src/libFLAC/stream_decoder.c : Fix buffer read overflow.
This is CVE-2014-8962.
Reported-by: Michele Spagnuolo,
Google Security Team <mikispag@google.com>
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index cb66fe2..88a656d 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -71,7 +71,7 @@
*
***********************************************************************/
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
/***********************************************************************
*
@@ -1361,6 +1361,10 @@
id = 0;
continue;
}
+
+ if(id >= 3)
+ return false;
+
if(x == ID3V2_TAG_[id]) {
id++;
i = 0;