diff options
| -rw-r--r-- | ChangeLog | 2 | ||||
| -rw-r--r-- | src/demuxers/demux_flac.c | 2 |
2 files changed, 3 insertions, 1 deletions
@@ -8,6 +8,8 @@ xine-lib (1.1.11) unreleased * Made the version parsing much more reliable; it wasn't properly coping with four-part version numbers. This affects any program whose build scripts use xine-lib's automake macros. + * Fixed an off-by-one in the FLAC security fix patch. This breakage was + causing failure to play some files. xine-lib (1.1.10.1) 2008-02-07 * Security fixes: diff --git a/src/demuxers/demux_flac.c b/src/demuxers/demux_flac.c index e5d1297a2..f6544bb67 100644 --- a/src/demuxers/demux_flac.c +++ b/src/demuxers/demux_flac.c @@ -202,7 +202,7 @@ static int open_flac_file(demux_flac_t *flac) { length = _X_LE_32(ptr); ptr += 4 + length; - if (length >= block_length - 8) + if (length > block_length - 8) return 0; /* bad length or too little left in the buffer */ user_comment_list_length = _X_LE_32(ptr); |