From 6e33566ceeb7e6c4454e44efd203b2e2fcd10feb Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@musicpd.org>
Date: Thu, 21 Jan 2021 16:55:47 +0100
Subject: client/FileCommands: validate the given offset

---
 src/command/FileCommands.cxx | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/command/FileCommands.cxx b/src/command/FileCommands.cxx
index dc68463aa..4ac239646 100644
--- a/src/command/FileCommands.cxx
+++ b/src/command/FileCommands.cxx
@@ -205,6 +205,17 @@ read_stream_art(Response &r, const char *uri, size_t offset)
 
 	const offset_type art_file_size = is->GetSize();
 
+	if (offset >= art_file_size) {
+		if (offset > art_file_size) {
+			r.Error(ACK_ERROR_ARG, "Offset too large");
+			return CommandResult::ERROR;
+		} else {
+			r.Format("size: %" PRIoffset "\n", art_file_size);
+			r.WriteBinary(nullptr);
+			return CommandResult::OK;
+		}
+	}
+
 	uint8_t buffer[Response::MAX_BINARY_SIZE];
 	size_t read_size;
 
-- 
cgit v1.2.3