Fix CVE defect

- Related CVE defects
  https://nvd.nist.gov/vuln/detail/CVE-2017-7586

- Fixed by applying following upstream patch.
  https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236

Change-Id: I5d95a79e6d6353fd57d9953d1824a1fa9545a492

diff --git a/src/id3.c b/src/id3.c
index 2fd0a0b..095b989 100644 (file)
--- a/src/id3.c
+++ b/src/id3.c
@@ -1,5 +1,5 @@
 /*
-** Copyright (C) 2010-2011 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 2010-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
 **
 ** This program is free software; you can redistribute it and/or modify
 ** it under the terms of the GNU Lesser General Public License as published by
@@ -48,9 +48,11 @@ id3_skip (SF_PRIVATE * psf)
 
                /* Calculate new file offset and position ourselves there. */
                psf->fileoffset += offset + 10 ;
-               psf_binheader_readf (psf, "p", psf->fileoffset) ;
 
-               return 1 ;
+               if (psf->fileoffset < psf->filelength)
+               {       psf_binheader_readf (psf, "p", psf->fileoffset) ;
+                       return 1 ;
+                       } ;
                } ;
 
        return 0 ;