From 3e03746915e222d17962f84b8136ca96d5fbf7e4 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 18 Nov 2014 07:20:25 -0800
Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.

This is CVE-2014-8962.

Reported-by: Michele Spagnuolo,
             Google Security Team <mikispag@google.com>

https://git.xiph.org/?p=flac.git;a=commit;h=5b3033a2b355068c11fe637e14ac742d273f076e

Change-Id: Ic9d1d567bd31323a6a9fce92e4acb0d1b60ce14e
---
 src/libFLAC/stream_decoder.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index f987c27..6bc6407 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
  *
  ***********************************************************************/
 
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
 
 /***********************************************************************
  *
@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
 			id = 0;
 			continue;
 		}
+
+		if(id >= 3)
+			return false;
+
 		if(x == ID3V2_TAG_[id]) {
 			id++;
 			i = 0;
-- 
2.7.4