Hello.
The loop that parses strings from STRINGLIST in field.c on line 294
depends only on length parameter and on function
id3_utf16_deserialize() to move the pointer *ptr by length or more in
case of UTF16. However, in several files with UTF16 ID3 tags on my PC
the *ptr pointer was moved by one byte less. Following calls of
id3_utf16_deserialize() didn't move pointer at all so the loop would
continue forever or until field->stringlist.strings filled whole
memory. I'm not sure if it's fault of invalid ID3 tags but the library
should certainly recover from it.
Because the last byte is always string terminator I fixed it with
horrible hack I attached. I have no idea if it's correct but it
avoided the infinite loop so far.
I'd love to privately send you test C source and test file with ID3
tags if you're interested.
I'm sorry for my dirty half-analysis. I already gave up on MPD which
was the only reason why I was debugging this problem.