Issue description
I found some *.mp3 tracks where ID3 metadata contains COMM frame with frameSize=1. In that case Id3Decoder throws NegativeArraySizeException on parsing such frame.
As I understand it's not illegal to set such data into COMM so player can just skip such frame as it's frameSize is only 1 byte. Other players have no problems with playing such files.
Reproduction steps
Just play track with such metadata
Link to test content
https://www.dropbox.com/s/qdsxgi8s462jql9/BAD_COMM_SAMPLE.mp3?dl=0
Version of ExoPlayer being used
2.3.1
Device(s) and version(s) of Android being used
Any device. I've tested on Emulator 6.0 and on Google Pixel 7.1.2
A full bug report captured from the device
Exo code problem and possible fix
This bug occurs because according to ID3 specification COMM frame should contains encoding byte and then language iso (3 bytes). So ID3Decoder (in method decodeCommentFrame) gets byte for encoding, then gets 3 bytes for language iso even if frameSize is less than 4 bytes. Then it is creating byte-array with size=frameSize-4. Then it crashes obviously.
My possible fix is to modify COMM frame decoding condition into ID3Decoder.decodeFrame
from
else if (frameId0 == 'C' && frameId1 == 'O' && frameId2 == 'M'
&& (frameId3 == 'M' || majorVersion == 2)) {
frame = decodeCommentFrame(id3Data, frameSize);
}to
else if (frameId0 == 'C' && frameId1 == 'O' && frameId2 == 'M'
&& (frameId3 == 'M' || majorVersion == 2) && frameSize > 4) {
frame = decodeCommentFrame(id3Data, frameSize);
}but maybe it's better to modify CommentFrame to contains some default language and empty content for example. don't know...
maybe it makes sense to check every frame on it's minimum frameSize to prevent such crashes in other frames decoding code
Issue description
I found some *.mp3 tracks where ID3 metadata contains COMM frame with frameSize=1. In that case
Id3DecoderthrowsNegativeArraySizeExceptionon parsing such frame.As I understand it's not illegal to set such data into COMM so player can just skip such frame as it's frameSize is only 1 byte. Other players have no problems with playing such files.
Reproduction steps
Just play track with such metadata
Link to test content
https://www.dropbox.com/s/qdsxgi8s462jql9/BAD_COMM_SAMPLE.mp3?dl=0
Version of ExoPlayer being used
2.3.1
Device(s) and version(s) of Android being used
Any device. I've tested on Emulator 6.0 and on Google Pixel 7.1.2
A full bug report captured from the device
Exo code problem and possible fix
This bug occurs because according to ID3 specification COMM frame should contains encoding byte and then language iso (3 bytes). So
ID3Decoder(in methoddecodeCommentFrame) gets byte for encoding, then gets 3 bytes for language iso even if frameSize is less than 4 bytes. Then it is creating byte-array with size=frameSize-4. Then it crashes obviously.My possible fix is to modify COMM frame decoding condition into
ID3Decoder.decodeFramefrom
to
but maybe it's better to modify
CommentFrameto contains some default language and empty content for example. don't know...maybe it makes sense to check every frame on it's minimum frameSize to prevent such crashes in other frames decoding code