mimeDataSplit) != 2 {
+		return nil, errors.New("error decoding APIC: invalid encoding")
+	}
+
 	mimeType := string(mimeDataSplit[0])
 
 	b = mimeDataSplit[1]