Blame SOURCES/flac-1.3.0-cve-2014-8962.patch

670658
commit 5b3033a2b355068c11fe637e14ac742d273f076e
670658
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
670658
Date:   Tue Nov 18 07:20:25 2014 -0800
670658
670658
    src/libFLAC/stream_decoder.c : Fix buffer read overflow.
670658
    
670658
    This is CVE-2014-8962.
670658
    
670658
    Reported-by: Michele Spagnuolo,
670658
                 Google Security Team <mikispag@google.com>
670658
670658
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
670658
index cb66fe2..88a656d 100644
670658
--- a/src/libFLAC/stream_decoder.c
670658
+++ b/src/libFLAC/stream_decoder.c
670658
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
670658
  *
670658
  ***********************************************************************/
670658
 
670658
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
670658
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
670658
 
670658
 /***********************************************************************
670658
  *
670658
@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
670658
 			id = 0;
670658
 			continue;
670658
 		}
670658
+
670658
+		if(id >= 3)
670658
+			return false;
670658
+
670658
 		if(x == ID3V2_TAG_[id]) {
670658
 			id++;
670658
 			i = 0;