mp3: fix buffer overflow when max_frames is too large

The function decodeFirstFrame() allocates memory based on data from
the mp3 header.  This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer.  Cap this buffer at 8
million frames, which should really be enough for reasonable files.

0 files changed, 0 insertions, 0 deletions