From a2f6c4214b7f7efecd0bfddcedfdf9a413d842f8 Mon Sep 17 00:00:00 2001
From: Darren Salt <linux@youmustbejoking.demon.co.uk>
Date: Wed, 20 Feb 2008 23:19:15 +0000
Subject: Off-by-one in the FLAC security fix, breaking playback of some files.

---
 ChangeLog                 | 2 ++
 src/demuxers/demux_flac.c | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index e0f73c3c2..aafb7d419 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,8 @@ xine-lib (1.1.11) unreleased
   * Made the version parsing much more reliable; it wasn't properly coping
     with four-part version numbers. This affects any program whose build
     scripts use xine-lib's automake macros.
+  * Fixed an off-by-one in the FLAC security fix patch. This breakage was
+    causing failure to play some files.
 
 xine-lib (1.1.10.1) 2008-02-07
   * Security fixes:
diff --git a/src/demuxers/demux_flac.c b/src/demuxers/demux_flac.c
index e5d1297a2..f6544bb67 100644
--- a/src/demuxers/demux_flac.c
+++ b/src/demuxers/demux_flac.c
@@ -202,7 +202,7 @@ static int open_flac_file(demux_flac_t *flac) {
 
           length = _X_LE_32(ptr);
           ptr += 4 + length;
-          if (length >= block_length - 8)
+          if (length > block_length - 8)
             return 0; /* bad length or too little left in the buffer */
 
           user_comment_list_length = _X_LE_32(ptr);
-- 
cgit v1.2.3