increased limits to comply with own tests (#78)

* fix allocation of very large blocks

* increased limits for picture size and number of seekpoints

* increased limits to comply with own tests; improved wording

* fixed formatting

Author: whisk

meta/meta_test.go

@@ -261,29 +261,29 @@ func TestMissingValue(t *testing.T) {
 }
 
 var MaliciousTooManyTags = []byte{
-		// "fLaC"
-		0x66, 0x4C, 0x61, 0x43,
-		// StreamInfo header: type=0, len=34 (0x22)
-		0x00, 0x00, 0x00, 0x22,
-		// StreamInfo body (34 bytes):
-		// BlockSizeMin=16, BlockSizeMax=16
-		0x00, 0x10, 0x00, 0x10,
-		// FrameSizeMin=0, FrameSizeMax=0
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		// 64-bit packed: sampleRate=1, channels=1, bitsPerSample=4, nSamples=0
-		0x00, 0x00, 0x10, 0x30, 0x00, 0x00, 0x00, 0x00,
-		// MD5 (16 zeros)
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-		// VorbisComment header: isLast=1,type=4,len=9
-		0x84, 0x00, 0x00, 0x09,
-		// vendor length = 1 (little endian)
-		0x01, 0x00, 0x00, 0x00,
-		// vendor string: "x"
-		0x78,
-		// tags list length = 4278190080 (little endian)
-		0x00, 0x00, 0x00, 0xff,
-	}
+	// "fLaC"
+	0x66, 0x4C, 0x61, 0x43,
+	// StreamInfo header: type=0, len=34 (0x22)
+	0x00, 0x00, 0x00, 0x22,
+	// StreamInfo body (34 bytes):
+	// BlockSizeMin=16, BlockSizeMax=16
+	0x00, 0x10, 0x00, 0x10,
+	// FrameSizeMin=0, FrameSizeMax=0
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	// 64-bit packed: sampleRate=1, channels=1, bitsPerSample=4, nSamples=0
+	0x00, 0x00, 0x10, 0x30, 0x00, 0x00, 0x00, 0x00,
+	// MD5 (16 zeros)
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+	// VorbisComment header: isLast=1,type=4,len=9
+	0x84, 0x00, 0x00, 0x09,
+	// vendor length = 1 (little endian)
+	0x01, 0x00, 0x00, 0x00,
+	// vendor string: "x"
+	0x78,
+	// tags list length = 4278190080 (little endian)
+	0x00, 0x00, 0x00, 0xff,
+}
 
 func TestVorbisCommentTooManyTags(t *testing.T) {
 	_, err := flac.Parse(bytes.NewReader(MaliciousTooManyTags))

meta/seektable.go

@@ -6,7 +6,7 @@ import (
 	"fmt"
 )
 
-const maxSeekPoints = 100000
+const maxSeekPoints = 1000000
 
 // SeekTable contains one or more pre-calculated audio frame seek points.
 //

meta/vorbiscomment.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 )
 
-const maxTags = 1024
+const maxTags = 50000
 
 // VorbisComment contains a list of name-value pairs.
 //
@@ -42,7 +42,7 @@ func (block *Block) parseVorbisComment() (err error) {
 		return unexpected(err)
 	}
 	if x > maxTags {
-		return fmt.Errorf("meta.Block.parseVorbisComment: %w, tags number=%d", ErrDeclaredBlockTooBig, x)
+		return fmt.Errorf("meta.Block.parseVorbisComment: %w, number of tags=%d", ErrDeclaredBlockTooBig, x)
 	}
 	if x < 1 {
 		return nil