Sophie: mpg123-1.20.1-4.1.mga5 src

mpg123-1.20.1-4.1.mga5.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

Description: Fix DoS with crafted ID3v2 tags
Author: Thomas Orgis <thomas-forum@orgis.org>
Bug: https://sourceforge.net/p/mpg123/bugs/240/
Bug-Debian: https://bugs.debian.org/838960
Applied-Upstream: 1.23.8
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/src/libmpg123/id3.c
+++ b/src/libmpg123/id3.c
@@ -752,7 +752,7 @@ int parse_new_id3(mpg123_handle *fr, uns
 					unsigned long fflags; /* need 16 bits, actually */
 					id[4] = 0;
 					/* pos now advanced after ext head, now a frame has to follow */
-					while(tagpos < length-10) /* I want to read at least a full header */
+					while(length >= 10 && tagpos < length-10) /* I want to read at least a full header */
 					{
 						int i = 0;
 						unsigned long pos = tagpos;