From 8edd4079186c951c3b3b6670a289b53ffcec963d Mon Sep 17 00:00:00 2001
From: Max Kellermann <max@duempel.org>
Date: Tue, 17 Feb 2009 19:27:36 +0100
Subject: faad: added length check before comparing "ADIF"

It's not valid to use the buffer's data without ensuring that the
buffer contains enough data.
---
 src/decoder/faad_plugin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/decoder')

diff --git a/src/decoder/faad_plugin.c b/src/decoder/faad_plugin.c
index ec93b9f4..77d12066 100644
--- a/src/decoder/faad_plugin.c
+++ b/src/decoder/faad_plugin.c
@@ -217,7 +217,7 @@ faad_song_duration(struct faad_buffer *b, float *length)
 		b->consumed = 0;
 
 		faad_buffer_fill(b);
-	} else if (memcmp(b->data, "ADIF", 4) == 0) {
+	} else if (b->length >= 5 && memcmp(b->data, "ADIF", 4) == 0) {
 		unsigned bit_rate;
 		size_t skip_size = (b->data[4] & 0x80) ? 9 : 0;
 
-- 
cgit v1.2.3