From 17d5f0831660ebc9ea12fc836a2af77f540753d2 Mon Sep 17 00:00:00 2001
From: Edward Hervey <edward@centricular.com>
Date: Sat, 17 Mar 2018 06:33:38 +0100
Subject: [PATCH] oggstream: protect against out-of-bounds read

We need at least 17 bytes of data for a valid flac header

oss-fuzz #6974
---
 ext/ogg/gstoggstream.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ext/ogg/gstoggstream.c b/ext/ogg/gstoggstream.c
index 91f65ee..25b880f 100644
--- a/ext/ogg/gstoggstream.c
+++ b/ext/ogg/gstoggstream.c
@@ -1050,6 +1050,9 @@ static gboolean
 is_header_fLaC (GstOggStream * pad, ogg_packet * packet)
 {
   if (pad->n_header_packets_seen == 1) {
+    if (packet->bytes < 17)
+      return FALSE;
+
     pad->granulerate_n = (packet->packet[14] << 12) |
         (packet->packet[15] << 4) | ((packet->packet[16] >> 4) & 0xf);
   }
-- 
2.7.4