ref: 2cea16a1e11adf32ded170ac4a1c859b13e8c862
parent: d23c60584d6385df973b631a2e923b94831d4c2b
author: lieff <[email protected]>
date: Mon Feb 12 08:56:39 EST 2018
fix negative size memcpy in L3_restore_reservoir found by afl
--- a/minimp3.h
+++ b/minimp3.h
@@ -1675,7 +1675,7 @@
if (info->layer == 3)
{
int main_data_begin = L3_read_side_info(bs_frame, scratch.gr_info, hdr);
- if (main_data_begin < 0)
+ if (main_data_begin < 0 || bs_frame->pos > bs_frame->limit)
{
mp3dec_init(dec);
return 0;