rpms/id3lib/F-11 id3lib-vbr_buffer_overflow.diff,NONE,1.1

[Adrian Reber]

Author: adrian

Update of /cvs/extras/rpms/id3lib/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv27811

Added Files:
	id3lib-vbr_buffer_overflow.diff 
Log Message:
* Thu Nov 12 2009 Adrian Reber <adrian at lisas.de> - 3.8.3-24
- Fix "Stack smashing with vbr mp3 files" (bz #533706)
  also see https://bugs.launchpad.net/ubuntu/+source/id3lib3.8.3/+bug/444466


id3lib-vbr_buffer_overflow.diff:
 mp3_parse.cpp |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE id3lib-vbr_buffer_overflow.diff ---
diff -ru id3lib3.8.3-3.8.3.orig/src/mp3_parse.cpp id3lib3.8.3-3.8.3/src/mp3_parse.cpp
--- id3lib3.8.3-3.8.3.orig/src/mp3_parse.cpp	2003-03-02 01:23:00.000000000 +0100
+++ id3lib3.8.3-3.8.3/src/mp3_parse.cpp	2009-10-06 11:45:37.897681290 +0200
@@ -465,7 +465,7 @@
   // from http://www.xingtech.com/developer/mp3/
 
   const size_t VBR_HEADER_MIN_SIZE = 8;     // "xing" + flags are fixed
-  const size_t VBR_HEADER_MAX_SIZE = 116;   // frames, bytes, toc and scale are optional
+  const size_t VBR_HEADER_MAX_SIZE = 120;   // frames, bytes, toc and scale are optional
 
   if (mp3size >= vbr_header_offest + VBR_HEADER_MIN_SIZE) 
   {