From: Andre Noll Date: Thu, 22 Mar 2007 15:09:07 +0000 (+0100) Subject: mp3_afh.c: Fix off by one bug X-Git-Tag: v0.2.16~14 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=de4172dab20c58719921b5fdd2b9611a796bda6d;p=paraslash.git mp3_afh.c: Fix off by one bug may cause a segfault due to accessing one byte past the memory mapped file. --- diff --git a/mp3_afh.c b/mp3_afh.c index ffabfe4e..cf507ec2 100644 --- a/mp3_afh.c +++ b/mp3_afh.c @@ -240,11 +240,9 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos) struct mp3header h, h2; long valid_start = 0; - while (1) { - while ((*fpos)++ < numbytes && map[*fpos] != 0xff) - ; - if (*fpos >= numbytes) - return 0; + for (; *fpos < numbytes; (*fpos)++) { + if (map[*fpos] != 0xff) + continue; valid_start = *fpos; first_len = get_header(map, numbytes, fpos, &h); if (first_len <= 0) @@ -263,6 +261,7 @@ static int mp3_seek_next_header(unsigned char *map, off_t numbytes, off_t *fpos) return first_len; } } + return 0; } static void mp3_get_id3(unsigned char *map, off_t numbytes, off_t *fpos)