src/libFLAC/stream_decoder.c : Fix buffer read overflow.

This is CVE-2014-8962. Reported-by: Michele Spagnuolo, Google Security Team <mikispag@google.com>
author: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-11-18 07:20:25 -0800
committer: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-11-20 21:46:39 +1100
commit: 5b3033a2b355068c11fe637e14ac742d273f076e (patch)
tree: bdb47c483b955620f4bc7913312ed000f4784f13 /src
parent: d8d171705a5d8e3ff9c24f1ff9edd17dd68939a7 (diff)
download: flac-5b3033a2b355068c11fe637e14ac742d273f076e.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index cb66fe25..88a656d1 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
  *
  ***********************************************************************/
 
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
 
 /***********************************************************************
  *
@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
 			id = 0;
 			continue;
 		}
+
+		if(id >= 3)
+			return false;
+
 		if(x == ID3V2_TAG_[id]) {
 			id++;
 			i = 0;
author	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-11-18 07:20:25 -0800
committer	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-11-20 21:46:39 +1100
commit	5b3033a2b355068c11fe637e14ac742d273f076e (patch)
tree	bdb47c483b955620f4bc7913312ed000f4784f13 /src
parent	d8d171705a5d8e3ff9c24f1ff9edd17dd68939a7 (diff)
download	flac-5b3033a2b355068c11fe637e14ac742d273f076e.tar.gz