The function decodeFirstFrame() allocates memory based on data from
the mp3 header.  This can make the buffer size allocation overflow, or
lead to a DoS attack with a very large buffer.  Cap this buffer at 8
million frames, which should really be enough for reasonable files.