# HG changeset patch
# User michael
# Date 1215209081 0
# Node ID 3dfb35d2ac5168b2ff59767ca5ca30a18b9db50e
# Parent  4dee13c8073a43bc7e8030225adee8ad4ef5f5ca
All mp3 parsers are buggy fix 2 of n (out of array write, i suspect not exploitable)

diff -r 4dee13c8073a -r 3dfb35d2ac51 mp3.c
--- a/mp3.c	Fri Jul 04 22:00:35 2008 +0000
+++ b/mp3.c	Fri Jul 04 22:04:41 2008 +0000
@@ -205,7 +205,7 @@
         break;
 
     case 3:  /* UTF-8 */
-        len = FFMIN(taglen, dstlen);
+        len = FFMIN(taglen, dstlen-1);
         get_buffer(s->pb, dst, len);
         dst[len] = 0;
         break;