# HG changeset patch
# User rfelker
# Date 1082972015 0
# Node ID e197979a0883df278beb4a647f5aad0b7212b074
# Parent  8c8c71a02e5a6bb6c07a53ac601106cf99f9573a
potentially exploitable buffer overflow with maliciously crafted cd toc

diff -r 8c8c71a02e5a -r e197979a0883 libmpdemux/cddb.c
--- a/libmpdemux/cddb.c	Mon Apr 26 09:22:17 2004 +0000
+++ b/libmpdemux/cddb.c	Mon Apr 26 09:33:35 2004 +0000
@@ -587,6 +587,7 @@
 	ptr = offsets;
 	for( i=0; i<cddb_data->tracks ; i++ ) {
 		ptr += sprintf(ptr, "%d+", cdtoc[i].frame );
+		if (ptr-offsets > sizeof offsets - 40) break;
 	}
 	ptr[0]=0;
 	time_len = (cdtoc[cddb_data->tracks].frame)/75;